CVE-2019-10608 in Snapdragon Auto
Summary
by MITRE
Information disclosure issue occurs as there is no binding between the secure keypad session and the secure display session that allows user to take control of the REE to stop the secure keypad session and read the keypad input. in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in APQ8009, MSM8905, MSM8909
If you want to get best quality of vulnerability data, you may have to visit VulDB.
Analysis
by VulDB Data Team • 04/17/2020
This vulnerability represents a critical information disclosure flaw in Qualcomm's Snapdragon automotive and mobile platform implementations where the secure keypad session lacks proper binding with the secure display session. The absence of this binding creates a fundamental security gap that allows unauthorized access to sensitive input data through manipulation of the Rich Execution Environment. The vulnerability specifically affects multiple Snapdragon product lines including automotive platforms, mobile devices, and industrial IoT solutions, making it particularly concerning given the widespread deployment of these chipsets in critical infrastructure and consumer devices.
The technical flaw stems from insufficient session management between the secure keypad and secure display components, creating a scenario where an attacker in the Rich Execution Environment can interfere with the secure keypad session. This allows for the interception of sensitive input data such as PINs, passwords, or other confidential information entered through the secure keypad interface. The vulnerability exploits the lack of proper cryptographic binding or session correlation mechanisms between the two secure components, enabling a malicious actor to potentially terminate or manipulate the secure keypad session while simultaneously reading the input data. This represents a classic case of improper session handling that violates fundamental security principles.
The operational impact of this vulnerability extends across multiple domains including automotive security systems, mobile payment processing, and industrial control systems where secure input handling is critical. Attackers can leverage this weakness to gain unauthorized access to sensitive data, potentially leading to financial fraud, identity theft, or compromise of critical infrastructure operations. The vulnerability is particularly dangerous in automotive applications where secure keypad inputs are used for vehicle access control, payment systems, and other security-critical functions. The widespread deployment of affected chipsets across various product categories means that the potential attack surface is extensive, affecting both consumer and enterprise devices.
Mitigation strategies should focus on implementing proper session binding mechanisms between secure keypad and display components, ensuring that the secure keypad session cannot be interrupted or manipulated by entities in the Rich Execution Environment without proper authentication. Organizations should implement cryptographic binding protocols that maintain correlation between secure sessions and prevent unauthorized interference. The vulnerability aligns with CWE-613 which addresses insufficient session binding and relates to ATT&CK technique T1552.2 which covers credentials from password storage modules. Device manufacturers should conduct comprehensive security audits of their secure session implementations and ensure proper isolation between secure and non-secure execution environments. Additionally, firmware updates should be deployed immediately to address this vulnerability, and security monitoring should be enhanced to detect potential exploitation attempts.