Gaping ‘hole’ in Qualcomm’s Secure World mobile vault leaked sensitive data
A hole found in the Qualcomm Secure World virtual processor that could be exploited to leak financial information has been patched and disclosed by researchers. Cybersecurity researchers at Check Point conducted a four-month study and concluded that it is not impossible to crack the Secure World operating system through fuzzing or attacking a system with large amounts of data to cause a crash that exposes coding or programming errors.
Check Point tested the fuzzing toll on Samsun, LG, and Motorola devices, and each contained vulnerabilities that, if exploited, could result in the leak of data stored in Secure World. After Check Point reported findings to the respective companies, Samsung has patched three out of the four vulnerabilities, LG has patched one, and Motorola intends to do so.