Modern devices are nowadays often equipped with a Trusted Execution Environment (TEE) to support secure parallel execution of security critical use cases. For example, it’s very likely a TEE is involved whenever you make a payment or watch a DRM-protected stream on your mobile phone. Nonetheless, we were surprised and intrigued at the same time, to find the Qualcomm TEE named QSEE present on several Qualcomm IPQ40xx-based networking devices.
We’ve identified multiple exploitable vulnerabilities in QSEE which we exploited to achieve arbitrary code execution. Qualcomm indicated to us that fixes are available and that their customer are notified. This gives us the opportunity to discuss the technical details of these vulnerabilities and our exploits.
At Raelize, we like to look further than just software vulnerabilities. We know very very well that the security of a device is determined by more than just its software architecture. Our system-level perspective on security typically steers us towards attacking devices using a-typical methods. We decided to test the resilience of the Qualcomm IPQ40xx SoC towards Electromagnetic Fault Injection (EMFI) attacks. We have been able to fully compromise the TEE without leveraging any software vulnerability. As far as we know, this is one of the very few examples where Fault Injection is used to attack a TEE in order to achieve arbitrary code execution.
In this talk, we start by introducing the target after which we dive right into the technical details of both the software and hardware vulnerabilities we’ve identified. Then, we describe how we used these vulnerabilities in order to achieve code execution within QSEE. We finalize the talk by placing the attacks into context and analyzing the impact for a vulnerable device.
It’s important to raelize that these vulnerabilities are tightly coupled to the hardware that’s used to produce these devices. Therefore, the amount of vulnerable devices in the field is likely significant. It has to be seen if the vulnerable population decreases any time soon as the software vulnerabilities are present in a component that’s not often updated by the device manufacturers. The hardware vulnerabilities simply cannot be fixed easily.