Researchers have appear a set of vulnerabilites affecting Qualcomm chipsets that could allow a abeyant antagonist to steal analytical information.

The allegation — appear by cybersecurity vendor Check Point Analysis — reveal the ‘secure world’ present in Qualcomm CPUs, that powers most Android phones, suffer from a flaw which may “lead to arising of adequate data, device rooting, bootloader unlocking, and beheading of ephemeral APTs [Advanced Persistent Threats].”

The allegation were originally appear by Checkpoint at REcon Montreal beforehand this June, a computer aegis appointment with a focus on about-face engineering and avant-garde corruption techniques.

Qualcomm has since issued fixes for all the flaws after they were responsibly appear by the company. Samsung and LG have activated the patches to their devices, while Motorola is said to be alive on a fix.

The acknowledgment comes months after Qualcomm patched a vulnerability that enabled a bad actor to abstract clandestine data and encryption keys that are stored in the chipset’s secure world.

Trusted Beheading Environment

Chips from Qualcomm come with a secure area inside the processor called a Trusted Beheading Ambiance (TEE) that ensures acquaintance and candor of code and data.

This accouterments abreast — dubbed Qualcomm Trusted Beheading Ambiance (QTEE) and based on ARM TrustZone technology — enables the most acute of data to be stored after any risk of being tampered.

Furthermore, this secure world provides added casework in the form of trusted third-party apparatus (aka trustlets) that are loaded and accomplished in TEE by the operating system active in TrustZone — called the trusted OS.

Trustlets act as the bridge amid the ‘normal’ world — the rich beheading ambiance where the device’s main operating system resides — and the TEE, facilitating data movement amid the two worlds.

Trusted World holds your passwords, credit card advice for mobile payment, accumulator encryption keys, and many others,” Check Point researcher Slava Makkaveev told TNW. “Trusted Ambiance is the last line of defence. If a hacker compromised trusted OS, annihilation can stop your acute data from being stolen.”


Qualcomm notes that after having access to the device accouterments keys, it’s absurd to access the data stored in QTEE unless it’s carefully exposed.

But this four-month long analysis shows affirmation to the contrary, thereby proving that the TEE is not as bulletproof as ahead thought.

A fuzzing-based vulnerability research

To do so, Check Point advisers leveraged a address called fuzzing — an automatic testing method that involves accouterment random data as inputs to a computer affairs to cause the affairs to crash, and therefore, analyze abrupt behavior and programming errors that could be exploited to get around aegis protections.

The fuzzing targeted the trustlet accomplishing by Samsung, Motorola, and LG — accurately the code that was amenable for acceptance the candor of the trustlets — uncovering assorted flaws in the process.

The vulnerabilities, the advisers said, could allow an antagonist to assassinate trusted apps in the normal world, load a patched trusted app into the secure world, and even load trustlets from addition device.

Although TEEs present a new attack frontier, there’s no affirmation that these vulnerabilities were exploited in the wild. But Makkaveev says TEEs are a very able attack target.

Read next: This award-winning coffee apparatus brings barista-level brewing to your home for under $75