Security News > 2019 > April > Qualcomm chips leak crypto data from secure execution environment

Qualcomm chips leak crypto data from secure execution environment
2019-04-25 10:47

A vulnerability in Qualcomm chips could be exploited by attackers to retrieve encryption keys and sensitive information from the chipsets’ secure execution environment, NCC Group researchers have found. About CVE-2018-11976 The security of Trusted Execution Environments (TEEs) such as ARM TrustZone, which are widely used in both mobile and embedded devices and often share the same computational hardware as untrusted code, has been previously probed but not extensively. NCC Group researchers decided to specifically test … More → The post Qualcomm chips leak crypto data from secure execution environment appeared first on Help Net Security.


News URL

http://feedproxy.google.com/~r/HelpNetSecurity/~3/tlRTrToGo_4/

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2019-05-24 CVE-2018-11976 Information Exposure vulnerability in Qualcomm products
ECDSA signature code leaks private keys from secure world to non-secure world in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in IPQ8074, MDM9150, MDM9206, MDM9607, MDM9650, MDM9655, MSM8909W, MSM8996AU, QCA8081, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 615/16/SD 415, SD 625, SD 632, SD 636, SD 650/52, SD 712 / SD 710 / SD 670, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 8CX, SDA660, SDM439, SDM630, SDM660, Snapdragon_High_Med_2016, SXR1130
local
low complexity
qualcomm CWE-200
5.5

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Qualcomm 2227 0 257 1169 514 1940