Gaping ‘hole’ in Qualcomm’s Secure World mobile vault leaked sensitive data

A severe “hole” in the Qualcomm Secure World virtual processor, now patched, has been disclosed by researchers. 

According to cybersecurity researchers from Check Point, the Secure World safe compartment — used to house sensitive data in our mobile devices — could be exploited to leak financial information. 

Secure World is part of Qualcomm’s hardware-backed Trusted Execution Environment (TEE), based on ARM TrustZone, involving security extensions on ARM architecture including a secure virtual processor. 

The tech giant’s Secure World facility (.PDF) consists only of the Qualcomm TEE and trusted apps. The system has been designed so anyone “who does not have the device hardware keys must not be able to access Qualcomm Trusted Execution Environment data and services unless they are intentionally exposed,” according to the firm. 

Movement from a mobile device’s Rich Execution Environment (REE) to TEE is handled by specialized, trusted components to prevent the hardware-based security capabilities of the TEE from becoming compromised by apps or software outside of the trusted zone. 

However, a four-month study concluded that it is not impossible to crack the system. 

Throughout the research, Check Point’s aim was to “reverse” the Secure World operating system and fuzzing provided the means to do so. 

Fuzzing involves hitting a system with massive amounts of random data in the hopes of causing a crash in order to uncover coding or programming errors which may be used to bypass security protections. 

“A trusted app is a good target for fuzzing-based research,” the researchers say. “The command handler of a trusted app expects to receive a data blob from the normal world which will then be parsed and used according to the app’s purpose and the requested command.”

See also: WhatsApp vulnerability exploited through malicious GIFs to hijack chat sessions

Qualcomm’s trusted app (trustlet) is a signed executable and ELF file extended by a hash table. When loaded, the Qualcomm trusted OS authenticates the trustlet using hash blocks, and secure boot protection means that it is not possible to directly patch TrustZone components. 

Therefore, the team decided to focus on the trustlet verification algorithm. Check Point wanted to tamper with the code responsible for calculating hash block signatures or for comparing segments of hashes with verified ones to trigger an exploit. 

It was only possible to do so by exploiting a 1-day vulnerability to break TrustZone partitions, made up of a chain of two bugs, CVE-2015-6639 and CVE-2016-2431.

The vulnerabilities could be used to patch a code segment and replace a trustlet’s hash block after verification, leading to the loading of trusted app in a ‘normal’ environment. 

CNET: US border search of suspicionless travelers’ devices is unconstitutional, court finds

Combined with a CPU emulator and the fuzzing tool, the team was able to crash Qualcomm’s prov trustlet on a Nexus 6 device running Android 7.1.2, as well as Moto G4/G4 Plus devices. It was also possible to adapt Samsung trustlets for exploit. 

Check Point’s custom fuzzing tool was tested on Samsung, LG, and Motorola devices. Overall, Samsung’s trusted code contained four vulnerabilities, Motorola and LG contained one each, and another bug was found that was connected to LG. 

All of the code, however, was sourced from Qualcomm. If exploited, the attack chain could result in the leak of data stored in Secure World, including financial information.

TechRepublic: Tracking endpoints and ensuring device security a vexing problem for healthcare CIOs

After reaching out with their findings in June, the researchers say that Samsung has, so far, patched three out of four vulnerabilities, LG has resolved one issue, and Motorola intends to patch. 

When it comes to Qualcomm, Check Point says that the US chip giant has acknowledged and patched the issue, tracked as CVE-2019-10574. A Qualcomm spokesperson told ZDNet:

“Providing technologies that support robust security and privacy is a priority for Qualcomm. The vulnerabilities publicized by Check Point have been patched, one in early October 2019 and the other in November 2014. We have seen no reports of active exploitation, though we encourage end users to update their devices with patches available from OEMs.”

Update 12.08 GMT: A Motorola spokesperson said:

“The Motorola team regularly cooperates with security researchers, and this has also been the case here. We can confirm that the vulnerabilities were patched according to public availability of chipset vendors’ base software worldwide, and the Android Security Patches 2017-04-05 and 2019-05-05 contain the fixes.”

ZDNet has reached out to Samsung and LG but has not heard back at the time of publication.

Previous and related coverage

Have a tip? Get in touch securely via WhatsApp | Signal at +447713 025 499, or over at Keybase: charlie0