In July 2019, London based Synopsys Cybersecurity Research Center discovered a vulnerability in OnePlus 7 Pro devices manufactured by Chinese smartphone maker OnePlus. The flaw that could have been exploited by hackers to obtain users’ fingerprints was patched by the company with a firmware update it pushed in the month of January this year. As per the findings, the flaw wasn’t an easy one to be exploited but researchers pointed out the possibility of a bigger threat in regard to TEEs and TAs.
Synopsys CyRC’s analysis of the vulnerability referred as CV toE-2020-7958, states that it could have resulted in the exposure of OnePlus 7 pro users’ biometric data. The critical flaw would have allowed authors behind malicious android applications with root privileges to obtain users’ bitmap fingerprint images from the device’s Trusted Execution Environment (TEE), a technique designed to protect sensitive user information by keeping the Android device’s content secure against illicit access.
As it has become increasingly complex for malicious applications to acquire root privileges on Android devices, the exploitation of the flaw would have been an arduous task and might also be an unlikely one given the complexity of the successful execution. Meanwhile, the fix has been made available for months now–
ensuring the protection of the users.
However, the issue with Trusted Execution Environments (TEEs) and Trusted Applications (TAs) remains the major highlight of Synopsys’s advisory released on Tuesday, “Upon obtaining root privileges in the REE [Rich Execution Environment], it becomes possible to directly communicate with the factory testing APIs exposed by Trusted Applications (TAs) running in the TEE. This attacker invokes a sequence of commands to obtain raw fingerprint images in the REE,” it read.
While explaining the matter, Travis Biehn, principal consultant at Synopsys, told, “Of course, people’s fingerprints don’t usually change. As attackers become successful in retrieving and building large datasets of people’s fingerprints, the usefulness of naïve fingerprint recognition in any application as a security control is permanently diminished,”
“A further possible consequence is that fingerprints become less trustworthy as evidence in our justice systems.”
“…this vulnerability shows that there’there are challenges with Trusted Execution Environments (TEEs) and Trusted Applications (TAs); these are software components that are opaque to most (by design), expertise is limited, and typically involve long supply chains. These factors together mean there’there are opportunities for organizations to make a mistake, and hard for security experts to catch at the right time,” he further added.
The flaw would have allowed attackers to recreate the targeted user’s complete fingerprint and then use it to generate a counterfeit fingerprint that further would have assisted them in accessing other devices relying upon biometric authentication.