Vatsvagiri kubva kuNCC Group kushaya simba () muQualcomm chips, iyo inokutendera kuti uone zviri mukati meyakavanzika encryption makiyi ari mune yakasarudzika enclave Qualcomm QSEE (Qualcomm Secure Execution Environment), zvichibva paArM TrustZone tekinoroji. Dambudziko rinobuda pachena Snapdragon SoC, iyo yave kupararira muma smartphones zvichienderana neiyo Android platform. Zvigadziriso zvinogadzirisa dambudziko zvagara muApril Android update uye itsva firmware inoburitswa yeQualcomm chips. Zvakatora Qualcomm inopfuura gore kugadzirira kugadzirisa; ruzivo rwekusagadzikana rwakatanga kutumirwa kuQualcomm munaKurume 19, 2018.
Ngatiyeukei kuti tekinoroji yeARM TrustZone inokutendera kuti ugadzire nzvimbo dzakachengetedzwa dzehardware dzakapatsanurwa zvachose kubva kune huru sisitimu uye inomhanya pane yakaparadzana virtual processor uchishandisa yakaparadzana nyanzvi yekushandisa system. Chinangwa chikuru cheTrustZone ndechekupa kuuraya kwakasarudzika kwema processor emakiyi encryption, biometric authentication, data rekubhadhara uye rumwe ruzivo rwakavanzika. Kudyidzana neiyo huru OS kunoitwa zvisina kunanga kuburikidza neyekutumira interface. Yakavanzika encryption makiyi anochengetwa mukati me Hardware-yakasarudzika kiyi chitoro, iyo, kana yakaitwa nemazvo, inogona kudzivirira kuvuza kwavo kana iyo yepasi system ikakanganiswa.
Kusagadzikana kunokonzerwa nekukanganisika mukuitwa kweiyo elliptic curve processing algorithm, izvo zvakakonzera kuburitswa kweruzivo nezve kufambira mberi kwekugadziriswa kwedata. Vatsvagiri vakagadzira nzira yekurwisa-parutivi-chiteshi inobvumira kushandisa iripo isina kunanga kuvuza kudzoreredza zviri mukati makiyi akavanzika ari muhardware-yakasarudzika. . Kuvuza kunotemerwa zvichienderana nekuongororwa kwebasa rebazi rekufanotaura block uye shanduko munguva yekuwana data mundangariro. Mukuyedza, vaongorori vakabudirira kuratidza kudzoreredzwa kwe224- uye 256-bit ECDSA makiyi kubva kune hardware-yakasarudzika kiyi chitoro inoshandiswa muNexus 5X smartphone. Kudzoreredza kiyi inodiwa kugadzira anenge zviuru gumi nemaviri siginecha yedhijitari, iyo yakatora anopfuura maawa gumi nemana. Zvishandiso zvinoshandiswa kuita kurwisa .
Chikonzero chikuru chedambudziko ndechekugovana kwezvakajairwa zvigadzirwa zvehardware uye cache yekuverenga muTrustZone uye mune huru sisitimu - kuzviparadzanisa kunoitwa pamwero wekuparadzanisa zvine musoro, asi uchishandisa zvakajairika computing units uye nematehwe ekuverenga uye ruzivo nezvebazi. kero dziri kuiswa mune yakajairika processor cache. Uchishandisa iyo Prime + Probe nzira, yakavakirwa pakuongorora shanduko yenguva yekuwana kune yakavharidzirwa ruzivo, zvinogoneka, nekutarisa kuvepo kwemamwe mapatani mucache, kutarisa kuyerera kwedata uye zviratidzo zvekuitwa kwekodhi zvine chekuita nekuverenga kwemasiginecha edhijitari mu. TrustZone ine chokwadi chepamusoro.
Nguva zhinji kugadzira siginecha yedhijitari uchishandisa makiyi eECDSA mumachipi eQualcomm inopedzwa kuita mabasa ekuwanza muloop uchishandisa yekutanga vector iyo isina kuchinjika kune yega siginicha.) Kana munhu anorwisa achikwanisa kudzoreredza zvishoma zvishoma neruzivo nezve vector iyi, zvinogoneka kuita kurwisa kuti udzore zvakateerana kiyi yese yakavanzika.
Panyaya yeQualcomm, nzvimbo mbiri dzakaburitswa ruzivo rwakadaro dzakaonekwa mualgorithm yekuwanza: pakuita mabasa ekutarisa mumatafura uye mune inomisikidzwa kodhi yekudzosa data zvichienderana nekukosha kweiyo yekupedzisira mu "nonce" vector. Kunyangwe chokwadi chekuti Qualcomm kodhi ine matanho ekurwisa kubuda kweruzivo kuburikidza nevechitatu-bato nzira, yakagadziridzwa nzira yekurwisa inokutendera kuti upfuure matanho aya uye uone akati wandei mabhii e "nonce" kukosha, anokwana kudzoreredza 256-bit ECDSA makiyi.
Source: opennet.ru