Fingerprint-Exposing Flaw in OnePlus 7 Phone Highlights TEE Issues


OnePlus 7 Pro Vulnerability Highlights Trusted Execution Environment Issues 

OnePlus 7 Pro devices made by China-based smartphone manufacturer OnePlus Technology were affected by a vulnerability that could have been exploited to obtain users’ fingerprints. While the vulnerability is not easy to exploit, researchers warn that it could highlight a larger issue.

The flaw, discovered in July 2019 by a team of researchers from the Synopsys Cybersecurity Research Center in London, was patched by the vendor in January 2020 with a firmware update.

Synopsys will release technical details at a later date, but a brief advisory made public on Tuesday reveals that the vulnerability could have been exploited by a malicious Android application with root privileges on the targeted OnePlus 7 Pro phone to obtain bitmap fingerprint images from the device’s trusted execution environment (TEE), an area designed to keep sensitive data and code isolated and protected against unauthorized access.

Read more…