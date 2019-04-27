A new vulnerability has been discovered that affects 46 chipsets developed by Qualcomm, according to Keegan Ryan, a security researcher with the NCC Group. He stated that the affected chipsets are currently being used in a number of smartphones, tablets, laptops and smartwatches. The vulnerability is named CVE-2018-11976.

According to the white paper published by Ryan, the vulnerability allows attackers to gain root access of an affected device, enabling them to gain access to a users private data and even encryption keys stored in the Qualcomm Secure Execution Environment (QSEE). Back in March, he had notified Qualcomm of the vulnerability, which the company has now fixed, tagging the fix as critical.

According to Qualcomm, the affected chipsets include IPQ8074, MDM9150, MDM9206, MDM9607, MDM9650, MDM9655, MSM8909W, MSM8996AU, QCA8081, QCS605, Qualcomm 215 and more. The vulnerability requires a users device to be pre-rooted for this to work.

The fix is currently being rolled out to consumers as a part of Android’s April 2019 security patch. However, it is a well-known fact that many Android smartphone manufacturers delay or skip providing users with updates, which means a number of devices will stay vulnerable to attacks.

Also Read: Samsung plans $116 billion investment in non-memory chips to challenge TSMC, Qualcomm

QSEE was launched by Qualcomm a few years ago in order to prevent attackers from gaining complete access to a device. This exploit beats the purpose of the same.

QSEE is a safe environment to process critical data like private encryption keys and passwords inside of Qualcomm chipsets. It only allows the app that stored the data inside of QSEE to access it.