More than 40 Qualcomm chips have been exposed to security vulnerabilities, affecting billions of mobile phones!

4 month 28 Daily news , Recently, British security agencies NCC Group Announced a piece of heavy news ： exceed 40 Qualcomm chips exist “ Bypass vulnerability ”, This vulnerability can be used to steal confidential information stored in the chip , And affect those who use related chips Android Mobile phones and other related devices . however , Earlier this month , Qualcomm has fixed this vulnerability that it learned last year .

According to Qualcomm safety bulletin , This number is CVE-2018-11976 A loophole in the , Involving Qualcomm chip security execution environment （Qualcomm Secure Execution Environment,QSEE） Elliptic curve digital signature algorithm （Elliptic Curve Digital Signature Algorithm,ECDSA）, Will allow hackers to speculate that it is stored in QSEE in 、 With ECDSA Encrypted 224 Bit and 256 Bit key .

It is listed as a major vulnerability by Qualcomm , And the impact exceeds 40 Qualcomm chips , It may affect billions of Android Mobile phones and devices .

QSEE From Arm Of TrustZone Design ,TrustZone It is the safety core of the system single chip , It establishes an isolated security world for reliable software and confidential information , Other software can only be executed in the general world ,QSEE That is Qualcomm according to TrustZone Create a safe execution environment .

although ,NCC Group This vulnerability was discovered as early as last year , And last year 3 Qualcomm was notified in August , But Qualcomm has been until this year 4 Months before the official repair , And was officially exposed recently .

It is worth noting that , Last year Intel 、AMD、Arm Cortrex A series of chips have been exposed successively, and there are many security vulnerabilities , Although since then, each company has launched patches , However, this does not mean that similar events will not happen in the future . at that time ,ARM The person in charge also said , It's absolutely safe without , Chip vulnerabilities may occur again .

edit ： Smart core - Woods