Security flaw lets attackers recover private keys from Qualcomm chips
Devices using Qualcomm chipsets, and especially smartphones and tablets, are vulnerable to a new security bug that can let attackers retrieve private data and encryption keys that are stored in a secure area of the chipset known as the Qualcomm Secure Execution Environment (QSEE).
Qualcomm has deployed patches for this bug (CVE-2018-11976) earlier this month; however, knowing the sad state of Android OS updates, this will most likely leave many smartphones and tablets vulnerable for years to come.
What is the QSEE?
The vulnerability impacts how the Qualcomm chips (used in hundreds of millions of Android devices) handles data processed inside the QSEE.
The QSEE is a Trusted Execution Environment (TEE), similar to Intel’s SGX.
It’s a hardware-isolated area on Qualcomm chips where the Android OS and app developers can send data to be processed in a safe and secure environment, where the Android OS and no other app can reach and access the sensitive data, except the application that placed the data there, in the first place.
Data processed inside the QSEE usually includes private encryption keys and passwords, but the QSEE can handle anything an app wants to hide from prying eyes.
In March last year, Keegan Ryan, a security researcher with the NCC Group, discovered that Qualcomm’s implementation of the ECDSA cryptographic signing algorithm allowed for the retrieval of data processed inside the QSEE secure area of Qualcomm processors.
To exploit this vulnerability, an attacker would need root access on a device, but this isn’t actually such a big hurdle as it sounds because malware that can gain root access on Android devices is quite common these days, being spotted in many places, and even on the Play Store.
Further, Ryan also points out that the QSEE was designed to prevent situations where attackers had full control over the device, meaning that the QSEE was failing at the primary function it was designed for.
“This should not be possible, since the hardware-backed keystore is supposed to prevent any sort of key extraction, even against an attacker who has fully compromised the Android OS,” Ryan said.
In a whitepaper published this week, Ryan described how he discovered this vulnerability. He said he used a tool named Cachegrab to analyze the Qualcomm memory caches to identify small leaks in the ECDSA cryptographic data-signing process implemented on QSEE chips.
“We found two locations in the multiplication algorithm which leak information about the nonce,” Ryan said. “Both of these locations contain countermeasures against side-channel attacks, but due to the spatial and temporal resolution of our microarchitectural attacks, it is possible to overcome these countermeasures and distinguish a few bits of the nonce.”
“These few bits are enough to recover 256-bit ECDSA keys,” Ryan said.
The security researcher said he successfully tested the attack in a real-world scenario on a Nexus 5X device, from where he recovered a P-526 encryption key from the device’s hardware-backed QSEE keystore.
The vulnerability has the potential to undermine the security of all Android and IoT devices where a QSEE component is used to secure sensitive information.
Ryan said he notified Qualcomm about this severe flaw last year, and that the company released firmware patches earlier this month, which have been included with Google’s Android April 2019 security update.
According to a separate Qualcomm security advisory, the chipmaker has listed the following chipsets as affected.
IPQ8074, MDM9150, MDM9206, MDM9607, MDM9650, MDM9655, MSM8909W, MSM8996AU, QCA8081, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 615/16/SD 415, SD 625, SD 632, SD 636, SD 650/52, SD 712 / SD 710 / SD 670, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 8CX, SDA660, SDM439, SDM630, SDM660, Snapdragon_High_Med_2016, SXR1130
Android device owners who are using one of these Qualcomm CPU models and are using their device for sensitive operations should look into ways of updating their smartphones with the latest Android OS security patch.
Not the first QSEE major bug
This is also not the first time security researchers have found a vulnerability that allows attackers to retrieve data from the QSEE.
A similar issue (CVE-2015-6639) was disclosed in May 2015 by security researcher Gal Beniamini.
At the time, secure authentication provider Duo Security said that Qualcomm chipsets were being used on around 60% of all Android enterprise devices, a percentage that has since increased, as Qualcomm chips have become even more popular.