Cov kws tshawb fawb los ntawm NCC Group vulnerabilities () hauv Qualcomm chips, uas tso cai rau koj los txiav txim siab cov ntsiab lus ntawm tus kheej encryption yuam sij nyob rau hauv ib qho kev sib cais ntawm Qualcomm QSEE (Qualcomm Secure Execution Environment), raws li ARM TrustZone thev naus laus zis. Qhov teeb meem manifests nws tus kheej nyob rau hauv Snapdragon SoC, uas tau dhau los ua thoob plaws hauv smartphones raws li Android platform. Cov kev kho uas kho qhov teeb meem yog twb hauv lub Plaub Hlis Ntuj hloov tshiab thiab tshiab firmware tso tawm rau Qualcomm chips. Nws siv Qualcomm ntau tshaj li ib xyoos los npaj kho; cov ntaub ntawv hais txog qhov tsis zoo tau pib xa mus rau Qualcomm thaum Lub Peb Hlis 19, 2018.
Cia peb nco qab tias ARM TrustZone thev naus laus zis tso cai rau koj los tsim kho vajtse-kev tiv thaiv ib puag ncig uas tau sib cais tag nrho ntawm lub ntsiab system thiab khiav ntawm cov txheej txheem virtual siv cais tshwj xeeb. Lub hom phiaj tseem ceeb ntawm TrustZone yog muab cais tawm ntawm cov txheej txheem rau cov yuam sij encryption, biometric authentication, cov ntaub ntawv them nyiaj thiab lwm yam ntaub ntawv tsis pub lwm tus paub. Kev cuam tshuam nrog lub ntsiab OS yog ua tsis ncaj los ntawm kev xa tawm interface. Cov yuam sij ntiag tug encryption tau muab cia rau hauv lub khw muag khoom tseem ceeb uas cais tawm, uas, yog tias siv tau zoo, tuaj yeem tiv thaiv lawv cov dej xau yog tias muaj kev cuam tshuam.
Qhov tsis zoo yog vim muaj qhov tsis txaus ntseeg hauv kev siv cov elliptic nkhaus kev ua algorithm, uas ua rau xau cov ntaub ntawv hais txog kev nce qib ntawm kev ua cov ntaub ntawv. Cov kws tshawb nrhiav tau tsim cov txheej txheem kev tawm tsam sab-channel uas tso cai rau siv cov xaim tsis ncaj uas twb muaj lawm kom rov qab tau cov ntsiab lus ntawm cov yuam sij ntiag tug nyob hauv cov khoom siv cais tawm. . Leaks yog txiav txim siab raws li kev txheeb xyuas ntawm cov haujlwm ntawm ceg twv twv thaiv thiab kev hloov pauv hauv lub sijhawm nkag mus rau cov ntaub ntawv hauv nco. Hauv kev sim, cov kws tshawb fawb tau ua tiav qhov kev rov qab los ntawm 224- thiab 256-ntsis ECDSA cov yuam sij los ntawm cov khoom siv kho vajtse cais cov khw muag khoom siv hauv Nexus 5X smartphone. Rov qab tau qhov tseem ceeb uas yuav tsum tau tsim txog 12 txhiab tus kos npe digital, uas siv sijhawm ntau dua 14 teev. Cov cuab yeej siv los ua qhov kev tawm tsam .
Qhov laj thawj tseem ceeb ntawm qhov teeb meem yog kev sib koom ua ke ntawm cov khoom siv kho vajtse thiab cache rau kev suav hauv TrustZone thiab hauv lub system tseem ceeb - kev sib cais yog ua nyob rau theem ntawm kev sib cais, tab sis siv cov cuab yeej siv computer thiab nrog cov cim ntawm kev suav thiab cov ntaub ntawv hais txog ceg. chaw nyob tau tso rau hauv cov processor cache. Siv tus txheej txheem Prime + Kev sojntsuam, raws li kev ntsuas kev hloov pauv hauv lub sijhawm nkag mus rau cov ntaub ntawv cached, nws yog qhov ua tau, los ntawm kev txheeb xyuas qhov muaj qee yam qauv hauv lub cache, los saib xyuas cov ntaub ntawv ntws thiab cov cim ntawm kev ua tiav cov lej cuam tshuam nrog kev suav cov kos npe digital hauv TrustZone nrog kev ncaj ncees siab.
Feem ntau ntawm lub sijhawm los tsim kom muaj tus lej kos npe siv ECDSA cov yuam sij hauv Qualcomm chips yog siv los ua cov haujlwm sib npaug hauv ib lub voj uas siv cov vectorization pib uas tsis hloov pauv rau txhua tus kos npe (). Yog tias tus neeg tawm tsam tuaj yeem rov qab tau tsawg kawg yog ob peb yam khoom nrog cov ntaub ntawv hais txog cov vector no, nws tuaj yeem ua rau muaj kev tawm tsam kom rov qab tau tag nrho cov yuam sij ntiag tug.
Nyob rau hauv cov ntaub ntawv ntawm Qualcomm, ob qhov chaw uas cov ntaub ntawv no tau leaked tau txheeb xyuas nyob rau hauv lub multiplication algorithm: thaum ua hauj lwm lookup nyob rau hauv cov ntxhuav thiab nyob rau hauv lub conditional cov ntaub ntawv retrieval code raws li tus nqi ntawm lub xeem ntsis nyob rau hauv lub "nonce" vector. Txawm hais tias muaj qhov tseeb tias Qualcomm code muaj cov kev ntsuas los tiv thaiv cov ntaub ntawv xa tawm los ntawm cov neeg thib peb raws, txoj kev tsim kev tawm tsam tso cai rau koj hla cov kev ntsuas no thiab txiav txim siab ntau yam ntawm tus nqi "tsis yog", uas txaus los rov qab 256-ntsis ECDSA yuam sij.
Tau qhov twg los: opennet.ru