Vulnerability analysis of Qualcomm Secure Execution Environment (QSEE)

Abstract

TrustZone technology is used to implement Trusted Execution Environment (TEE) in mobile devices. TEE is responsible for isolating and protecting the Trusted Computing Base (TCB) of the device. There are several TrustZone-based TEE solutions utilized in devices, among which Qualcomm Secure Execution Environment (QSEE) is the most well-known TEE utilized in many Android devices. Since the underlying QSEE is entailed to ensure the security of sensitive data on the user device, it is essential to analyze its vulnerability state; however, most of the prior work on QSEE targets older devices or firmware versions. In this work, we carry out a comprehensive review of QSEE vulnerabilities and validate the current security state of the target TEE on a physical device. Our approach has been based on mining of CVEs targeting QSEE or its components spanning about seven years, so as to derive the security trend for QSEE as well as a heat-map to narrow down the more targeted areas of the TEE. As the heat-map indicated a major problem area to be vulnerabilities in Trusted Apps (TAs), we validated the integrity issues of TAs on a physical Android device. Our review highlights that while QSEE has considerably improved its security over the years; yet, still vulnerabilities may arise due to variations in vendor-level configurations on physical devices.