Qualcomm chipsets are found to have a new set of vulnerabilities which can be exploited by the attackers to steal private user data.
Qualcomm chipsets are the most common and widely used chipsets in android smartphones. Most of the smartphones running on android OS use qualcomm chipsets. Researchers have recently found that the chipset has certain vulnerabilities. The vulnerabilities were found in Qualcomm’s Secure Execution Environment (QSEE) which is an implementation of Trusted Execution Environment (TEE) based on ARM TrustZone technology.
QSEE is a hardware isolated secure area on the main processor that serves to protect sensitive and private information by providing a secure environment (REE) for executing trusted applications. The sensitive data that is stored in QSEE has encryption keys, credit/debit card details, passwords, etc.
The vulnerabilities found can now allow attackers to execute trusted apps in normal world and load patched trusted app into the Secure World. Attackers can also bypass Qualcomm’s chain of trust and adapt trusted app for running on a device of another manufacturer.
Researchers have summed the condition up by stating that there are loads of threats that can ignite due to these vulnerabilities. A list of wide ranged security threats which will lead to data leakage, device rooting, bootloader unlocking, etc may rise. NPAV recommends to install security patches for such vulnerabilities on priority. Samsung, Qualcomm and LG have already released security patch for QSEE vulnerabilities.
Use NPAV and join us on a mission to secure the cyber world.