Android Qualcomm QSEE Vulnerability Affects 60 Percent of All Devices
May 20, 2016
Shah Sheikh (1294 articles)

Android Qualcomm QSEE Vulnerability Affects 60 Percent of All Devices

Four months after Google fixed the issue, a security researcher has come forward to explain how a vulnerability in Android’s Qualcomm Secure Execution Environment (QSEE) can be leveraged to compromise devices.

Fixed in Google’s January Nexus Security Bulletin, the bug known as CVE-2015-6639 is categorized as an elevation of privileges in the Android TrustZone.

The Android TrustZone is a special section of the Android kernel, working separately from the rest of the kernel, and tasked with processing the most crucial and sensitive operations, like the ones that handle encrypted data.

CVE-2015-6639 + mediaserver exploit = trouble

Security researcher Gal Beniamini discovered this issue in the Qualcomm’s custom implementation of the TrustZone kernel, used on Android smartphones that utilize Qualcomm chips.

Beniamini says that the vulnerability on its own is harmless, but if attackers chain two exploits together, the attacker can use CVE-2015-6639 to get root privileges in the Qualcomm’s TrustZone.

According to the researcher, any exploit in the Android mediaserver component will do. The mediaserver component is where the infamous Stagefright bug was discovered, and ever since launching its Android Security Bulletin last September, Google has been patching at least one mediaserver issue each month, so attackers would not have to look too far for a working exploit.

An attacker only needs to craft a malicious app with these two exploits and trick a user into installing it. Once he achieves this, he can have full control over the device.

Three in five devices are vulnerable

According to telemetry data from half of million Android phones gathered by mobile security firm Duo, 60 percent of all current Android devices are using Qualcomm chips and are running affected Android versions.

Even if Google released patches for this issue, upgrading an Android device is completely out of the user and Google’s control, and these devices may remain vulnerable to this bug for a long time.

“This issue is rated as a Critical severity due to the possibility of a local permanent device compromise, in which case the device would possibly need to be repaired by re-flashing the operating system,” Google wrote last January.

The only way to avoid a total pwnage of your Android device is to use an antivirus solution, or only install reputable, trusted applications.

Source | SoftPedia