British security line of business person NCC Group announced conceal to be in even more 40 bypass hole that open chip high, can use the confidential information that stores inside filch chip, affect the Android device that uses relevant chip, open the hole that already was informed last year at this was being repaired to be in at the beginning of this month high.
This one number is the flaw of CVE-2018-11976, involve connect chip safety high to carry out an environment (Qualcomm Secure Execution Environment, QSEE) elliptical curve number signs chapter algorithm (Elliptic Curve Digital Signature Algorithm, ECDSA) , will allow hacker speculation to go out deposit in QSEE, add 224 close Jin Yao with 256 with ECDSA.
QSEE comes from the TrustZone design at ARM, trustZone is the safe core of systematic odd chip, it built the safe world of a segregation to offer reliable software and confidential data to use, and other software can be only in general world carry out, QSEE is the safe executive environment that Gaotonggen makes according to TrustZone place namely.
Senior and safe advisory Keegan Ryan points out NCC Group, the safety such as such as TrustZone or QSEE carries out environmental design, get a lot of operation unit and embedded use extensively of device, what just calculate safe world and general world to use is different hardware resource, software or data, but they still lay a foundation to go up in same small framework, then they made a few tools come the data of monitoring QSEE flows with the program, find out connect high guide the safe flaw of ECDSA, successfully from connect what 256 restore on chip high to add close illicit key.
Ryan explanation, most ECDSA lot order is the multiplication that handling random numerical value answer a circle, hypothesis hacker can restore a few of this random numerical value, can use already some technologies will restore whole illicit key, they discover two extent but outside discharge this information of random numerical value, although these two area contain the mechanism that antagonism bypass atttacks, nevertheless they bypassed these are restricted, the part that found out this numerical value, and the 256 illicit key that restored the place on Nexus 5X mobile phone successfully to deposit.
NCC Group is in early discovered this one flaw last year, knew to be able to be connected high in March last year, high general rule arrives to just was repaired formally this year in April all the time.
The basis connects the safe announcement of a paste high, CVE-2018-11976 belongs to what ECDSA signs chapter code to add close problem, the discharge outside will letting deposit the illicit key that installing a whole world reachs general world. It is connected high to label major flaw, and those who affect more than 40 is tall connect chip, the likelihood affects the Android unit that reachs billions of.
