<a href="https://www.qualcomm.com/company/product-security/bulletins#_CVE-2018-11976" rel="nofollow">https://www.qualcomm.com/company/product-security/bulletins#...</a><p>That's pretty much all the snapdragons in modern Android phones (page is not letting me copy+paste them here).<p>Has QC put out a patch yet?<p>EDIT: The April security patch looks like it took care of it:<p><a href="https://source.android.com/security/bulletin/2019-04-01" rel="nofollow">https://source.android.com/security/bulletin/2019-04-01</a><p>EDIT 2: And of course, my Samsung Galaxy S8+, despite having received an update <i>in April</i>, is only at the March 1st security patch level. So I'm likely vulnerable until Samsung's next update.
Not the best response from the vendor:<p>> March 19, 2018: Contact Qualcomm Product Security with issue; receive confirmation of receipt<p>> April, 2018: Request update on analysis of issue<p>> May, 2018: Qualcomm confirms the issue and begins working on a fix
Does this allow someone to decrypt a stolen device?<p>I moved from an iPhone to a Galaxy S9 about a year ago because I was getting fed up with Apple's hardware problems, and wanted try Android again.<p>I convinced myself that I was able to secure the Android phone as long as I always bought the newest one and kept it up to date.<p>But decryption after loss is an untenable scenario for me. I had read that qualcomm's trustzone has had software exploits in the past, but I didn't think it would happen again.<p>Is there any way to trust that the data on my Android device is safe? If I lost it today, someone could keep it around for a while until the next exploit drops. Has Apple ever had an exploit of this nature?
Possibly stupid question: If only a few <i>bits</i> of nonce are needed to recover the key, what's preventing iteration of all possible values of those "few bits"?
Could this allow bootloader unlocking, custom roms, etc. on an otherwise locked device (e.g. S7)? Tried the engineering bootloader, but horrible battery management.<p>I'll avoid updating until I know more.
>We demonstrate this by extracting an ECDSA P-256 private key from the hardware-backed keystore on the Nexus 5X.<p>Did the fixes make it to nexus 5x ? It has been EOL since December 2018. The cve date is CVE-2018-11976 though.
Considering how some carriers refuse to unlock bootloaders, this may well be the only option some of us have to restore bricked phones. Other than paying Google 250 bucks to reflash them.