In recent years the smartphone is not only on shipment volume advance rapidly, the square respect range that we live also reachs deep in the meantime, there is the address book, data such as the short message not only in the mobile phone, still have more and more important individual privacy and belongings news, their safety and each person be closely bound up.
According to media EETOP report, british security line of business person the report with newest NCC Group (CVE-2018-11976) indication United States connects a company high to have problem of flaw of divulge a secret of existence of chip of dragon of more than 40 brave, specific involve connect chip safety high to carry out an environment (QSEE) order of lot of elliptical curve number is algorithmic (ECDSA) , will allow hacker speculation to go out deposit in QSEE, add 224 close Jin Yao with 256 with ECDSA.
The brave dragon chip that the United States tells a company high (graph / network)
QSEE comes from the TrustZone design at ARM, trustZone is the safe core of systematic odd chip, the safe world that it built a segregation will offer reliable software and confidential data to use (the dactylogram that is like an user and facial department information) , and other software can be only in general world carry out, QSEE is the safe executive environment that Gaotonggen makes according to TrustZone place namely.
This second the chip that connects chip flaw high to involve tens of moneys, still have chip of the many IPQ8064 year ago, IPQ8074, still have the brave dragon that tells main force high at present 855, brave dragon 845 chip, the tall Tong Xiaolong that and still have faces PC platform 850, the chip such as 8CX, it is thus clear that relevant flaw involves the rock-bottom code that knows high " mistake " . Because this flaw involves the chip product that understands much generation high, also include to have diverse product line at the same time, may be as high as billions of by the terminal unit that tells flaw effect high.
The list of model of chip of tall Tong Xiaolong that this second flaw involves (graph / network)
Besides British security line of business person outside NCC Group, flaw of our national information safety shares the flaw that platform also has fair mercery to be like, because connect the TrustZone existence information in the product high to reveal flaw,be likewise. Aggressor can use this flaw to steal the individual information of the user.
Flaw of national information safety shares platform to go up the introduction about flaw of chip of tall Tong Xiaolong (graph / network)
Flaw of national information safety shares platform to go up the introduction about flaw of chip of tall Tong Xiaolong (graph / network)
Nevertheless also the netizen suspects this is not is flaw, the back door of the sedulous obligate that connects high however. Because occupy a message to say this flaw is in early actually last year had met relevant specification to Gaotongdi March, however till this year April, tall a universal genius has solved these flaw formally. Is because doesn't Gao Tonggen regard these flaw as originally,a year much processing time after all one and the same? Connect insecurity of resource of research and development high still, must concentrate resource to 5G research and development, be too busy attend to this flaw problem.
In fact, besides the flaw that is based on TrustZone design, connect high had appeared likewise in recent years not little hole, endanger among them bigger have the flaw of kernel of An Zhuoping stage 2016, expert of safe at that time research is being connected high a series of serious An Zhuoan complete flaw discovered inside chip (call " Quadrooter " ) , the hacker can cheat an user to install ill will application, win corresponding applied limits of authority, can complete control gets the equipment installing eminent of the influence, include among them data and hardware, photograph for example like head and microphone, can gather the individual privacy information of the user. And the smartphone installing eminent that suffers these flaw effects and flat computer amount exceed 900 million. More terrible is, the Android equipment that suffers flaw effect for the most part is likely forever won't by repair.
Exposed to the sun 2016 the flaw of the safety that install eminent that go out (graph / network)
Have more very person, fireEye of company of American network security once revealed a flaw installing eminent that connects chip high to bring 2016, this short message that flaw can steal an user, phone records hacker have the aid of and other is private privacy data. More terrible is these flaw time had existed 5 years when be being announced.
Although get the pressure of the market, connect high must roll out in the light of flaw problem " flaw rewards a plan " , but the tall hair ground that connecting chip high is flaw as before, can say the producer that is flaw even. The hope is connected high besides dedicated run at function of GPU, CPU especially, be in charge of to the privacy of the user and belongings safety even.