International. A number of critical vulnerabilities in Qualcomm TrustZone that could lead to, among other things, leaks of protected data and the theft of mobile payment information and credentials, were exposed by cybersecurity company, Check Point Software Technologies Ltd.
This application is a security extension integrated by ARM in the Corex-A processor, which is an integral part of all modern Android mobile devices from brands such as Samsung, Xiaomi, Sony, Nexus, LG or HTC, among others. In fact, according to a study by Strategy Analytics, almost half of all smartphones in the world use Qualcomm processor technology.
For 4 months, Check Point has been analyzing the possible weaknesses of Qualcomm's "Safe World" operating system. To do this, the company's researchers used a technique known as "fuzzing", a method used to verify security levels and thus discover coding errors and security gaps in software, operating systems or networks. Through this technique, the company discovered 4 vulnerabilities in the trusted code implemented by Samsung (including some of the company's latest releases such as the S10), 1 in Motorola, 1 in LG, 1 related to LG, but all the code comes from Qualcomm.
What is TrustZone and why is it a critical vulnerability?
Qualcomm's TrustZone security extension creates an isolated and secure virtual environment that the operating system itself uses to provide confidentiality and integrity to the device. This environment is known as Trusted Execution Environment (TEE), and a vulnerability in this code is critical because it is responsible for providing security to the data stored on the device, and, in addition, has many execution permissions. In this way, if the integrity of the TEE is compromised, device failures such as data leaks, unlocking the bootloader or running undetectable APT can occur. In this way, an attacker could compromise the security of the terminal remotely and perform different malicious activities.
On the other hand, this vulnerability joins the recent cases that the company has experienced in recent months, in which Qualcomm warned that two of its processors for mobile devices had suffered security flaws that allowed attacking the smartphones of thousands of users and compromise the integrity of the Android operating system through access to the WLAN chip, also at a distance.
In this sense, Eusebio Nieva, check Point's technical director for Spain and Portugal, points out that "these types of vulnerabilities pose a serious risk to both devices and the personal information that users store on them. In addition, it is essential to bear in mind that, although phones are one of the most used devices in our day to day, there is a general tendency not to use protection measures, so through these vulnerabilities cybercriminals find a way to access a large amount of information. "
What can users do to protect themselves from this vulnerability?
From Check Point they warn about the fact that smartphones are one of the most unprotected devices, and point out the importance of becoming aware of the need to adopt a security strategy focused on ensuring the protection of the data they store.
In this sense, Qualcomm has already published a patch to solve this vulnerability, so the company's experts advise users of the terminals that incorporate Qualcomm TrustZone to update the operating system of the phone to the latest available version, as well as be attentive to any movement that is made using their credit or debit cards. In addition, from Check Point they recommend having a security tool that allows to examine the state of the mobile phone in search of possible threats such as malicious software and cryptojackers that have been installed on the device without the user knowing.
In this sense, the company has SandBlast Mobile, a solution that protects devices from infected applications, Man-in-the-Middle attacks over Wi-Fi, OS exploits, and malicious links in SMS messages.
