[PCM]Qualcomm Chip Bug Poses Risk to App Account Security - Overclock.net - An Overclocking Community

Forum Jump: 

[PCM]Qualcomm Chip Bug Poses Risk to App Account Security

Reply
 
Thread Tools
post #1 of 32 (permalink) Old 04-25-2019, 07:15 AM - Thread Starter
Expert pin bender
 
dagget3450's Avatar
 
Join Date: Jul 2014
Posts: 1,862
Rep: 143 (Unique: 85)
[PCM]Qualcomm Chip Bug Poses Risk to App Account Security

Didn't see this posted:

Quote:
A security bug has been uncovered in dozens of Qualcomm chipsets that could pave way for Android malware capable of stealing access to your online accounts.

"However, if an attacker uses this vulnerability to steal the key pair, the attacker can impersonate the user's device from anywhere in the world, and the user cannot stop it by powering down or destroying their device," Ryan told PCMag.

The attacker also doesn't need physical access to the Qualcomm-powered device to extract the keys. What's necessary is root access to the phone, which could be achieved by getting malware on to the device.
Source: https://www.pcmag.com/news/367970/qu...count-security
Discuss!

GPU i currently own: 390x/FuryX/Vega FE/RX Vega 64/1080TI - CPUs: 5960x/R7 1700/X5650x2/E5 2863/e5 2670
Radeon Vega Frontier Edition Owner
dagget3450 is offline  
Sponsored Links
Advertisement
 
post #2 of 32 (permalink) Old 04-25-2019, 07:32 AM
mfw
 
ToTheSun!'s Avatar
 
Join Date: Jul 2011
Location: Terra
Posts: 6,414
Rep: 362 (Unique: 191)
Can't use Huawei because China.

Can't use Snapdragon phones because security.

Can't use Samsung because house fires.

Back to 3310?

CPU
Intel 6700K
Motherboard
Asus Z170i
GPU
MSI 2080 Sea Hawk X
RAM
G.skill Trident Z 3200CL14 8+8
Hard Drive
Samsung 850 EVO 1TB
Hard Drive
Crucial M4 256GB
Power Supply
Corsair SF600
Cooling
Noctua NH C14S
Case
Fractal Design Core 500
Operating System
Windows 10 Education
Monitor
ViewSonic XG2703-GS
Keyboard
Ducky One 2 Mini
Mouse
Corepadded Logitech G703
Mousepad
Asus Scabbard
Audio
Fiio E17K v1.0 + Beyerdynamic DT 1990 PRO (B pads)
▲ hide details ▲
ToTheSun! is offline  
post #3 of 32 (permalink) Old 04-25-2019, 08:23 AM
New to Overclock.net
 
EniGma1987's Avatar
 
Join Date: Sep 2011
Posts: 6,155
Rep: 331 (Unique: 242)
This doesnt matter at all.
1) it was already patched
2) requires root access which is disabled by default unless the user specifically unlocks their phone
3) requires the user to (inadvertently) install malware on their device with root access

EniGma1987 is offline  
Sponsored Links
Advertisement
 
post #4 of 32 (permalink) Old 04-25-2019, 08:33 AM
Otherworlder
 
epic1337's Avatar
 
Join Date: Feb 2011
Posts: 7,191
Rep: 214 (Unique: 122)
Quote: Originally Posted by ToTheSun! View Post
Can't use Huawei because China.

Can't use Snapdragon phones because security.

Can't use Samsung because house fires.

Back to 3310?
Intel powered phones.

or you could always go Apple...

trolling an adult is very dangerous, don't try it at home nor at work. you don't want to play tag with a rabid man.
epic1337 is offline  
post #5 of 32 (permalink) Old 04-25-2019, 08:46 AM
sudo apt install sl
 
WannaBeOCer's Avatar
 
Join Date: Dec 2009
Posts: 4,385
Rep: 150 (Unique: 108)
Quote: Originally Posted by epic1337 View Post
Intel powered phones.

or you could always go Apple...
Their SoC is pretty impressive but I don't like iOS then again I never gave it a fair chance.

Maximus
(20 items)
CPU
Core i7 6700K 4.8Ghz @ 1.4v
Motherboard
Maximus VIII Formula
GPU
Radeon VII @ 2100Mhz/1200Mhz w/ 1150mV
RAM
G-Skill 32GB 3200Mhz
Hard Drive
Samsung 850 Evo 1TB
Hard Drive
Samsung 850 Evo 1TB
Hard Drive
Samsung 850 Evo 500GB
Power Supply
EVGA SuperNova 1200w P2
Cooling
EK Supremacy Full Copper Clean
Cooling
XSPC D5 Photon v2
Cooling
Black Ice Gen 2 GTX360 x2
Cooling
EK-Vector Radeon VII - Copper + Plexi
Case
Thermaltake Core X5 Tempered Glass Edition
Operating System
Clear Linux
Monitor
Acer XF270HUA
Keyboard
Cherry MX Board 6.0
Mouse
Logitech G600
Mouse
Alugraphics GamerArt
Audio
Definitive Technology Incline
Audio
SMSL M8A
▲ hide details ▲
WannaBeOCer is offline  
post #6 of 32 (permalink) Old 04-25-2019, 09:38 AM
mfw
 
ToTheSun!'s Avatar
 
Join Date: Jul 2011
Location: Terra
Posts: 6,414
Rep: 362 (Unique: 191)
Quote: Originally Posted by EniGma1987 View Post
3) requires the user to (inadvertently) install malware on their device with root access
As opposed to that relevant portion of the population that installs malware advertently.

CPU
Intel 6700K
Motherboard
Asus Z170i
GPU
MSI 2080 Sea Hawk X
RAM
G.skill Trident Z 3200CL14 8+8
Hard Drive
Samsung 850 EVO 1TB
Hard Drive
Crucial M4 256GB
Power Supply
Corsair SF600
Cooling
Noctua NH C14S
Case
Fractal Design Core 500
Operating System
Windows 10 Education
Monitor
ViewSonic XG2703-GS
Keyboard
Ducky One 2 Mini
Mouse
Corepadded Logitech G703
Mousepad
Asus Scabbard
Audio
Fiio E17K v1.0 + Beyerdynamic DT 1990 PRO (B pads)
▲ hide details ▲
ToTheSun! is offline  
post #7 of 32 (permalink) Old 04-25-2019, 11:47 AM
Not a linux lobbyist
 
rluker5's Avatar
 
Join Date: Feb 2014
Location: Wisconsin
Posts: 1,563
Rep: 42 (Unique: 33)
Quote: Originally Posted by epic1337 View Post
Intel powered phones.

or you could always go Apple...
T5c is still selling for $100. Which is a fair price for that phone.

L5
(19 items)
Lea2
(12 items)
L7
(11 items)
CPU
5950hq
Motherboard
z97 Classified
GPU
Aorus 1080ti Waterforce
GPU
Aorus 1080ti Waterforce
RAM
16 G Gskill Trident @ 2400,cas10,1.575v
RAM
16 G Team Extreme @ 2400,cas10,1.575v
Hard Drive
2xSamsung 840 EVO 250G
Hard Drive
seagate barracuda 3T
Hard Drive
Optane 900p 480G OS
Optical Drive
Asus BW-16D1HT
Power Supply
EVGA Supernova 1300 G2
Cooling
Cooler Master MasterLiquid Pro 120 (cpu)
Cooling
2 140mm case fans, 2 120mm
Case
Fractal Design R4 (no window)
Operating System
W10 64 pro
Monitor
panasonic TC-58AX800U
Audio
Focal Elear
Audio
SoundbasterX AE-5
Other
Megatron
CPU
4770k
Motherboard
Asus Z87 Deluxe
GPU
Asus 780ti DC2OC
GPU
Asus 780ti DC2OC
RAM
8Gb patriot 1600mhz
Hard Drive
ROG Raidr 240Gb pcie
Hard Drive
1Tb WD blue
Power Supply
Pc Power&Cooling silencer Mk2 950w
Cooling
Deepcool Lucifer V2
Case
DIYPC P48-W
Operating System
W10 64 pro
Monitor
40"tv
CPU
4980hq
Motherboard
Asus H81T/CSM
RAM
16GB 1600 generic
Hard Drive
Samsung 850 evo 120gb
Power Supply
Skyvast 90w brick for hp pavilion something
Cooling
SilverStone Tek Super Slim
Case
SilverStone Tek PT13B
Operating System
W10 64 pro
Monitor
50" samsung plasma 720p
Keyboard
Logitech K400+
Other
Intel wifi ac card and noname antennas
▲ hide details ▲
rluker5 is offline  
post #8 of 32 (permalink) Old 04-25-2019, 12:04 PM
Overclocker
 
JackCY's Avatar
 
Join Date: Jun 2014
Posts: 9,050
Rep: 301 (Unique: 220)
Mediatek. But then all hardware always has some issue or flaw.
JackCY is offline  
post #9 of 32 (permalink) Old 04-25-2019, 01:20 PM
New to Overclock.net
 
Avonosac's Avatar
 
Join Date: Dec 2012
Location: PA
Posts: 2,942
Rep: 158 (Unique: 114)
Quote: Originally Posted by EniGma1987 View Post
This doesnt matter at all.
Spoiler!

3) requires the user to (inadvertently) install malware on their device with root access
Um... You are dramatically underselling the risk here.

1. Android updates are extremely bifurcated and unreliable unless you have a google phone.
2. There are known methods to attain this on all versions of android except the current security patched version. This statement is 100% security by obscurity.
3. Already has a slightly better than .7% chance just by using certified apps in the play store. This is completely ignoring fully targeted or group targeted attacks which can raise the success rate to 100% rather easily. At last count in 2017 there was 2B+ android devices, so that means if all of them were Qualcomm based (which given their share isn't a huge hypothetical) at least 14 million devices are vulnerable to this attack, this number goes up dramatically when you include apps from other legitimate stores with far worse security than Play.

The problem with everything I stated in #3 is that it's very likely high net worth people would be targeted for this because you're only going to want to invest effort to attack people with value, which makes a targeted attack far more likely, which makes the success of this extraction far more likely. Extracting the private key of the device completely eliminates the security of that device which no software update can fix, you quite literally need to buy a new phone and destroy all previous authentication tokens created by it to begin using any of your connected accounts safely.


Avonosac is offline  
post #10 of 32 (permalink) Old 04-26-2019, 01:27 PM
Old to Overclock.net
 
xJumper's Avatar
 
Join Date: Jan 2008
Posts: 1,992
Rep: 109 (Unique: 96)
Quote: Originally Posted by EniGma1987 View Post
This doesnt matter at all.
1) it was already patched
2) requires root access which is disabled by default unless the user specifically unlocks their phone
3) requires the user to (inadvertently) install malware on their device with root access
Basically this. Rule #1 of sysadmin'ing, if something wants root that has no business using root somethings wrong.

Quote: Originally Posted by ToTheSun! View Post
As opposed to that relevant portion of the population that installs malware advertently.
While the average persons Android phone is bogged down with spyware and adware but there's nothing "wrong" with that really, all the apps are still running within the SELinux permission environment that they are supposed to. Very few pieces of malware actually gain root on the phone.

Quote: Originally Posted by Avonosac View Post
Um... You are dramatically underselling the risk here.
1. Android updates are extremely bifurcated and unreliable unless you have a google phone.
Custom rom guys get updates as fast if not faster than Google phones, some even get daily nightly builds. This is why I encourage people to look into this, it's one of the most important things you can do to increase your security in the mobile world. Nevertheless the situation for stock OEM phones except Googles does suck and manufactures need to be held accountable for that, it's unacceptable that the going rate in the Android world is a security patch every 6 months from the OEM for a grand total of 2-3 since launch day and then support just gets cut.

Quote: Originally Posted by Avonosac View Post
2. There are known methods to attain this on all versions of android except the current security patched version. This statement is 100% security by obscurity.
There's very few in the wild root exploits on the last say three versions of Android. There's a reason why there isn't and hasn't really been any "one click root" solutions since maybe Android 5. In the past those "one click" root solutions are basically apps that you would install that would have kernel/OS vulnerabilities built in and would exploit it to gain you root access. It's a pain in the rear to root your phone now, you need unlocked bootloaders, custom recoveries and a bunch of .zip files to flash. It's not something that can be done by mistake or by an app running in Android userland.

The few actual userland one click style root exploits nowadays are usually day-zero government stuff, the kind you see where they send some link/picture though SMS to a journalist, it auto-roots the phone and then installs a giant spyware package the controls the whole thing.

Quote: Originally Posted by Avonosac View Post
3. Already has a slightly better than .7% chance just by using certified apps in the play store. This is completely ignoring fully targeted or group targeted attacks which can raise the success rate to 100% rather easily. At last count in 2017 there was 2B+ android devices, so that means if all of them were Qualcomm based (which given their share isn't a huge hypothetical) at least 14 million devices are vulnerable to this attack, this number goes up dramatically when you include apps from other legitimate stores with far worse security than Play.
You would still need to willingly download a crapware app and install it AND give it root access (which the average person does not have) unless it had some day-zero root exploit built into it. What are the odds that some specific person you are targeting is gonna be looking for that particular app where you have wasted a very valuable day-zero root exploit on and download/install it.

With that being said though, Google play is crap hole filled with garbage and malware, the standards to get on it are really lax as is shown by their willingness to host adware filled apps that push ads from known malware domains. Using something like F-Droid exclusively can really step up your security on Android. The average app from the Play store (even so called "certified" ones), I run TCP dump and it shows mountains of data exfiltrating my phone and random connections to all sorts of random servers happening. Apps from F-Droid do exactly what they say they will, use the permissions they say they use and that's it.

Quote: Originally Posted by Avonosac View Post
The problem with everything I stated in #3 is that it's very likely high net worth people would be targeted for this because you're only going to want to invest effort to attack people with value, which makes a targeted attack far more likely, which makes the success of this extraction far more likely. Extracting the private key of the device completely eliminates the security of that device which no software update can fix, you quite literally need to buy a new phone and destroy all previous authentication tokens created by it to begin using any of your connected accounts safely.
Unless there's something I missed this still requires user intervention to happen. I haven't seen them demonstrate some government level exploit where they can remotely push it to your phone, you still need to do something.

All in all this is why you shouldn't use any "all in one" token style authentication systems. Having a password manager app with an encrypted db file would only be marginally less convenience to use yet wouldn't be susceptible to some irrecoverable hardware flaw.

362436
(15 items)
CPU
AMD Ryzen 5 1600
Motherboard
Asus Prime X370-A AMD Ryzen AM4 DDR4
GPU
Gigabyte GeForce GTX 950
RAM
2x Corsair Valueselect 8GB 288 Pin DDR4 SDRAM DDR4 @ 2133
Hard Drive
Corsair Force LS 2.5" 120GB SATA III MLC SSD
Optical Drive
Lite-On 24X SATA DVD/RW Optical Drive
Power Supply
Corsair RM550x 550W 80 Plus Gold
Cooling
Noctua NH-L9A-AM4 Low-Profile
Case
Antec NSK4100 Steel ATX Mid Tower
Operating System
Mint 18.2 x64
Monitor
HP 24" LCD/LED 1920x1080
Keyboard
IBM PC-AT
Mouse
Logitech G5
Audio
Sennheiser HD650
Audio
Asus Essence STX II
▲ hide details ▲



Last edited by xJumper; 04-26-2019 at 01:36 PM.
xJumper is offline  
Reply

Quick Reply
Message:
Options

Register Now

In order to be able to post messages on the Overclock.net - An Overclocking Community forums, you must first register.
Please enter your desired user name, your email address and other required details in the form below.
User Name:
If you do not want to register, fill this field only and the name will be used as user name for your post.
Password
Please enter a password for your user account. Note that passwords are case-sensitive.
Password:
Confirm Password:
Email Address
Please enter a valid email address for yourself.
Email Address:

Log-in



Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools
Show Printable Version Show Printable Version
Email this Page Email this Page


Forum Jump: 

Posting Rules  
You may post new threads
You may post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off