Skip to main content

Android Devices Using Qualcomm Chips Can Be Hacked

By November 25, 2019May 9th, 2022Cybersecurity

Do you have an Android device?  Is it built around a Qualcomm chipset?

If so, be advised that you may be at risk.

According to a report recently published by security firm CheckPoint, a recently discovered flaw could allow hackers to steal a variety of sensitive information on your phone or tablet.

The vulnerability resides in the QSEE, or “Qualcomm Secure Execution Environment,” which is an implementation of TEE (Trusted Execution Environment) based on ARM TrustZone technology.

This is the technology that guards the most protected parts of a mobile device.  In addition to your personal information, the QSEE is used to house passwords, credit and debit card details, encryption keys, and the like.  Basically, QSEE guards everything else that’s supposed to make your digital life secure, and it has been compromised. That puts millions of Android devices at risk.

CheckPoint’s security researchers had this to say about the issue:

“In a 4-month research project, we succeeded in reverse (engineering) Qualcomm’s Secure World operating system and leveraged the fuzzing technique to expose the hole.

We implemented a custom-made fuzzing tool, which tested trusted code on Samsung, LG, and Motorola devices, which allowed researchers to find four vulnerabilities in trusted code implemented by Samsung, one in Motorola, and one in LG.

An interesting fact is that we can load trustlets from another device as well.  All we need to do is replace the hash table, signature, and certificate chain in the .mdt file of the trustlet with those extracted from a device manufacturer’s trustlet.”

In other words, it’s about as bad as a security issue can get.  If there’s a silver lining, it is that Samsung, Qualcomm, and LG have already released a patch which fixes the issue. So, if you have a device manufactured by any of those companies, head to their website to be sure you get the patch.

Jason Manteiga

Jason J. Manteiga, Vice President of Olmec Systems, has been part of the company for over the past 20 years. He believes that having a great work environment and supportive team, is the ultimate key to success. Since being in the IT realm for over 25 years, Jason, along with Olmec Systems, has been on the Inc. 5000 “List of America’s Fastest Growing Private Companies” and Channel Futures MSP 501 “Top Managed Service Providers in North America,” along with other awards and nominations. Jason earned his Bachelor Degree in Information Systems from the New Jersey Institute of Technology. He also holds certifications in Microsoft MCSE, VMWare VCP, and Cisco CCNA. In his spare time, Jason is a contributor for The Center for Social & Legal Research (Privacy Exchange) and a member of the Morris County Chamber of Commerce. His hobbies include cycling and kayaking. He currently lives in New Jersey with his wife, two daughters and son.