Millions of devices, particularly Android smartphones and tablets, using Qualcomm chipsets, are susceptible to a new set of potentially grave flaws.

A report suggests that the faults could lets attackers steal important data stored in a secure area that is else supposed to be the most protected part of a mobile device.

Also called Qualcomm’s Secure World, QSEE is a hardware-isolated secure area on the main processor that seeks to protect sensitive information and offers a separate secure environment (REE) for performing Trusted Applications.

In addition to other personal information, QSEE typically contains private encryption keys, passwords, credit, and debit card authorizations.

Normal World system units such as drivers and applications cannot access protected areas unless needed—even when they have root permissions.

Researchers suggest that the stated flaws in the secure components of Qualcomm could allow a hacker to perform trusted apps in the Normal World (Android OS).

“An interesting fact is that we can load trustlets from another device as well. All we need to do is replace the hash table, signature, and certificate chain in the .mdt file of the trustlet with those extracted from a device manufacturer’s trustlet,” researchers said.

The flaws also affect a broad range of smartphone and IoT devices that use the QSEE component to secure users’ important information.

Leave a Reply

Your email address will not be published. Required fields are marked *