A story slowing gaining a bit more exposure on social media, it seems that an intrepid coder has managed to extract the keys from Qualcomm’s TrustZone, the system used to lock bootloaders and encrypt devices powered by Qualcomm chipsets.
@laginimaineb, the author of the Bits Please blog, recently announced on twitter extracting the Keymaster Keys from TrustZone. This author recently detailed a vulnerability in Qualcomm’s Secure Execution Environment in a previous blog posts.
Just managed to extract the Qualcomm KeyMaster keys directly from TrustZone! Writeup coming soon 🙂 (1/2) pic.twitter.com/WKdSfPkRvN
— laginimaineb (@laginimaineb) May 29, 2016
Now, this means that people looking to unlock bootloaders or additional LTE bands on devices might have an easier time digging into the guts of these phones, but this also means that user protections like disk encryption can be compromised.
This is different than the FBI vs Apple situation, where the iPhone 5C in question was likely opened via a brute force attack. To our knowledge, no encryption keys for Apple devices have been discovered. This is somewhat more similar to the recent Blackberry situation, where law enforcement officers had access to Blackberry’s encryption keys.
While this has some concerning ramifications, the public disclosure will hopefully prompt a fast response from Qualcomm and manufacturers using Qualcomm chipsets in their products.
We’ll follow up with this story as more information is revealed.