Print this page
Published in Mobiles

Hackers can recover private keys from Qualcomm chips

by on25 April 2019


Big Bug found

Qualcomm chipsets are vulnerable to a new security bug that can let attackers retrieve private data and encryption keys that are stored in the slightly inaccurately named Qualcomm Secure Execution Environment (QSEE).

Qualcomm deployed patches for this bug (CVE-2018-11976) earlier this month, however it is pretty likely that shedloads of Android phones will never see the update.

QSEE is a Trusted Execution Environment (TEE), similar to Intel's SGX and is a hardware-isolated area where the Android OS and app developers can send data to be processed in a safe and secure environment.

The idea is that the Android OS and no other app can reach and access the sensitive data, except the application that placed the data there.

Data processed inside the QSEE usually includes private encryption keys and passwords, but the QSEE can handle anything an app wants to hide from prying eyes.

In March last year, Keegan Ryan, a security researcher with the NCC Group, discovered that Qualcomm's implementation of the ECDSA cryptographic signing algorithm allowed for the retrieval of data processed inside the QSEE secure area of Qualcomm processors.

To exploit this vulnerability, an attacker would need root access on a device, which is not that tricky.

Ryan said that QSEE was designed to prevent situations where attackers had full control over the device, meaning that the QSEE was failing at the primary function it was intended.

“The hardware-backed keystore is supposed to prevent any sort of key extraction, even against an attacker who has fully compromised the Android OS", Ryan said.

Ryan used a tool named Cachegrab to analyse the Qualcomm memory caches to identify small leaks in the ECDSA cryptographic data-signing process implemented on QSEE chips.

"We found two locations in the multiplication algorithm which leak information about the nonce," Ryan said. "Both of these locations contain countermeasures against side-channel attacks, but due to the spatial and temporal resolution of our microarchitectural attacks, it is possible to overcome these countermeasures and distinguish a few bits of the nonce."

"These few bits were enough to recover 256-bit ECDSA keys", Ryan said.

Ryan successfully tested the attack in a real-world scenario on a Nexus 5X device, from where he recovered a P-526 encryption key from the device's hardware-backed QSEE keystore.
Firmware patches were released earlier this month, which have been included with Google's Android April 2019 security update.

According to a separate Qualcomm security advisory, the following chipsets are affected.

IPQ8074, MDM9150, MDM9206, MDM9607, MDM9650, MDM9655, MSM8909W, MSM8996AU, QCA8081, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 615/16/SD 415, SD 625, SD 632, SD 636, SD 650/52, SD 712 / SD 710 / SD 670, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 8CX, SDA660, SDM439, SDM630, SDM660, Snapdragon_High_Med_2016, SXR1130

Last modified on 25 April 2019
Rate this item
(0 votes)