Pierluigi Paganini April 28, 2019

Researchers devised a new side-channel attack in Qualcomm technology, widely used by most Android smartphones, that could expose private keys.

Researchers have uncovered a new side-channel attack that could be exploited by attackers to extract sensitive data from Qualcomm secure keystore, including private keys, and passwords. The attack potentially impacts most of the modern Android devices that use Qualcomm chips,
including popular Snapdragon models 820, 835, 845 and 855

The attack leverages a flaw in the Qualcomm Secure Execution Environment (QSEE), designed to securely store cryptographic keys on devices.

“A side-channel attack can extract private keys from certain versions of Qualcomm’s secure keystore. Recent Android devices include a hardware-backed keystore, which developers can use to protect their cryptographic keys with secure hardware.” reads a blog post published by NCC Group. “On some devices, Qualcomm’s TrustZone-based keystore leaks sensitive information through the branch predictor and memory caches, enabling recovery of 224 and 256-bit ECDSA keys. “

According to NCC, the Hardware-backed keystores rely on ARM TrustZone to protect sensitive data, it splits execution on many devices into a secure world (used to manage sensitive data) and a normal world (used by processes of the Android OS).

Experts pointed out that the two worlds have the same underlying microarchitectural structures, meaning an attacker could carry out a side-channel attack to access protected memory.

The experts used a memory cache analyzer called Cachegrab to carry out
side-channel attacks on TrustZone.

The experts tested a rooted Nexus 5X device using the Qualcomm Snapdragon 808 and discovered that the QSEE that leaking data that could be used to recover 256-bit ECDSA keys.

The attacker must have root access to the device to launch the attack.

Qualcomm has released a security patch to address the flaw tracked as CVE-2018-11976, while Android disclosed a patch for the flaw in its April update.

Below the timeline of the flaw:

• March 19, 2018: Contact Qualcomm Product Security with issue; receive confirmation of receipt
• April, 2018: Request update on analysis of issue
• May, 2018: Qualcomm confirms the issue and begins working on a fix
• July, 2018: Request update on the fix; Qualcomm responds that the fix is undergoing internal review
• November, 2018: Request update on the timeline for disclosure; Qualcomm responds that customers have been notified in October, beginning a six-month carrier recertification process. Agree to April 2019 disclosure date.
• March, 2019: Discuss publication plans for April 23
• April, 2019: Share draft of paper with Qualcomm
• April 23, 2019: Public Disclosure
• “Providing technologies that support robust security and privacy is a priority for Qualcomm,” a Qualcomm spokesperson told Threatpost. “We commend the NCC Group for using responsible disclosure practices surrounding their security research. Qualcomm Technologies issued fixes to OEMs late last year, and we encourage end users to update their devices as patches become available from OEMs.”

Technical details of the vulnerability are available in the paper published by the expert.

Pierluigi Paganini

(SecurityAffairs – Qualcomm, mobile)

[adrotate banner=”5″]

[adrotate banner=”13″]