Security flaw lets attackers recover private keys from Qualcomm chips

  1. Brink's Avatar
    Posts : 38,784
    64-bit Windows 10 Pro build 18898
       #1

    Security flaw lets attackers recover private keys from Qualcomm chips


    Devices using Qualcomm chipsets, and especially smartphones and tablets, are vulnerable to a new security bug that can let attackers retrieve private data and encryption keys that are stored in a secure area of the chipset known as the Qualcomm Secure Execution Environment (QSEE).

    Qualcomm has deployed patches for this bug (CVE-2018-11976) earlier this month; however, knowing the sad state of Android OS updates, this will most likely leave many smartphones and tablets vulnerable for years to come.

    WHAT IS THE QSEE?

    The vulnerability impacts how the Qualcomm chips (used in hundreds of millions of Android devices) handles data processed inside the QSEE.

    The QSEE is a Trusted Execution Environment (TEE), similar to Intel's SGX.

    It's a hardware-isolated area on Qualcomm chips where the Android OS and app developers can send data to be processed in a safe and secure environment, where the Android OS and no other app can reach and access the sensitive data, except the application that placed the data there, in the first place.

    Data processed inside the QSEE usually includes private encryption keys and passwords, but the QSEE can handle anything an app wants to hide from prying eyes...


    Read more: Security flaw lets attackers recover private keys from Qualcomm chips | ZDNet
      My ComputersSystem Spec

  2.    #1

    I guess the intel agencies have been exploiting this for some time?
      My ComputersSystem Spec

  3. essenbe's Avatar
    Posts : 11,896
    Windows 10 Pro and Windows 10 Pro Insider
       #2

    Steve C said: View Post
    I guess the intel agencies have been exploiting this for some time?
    Based on what evidence.
      My ComputersSystem Spec


 

Related Threads
Solved WinRAR - Patch your app now- Security Flaw in AntiVirus, Firewalls and System Security
Do you have WinRAR installed on your Windows PC? Then you’re probably vulnerable to attack. RARLab patched a dangerous security bug at the end of February 2019, but WinRAR doesn’t automatically update itself. Most WinRAR installations are still...
Read more: New exploit lets attackers take control of Windows IoT Core devices | ZDNet
I am looking for some software (don't mind paying a few $) that lets me set up Function keys or special keys that will override even the current program I am working in. So, (this is just an example) - - the WinKey+S is "Save" in an application I...
If I hold down shift and type a key; CCCCCCCCCCCCCCCCcccccccccccccccc the shift will let go after a second. I plugged by keyboard into a mac and its fine there so it must be a windows issue? Any help would be much appreciated. Craig
Java zero-day security flaw exploited in the wild in AntiVirus, Firewalls and System Security
Java zero-day security flaw exploited in the wild | ZDNet
Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd
All times are GMT -5. The time now is 15:38.
Find Us