Kwizithuba zangaphambili sazisile ukuba iichips I-Broadcom yayisengozini yokuhlaselwas kwaye ngoku ngeli xesha abaphandi abavela kwinkampani Iqela le-NCC liveze iinkcukacha zomngcipheko (I-CVE-2018-11976 ) kwiichips zeQualcomm, que ikuvumela ukuba ubone umxholo wezitshixo zofihlo zabucala ibekwe kwindawo esecaleni yeQualcomm QSEE (iQualcomm ekhuselekileyo yokuSebenza ngokusiNgqongileyo) indawo esekwe kubuchwephesha beARZ TrustZone.
Ingxaki izibonakalisa kuninzi lwe-Snapdragon SoCs, kwii-smartphones ezisekwe kwi-Android. Ukulungiswa kwengxaki sele kubandakanyiwe kuhlaziyo luka-Epreli lwe-Android kunye neenguqulelo ezintsha zefirmware yeetshipsi zeQualcomm.
UQualcomm uthathe ngaphezulu konyaka ukulungiselela isisombululo: Ekuqaleni, ulwazi malunga nokuba sesichengeni lwathunyelwa kwiQualcomm ngo-Matshi 19, 2018.
Itekhnoloji ye-ARM TrustZone ikwenza ukuba wenze izixhobo ezikhuselweyo zehardware ezahluke ngokupheleleyo kwinkqubo ephambili kwaye ziqhubekeke kwiprosesa eyahlukileyo esebenzisa inkqubo eyahlukileyo yokusebenza.
Eyona njongo iphambili yeTrustZone kukubonelela ngokusetyenziswa okungagungqiyo kwabaphethe ngokufihlakeleyo, ukuqinisekiswa kwe-biometric, idatha yokuhlawula kunye nolunye ulwazi oluyimfihlo.
Ukunxibelelana nenkqubo yokusebenza engundoqo kwenzeka ngokungangqalanga ngokusebenzisa i-interface.
Amaqhosha okubethela abucala abekwe ngaphakathi kwizixhobo ezingundoqo zentsimbi ezithi, ukuba ziphunyezwe ngokuchanekileyo, zibathintele ekuvuzeni ukuba inkqubo engaphantsi isengozini.
Malunga nengxaki
Umngcipheko unxulunyaniswa nokusilela kumiliselo yealgorithm yokuqhubekeka kwegophe le-elliptic, ekhokelele ekuvuzeni kolwazi malunga nokulungiswa kwedatha.
Abaphandi baphuhlisile Inkqubo yokuhlaselwa ngumntu wesithathu evumela, Ngokusekwe ngokungathanga ngqo ukuvuza, rfumana umxholo wamaqhosha abucalas ebekwe kwizixhobo eziphambili ze-Android Keystore.
Ukuvuza kumiselwe ngokusekwe kuhlalutyo lomsebenzi wotshintsho lweebhloko zotshintsho kunye notshintsho kwixesha lokufikelela kwidatha kwimemori.
Ngexesha lokulinga, Abaphandi babonisa ngempumelelo ukubuyisela kwakhona amaqhosha angama-224-bit kunye nama-256-bit e-ECDSA kwisitorethi esikude kwizixhobo ezisetyenziswa kwi-Nexus 5X yefowuni.
Ukubuyisela isitshixo, kuthathe malunga ne-12 yemisayino yedijithali ukuyenza, ethathe ngaphezulu kweeyure ezili-14 ukuyigqiba. Izixhobo zeCachegrab zazisetyenziselwa ukwenza uhlaselo.
Unobangela ophambili wengxaki kukwabelana nge-cache eqhelekileyo kunye nezinto zehardware zekhompyuter kwiTrustZone nakwinkqubo yokubamba: ukwahlulwa kwenziwa kwinqanaba lokwahlula okunengqondo, kodwa kusetyenziswa iibhloko eziqhelekileyo zekhompyuter kunye nokuseta umkhondo wokubala kunye nolwazi malunga nokutsiba Iidilesi kwindawo yokugcina iprosesa.
Usebenzisa indlela yeNkulumbuso + yokuKhangela, ngokusekwe kuqikelelo lotshintsho kwixesha lokufikelela kulwazi olugciniweyo, ungakhangela ukufumaneka kweepateni ezithile kwi-cache ngokuchaneka okwaneleyo kwemijelo yedatha kunye neempawu zekhowudi ezinxulumene izibalo zomtyikityo wedijithali kwiTrustZone.
Uninzi lwexesha lokuvelisa utyikityo lwedijithali ngamaqhosha e-ECDSA kwiichips zeQualcomm zichithwa ekwenzeni imisebenzi yokuphindaphinda kwiluphu kusetyenziswa i-vector engatshintshiyo yokuqalisa (nonce) kwisiginitsha nganye.
Si Umhlaseli unokufumana ubuncinci amaqhekeza ambalwa ngolwazi malunga nale vector, kunokwenzeka ukumilisela uhlaselo ekubuyiseleni ngokulandelelana kwesitshixo sabucala.
Kwimeko yeQualcomm, amanqaku amabini avuzayo olu lwazi atyhilwe kwi-algorithm yokuphindaphinda: xa usenza lookups kwitafile nakwikhowudi yedatha yokukhupha idatha ngokusekwe kwixabiso lokugqibela kwi "nonce" vector.
Nangona ikhowudi yeQualcomm inamanyathelo okuthintela ukuvuza kolwazi kumajelo eqela lesithathu, indlela yokuhlaselwa ephuhlisiweyo ikuvumela ukuba udlule kula manyathelo kwaye uchaze ezinye zexabiso "le-nonce", elaneleyo ukubuyisa amaqhosha amaqhosha angama-256 e-ECDSA.
Epreli 28 kwaye ndisalinde ii-patches, ukuba kwi-GNU / Linux akwenzeki