A new security research reveals yet another security flaw that affects Android smartphones. A chain of two security bugs (CVE-2015-6639 and CVE-2016-2431) were discovered in the Qualcomm Secure World virtual processor, which, fortunately, have already been patched.
So, what is the impact of the vulnerability? Shortly said, researchers say it could be exploited to leak financial information. What is Secure World? It is part of Qualcomm’s hardware-backed Trusted Execution Environment (TEE), based on ARM TrustZone.
Check Point researchers successfully hacked into TrustZone on specific Android phones (Samsung, LG and Motorola). TrustZone is a security extension integrated by ARM into the Cortex-A processor. However, the vulnerability is present in Qualcomm’s hardware that runs on nearly half of all smartphones.
More about TrustZone
As explained by Yaniv Balmas, Check Point’s head of Cyber Research, “TrustZone holds all your secrets—fingerprints, facial recognition, credit cards, passports, whatever secrets you can think of, these things are stored in TrustZone. Think of it as a safe manufactured by the chip manufacturer—in this case Qualcomm. The thing about this safe is that no-one knows other than Qualcomm how it is actually built. It’s proprietary and no-one can see inside of it.”
Technologically explained, TrustZone is a security extension integrated by ARM into the Cortex-A processor, which is designed to create an isolated and secure virtual world. It can be described as a “hardware-enforced isolation built into the CPU,” which carries most sensitive data.
Qualcomm has confirmed the vulnerabilities, which it says have already been addressed. One of them was patched in November 2014, and the other one in early October this year. The good news is that there are no reports of active exploitation. However, users of the affected Samsung, LG and Motorola devices should update their phones with patches through their OEMs.
This means that if a device is updated, it is not at risk. However, the uncovering of this security loophole has now destroyed the belief of the TrustZone secure data store. This could lead to the discovery of other vulnerabilities. Because Check Point’s research has highlighted the possibility to hack into TrustZone, both researchers and malicious actors could focus on it.
Check Point’s Research
The Check Point team reversed the Secure World operating system through fuzzing. It turned out that “a trusted app is a good target for fuzzing-based research”:
The command handler of a trusted app expects to receive a data blob from the Normal world which will then be parsed and used according to the app’s purpose and the requested command. Each trusted app can support hundreds of possible external commands.
Fuzzing can be described as attacking a system with large amounts of random data with the purpose of causing a crash. This is mostly done to uncover coding or programming errors which may be used to bypass security protections.
Qualcomm’s trusted app (also known as trustlet) is a signed executable and ELF file extended by a hash table. When loaded, the Qualcomm trusted OS authenticates the trustlet through hash blocks. However, secure boot protection gets in the way of directly patching TrustZone components. So, Check Point decided to go with the trustlet verification algorithm. The idea was to try to alter the code responsible for calculating hash block signatures to trigger an exploit.
To successfully do so, the team exploited the vulnerability consisting of two chained bugs (CVE-2015-6639 and CVE-2016-2431).
The flaws could be deployed to patch a code segment and replace a trustlet’s hash block after verification, which could lead to the loading of trusted app in a ‘normal’ environment.
The researchers combined them with a CPU emulator and a fuzzing tool, and were able to crash Qualcomm’s trustlet on a Nexus 6 device running Android 7.1.2, and also Moto G4/G4 Plus phones. It was also possible to adapt Samsung trustlets to be exploited.
“We have disclosed the vulnerability to Qualcomm in June this year and alerted them about the publication, only a day before the publication of this blog we were notified the vulnerability was patched (CVE-2019-10574),” CheckPoint said.