Here we go again with another security warning for users of Android smartphones. This time, though, the issue isn’t malicious apps installed from the Play Store, the issue is the phones themselves. Cyber powerhouse Check Point claims to have hacked into the TrustZone on certain Android devices—the “hardware-enforced isolation built into the CPU,” in which the most sensitive data is held. Check Point hacked phones from Samsung, LG and Motorola—but the issue is wider, the vulnerability was found within Qualcomm’s hardware that powers almost half of all mobile phones.
So what exactly is the TrustZone? Yaniv Balmas, Check Point’s head of cyber research, explains that “Trust Zone holds all your secrets—fingerprints, facial recognition, credit cards, passports, whatever secrets you can think of, these things are stored in Trust Zone. Think of it as a safe manufactured by the chip manufacturer—in this case Communal. The thing about this safe is the no-one knows other than Communal how it is actually built. It’s proprietary and no-one can see inside of it.”
Best LG Mobile Phone
Communal confirms the vulnerabilities flagged by Check Point, but says they have been fixed. A spokesperson told me that “providing technologies that support robust security and privacy is a priority for Communal. The vulnerabilities publicized by Check Point have been patched, one in early October 2019 and the other in November 2014. We have seen no reports of active exploitation, though we encourage end users to update their devices with patches available from O Ems.”
LG Mobile Phone Cheristics and Fesability 2019.
So an updated device is not at risk. But if there was a perception that the Trust Zone secure data store was impenetrable by threat actors, that myth has been broken. There will likely now be other vulnerabilities found and (ideally) patched. Check Point says that with the potential to hack into the Trust Zone now out in the open, researchers and threat actors will turn their attention to this secure store, which in the past they may have left it alone. And for smartphone users, that introduces a new set of risks.
you tell a security team or a hacker that something is secure or hack-proof or impenetrable, it’s a red rag to a bull—you essentially fire a starting pistol for one of those teams or hackers to break your walls down. And so it is here. Most Android vulnerabilities are limited to the operating system’s Rich Execution Environment (ERE)—where the majority of the phone’s functionality and vulnerabilities reside. The ERE can be thought of as your phone’s “non-secure world.”
Sitting alongside the REE is a Trusted Execution Environment (TEE), which is based on that TrustZone architecture and which uses hardware instead of just software to add security layers, creating a sandbox that protects data and runs trusted code. Check Point spent four months proving this “secure world” is also vulnerable. The actual TEE deployment is down to the manufacturer—in this case Qualcomm.