Private Key Extraction from Qualcomm Hardware-Backed Keystores

A side-channel attack can extract private keys from certain versions of Qualcomm’s secure keystore. On some devices, Qualcomm’s TrustZone-based keystore leaks sensitive information through the branch predictor and memory caches, enabling recovery of 224 and 256-bit ECDSA keys. Qualcomm’s ECDSA implementation leaks sensitive data from the secure world to the normal world, enabling recovery of private keys.

Source: www.nccgroup.trust