From securityweek.com
OnePlus 7 Pro Vulnerability Highlights Trusted Execution Environment Issues
OnePlus 7 Pro devices made by China-based smartphone manufacturer OnePlus Technology were affected by a vulnerability that could have been exploited to obtain users’ fingerprints. While the vulnerability is not easy to exploit, researchers warn that it could highlight a larger issue.
The flaw, discovered in July 2019 by a team of researchers from the Synopsys Cybersecurity Research Center in London, was patched by the vendor in January 2020 with a firmware update.
Synopsys will release technical details at a later date, but a brief advisory made public on Tuesday reveals that the vulnerability could have been exploited by a malicious Android application with root privileges on the targeted OnePlus 7 Pro phone to obtain bitmap fingerprint images from the device’s trusted execution environment (TEE), an area designed to keep sensitive data and code isolated and protected against unauthorized access.