720-891-1663

Return to the list of client alerts

 

Hundreds of Millions of Devices, Especially Androids, Vulnerable

Hundreds of millions of devices, especially Android smartphones and tablets which use Qualcomm chipsets are vulnerable to a new set of potentially serious vulnerabilities.

The bug is in Qualcomm’s SECURE EXECUTION ENVIRONMENT.  It is supposed to be a secure area on the main processor used to protect sensitive information.  Each hardware vendor writes code to manage this secure area.

This environment is often used to store encryption keys, passwords and credit card numbers.

Researchers reverse engineered the code to find the bugs.

The researchers found 4 bugs in Samsung’s implementation of the code, and one each in Motorola’s and LG’s implementation.  Likely there are bugs in other vendors versions as well.

Qualcomm, LG and Samsung have released fixes, but unless your device and OS version are currently supported, you won’t get the fix.  There are also long delays between when a hardware vendor releases a fix and when your phone carrier releases that fix, if they release the fix at all.

If you don’t have the fix, it means that any application running on a vulnerable device could steal encryption keys and passwords stored on the device.

Read this article for more details on how the attack works.