Security flaw lets attackers recover private keys from Qualcomm chips

Devices using Qualcomm chipsets, and especially smartphones and tablets, are vulnerable to a new security bug that can let attackers retrieve private data and encryption keys that are stored in a secure area of the chipset known as the Qualcomm Secure Execution Environment (QSEE). Qualcomm has deployed patches for this bug (CVE-2018-11976) earlier this month; however, knowing the sad state of Android OS updates, this will most likely leave many smartphones and tablets vulnerable for years to come. What is the QSEE? The vulnerability impacts how the Qualcomm chips (used in hundreds of millions of Android devices) handles data processed inside the QSEE. The QSEE is a Trusted Execution Environment (TEE) , similar to Intel’s SGX. It’s a hardware-isolated area on Qualcomm chips where the Android OS and app developers can send data to be processed in a safe and secure environment, where the Android OS and no other app can reach and access the sensitive data, except the application that placed the data there, in the first place. Data processed inside the QSEE usually includes private encryption keys and passwords, but the QSEE can handle anything an app wants to hide from prying eyes. CVE-2018-11976 In March last year,… Read full this story

• NSA alerted Microsoft to major Windows 10 security flaw
• Serious bug causes “quite a few” HTTPS sites to reveal their private keys
• TikTok is a national security threat, US politicians say. Here's what experts think
• Google Moves to Secure the Cloud From Itself
• Your Two-Step, 16-Word Guide to Comprehensive Digital Security
• Apple WWDC 2020 announcements: iOS 14, macOS Big Sur, transition to Apple Silicon and other key highlights
• Johnny Depp wrote 'I love you' in blood after severing his finger while attacking ME, says Amber Heard: Actor 'pushed his wife into a ping pong table, tore off her night gown, and choked her against refrigerator while filming Pirates of The Caribbean'
• Is WhatsApp Safe to Use? Explaining This Week’s Big Chat-App-Security Controversy
• Ransomware warning: Now attacks are stealing data as well as encrypting it
• Security News This Week: Who Pulled Off the Twitter Hack?

Security flaw lets attackers recover private keys from Qualcomm chips have 340 words, post on www.zdnet.com at April 24, 2019. This is cached page on Vietnam Dance. If you want remove this page, please contact us.