Read the Synopsys Cybersecurity Research Center’s (CyRC) analysis of CVE-2020-7958, a biometric data disclosure vulnerability in the OnePlus 7 Pro Android phone.
CVE-2020-7958 refers to a vulnerability that can lead to the disclosure of user biometric data in OnePlus 7 Pro Android phones. This vulnerability allows an attacker with root privileges to retrieve bitmap fingerprint images from the Trusted Execution Environment (TEE). Software builds prior to 10.0.3.GM21BA released on Jan. 7, 2020, are affected. Read the CVE entry.
The vulnerability allows a privileged user (root) in the Rich Execution Environment (REE) to retrieve bitmap fingerprint images from the fingerprint sensor that should only be accessible in the TEE.
CVSS 3.0 vector:
CVSS 3.0 overall score: 6.6
CWEs: CWE-215, CWE-489
After the attacker obtains root privileges in the REE, it becomes possible to communicate directly with the factory testing APIs exposed by Trusted Applications (TAs) running in the TEE. The attacker can invoke a sequence of commands to obtain raw fingerprint images in the REE.
Users should update the software build of their OnePlus 7 Pro devices to the latest available version. OnePlus Technology fixed this vulnerability in the 10.0.3.GM21BA software build.
OnePlus 7 Pro is a OnePlus flagship Android phone from 2019. More information about the device is available from the vendor’s website.
A team of researchers from the Synopsys Cybersecurity Research Center (CyRC) in London discovered this issue:
- Georgi Boiko
- Artem Gonchar
- Andrew Lee-Thorp
Synopsys would like to thank the OnePlus security team for their swift and active engagement in addressing this vulnerability.
- July 10, 2019: Synopsys consultants discover the issue.
- Aug. 14, 2019: Synopsys engages US-CERT.
- Oct. 7, 2019: Synopsys engages OnePlus.
- Nov. 13, 2019: Synopsys consultants test a vendor patch and confirm issue resolution.
- Jan. 7, 2020: OnePlus publishes the firmware update.
- April 14, 2020: CyRC publishes this advisory.
*** This is a Security Bloggers Network syndicated blog from Software Integrity Blog authored by Synopsys Cybersecurity Research Center. Read the original post at: https://www.synopsys.com/blogs/software-security/cve-2020-7958/