Published on July 6th, 2016 📆 | 1761 Views ⚑0
ENCRYPTION BYPASS VULNERABILITY IMPACTS HALF OF ANDROID DEVICES
A flaw in chipmaker Qualcomm’s mobile processor, used in 60 percent of Android mobiles, allows attackers to crack full disk encryption on the device. Only 10 percent of Android devices running Qualcomm processors are not vulnerable to this type of attack. Researchers at Duo Labs said the vulnerability is tied to Android’s problem-plagued mediaserver component coupled with a security hole in Qualcomm’s Secure Execution Environment (QSEE). Together, these vulnerabilities could allow someone with physical access to the phone to bypass the full disk encryption (FDE).
The vulnerability, discovered by Gal Beniamini last week, builds off of earlier research by Beniamini and Duo Labs published in May. That’s when both highlighted a previously unpatched vulnerability (CVE-2016-2431) in Google’s mediaserver component. Google has since patched that vulnerability, but a large percentage of Android phones have yet to receive that update.
Duo Labs estimates 57 percent of Android phones are still vulnerable to related mediaserver attacks. “Compared to 60 percent of Android phones that were vulnerable to the Android attack in January, the security posture of our dataset has improved slightly, with 57 percent of Android phones vulnerable to the latest attack,” according to a Duo Labs blog post. The vulnerability, which requires the pre-existing unpatched mediaserver vulnerabilities to be present, essentially allows attackers to perform brute force password attacks against FDE.
Android phones, similar to iPhones, limit the frequency and number of times a user can attempt to input a password into a device to unlock it. Just as Apple did, Google introduced delays between Android device decryption attempts and an option to wipe the user’s information after a few subsequent failed password/decryption attempts. Within the Android OS, the device’s encryption keys are generated by the Hardware-Backed Keystroke component also called KeyMaster. The KeyMaster is a function of the device that runs in the secure portion of the OS. “But how secure is the KeyMaster module? The implementation of the KeyMaster module is provided by the SoC OEMs and, as such, is completely undocumented (essentially a black-box).
We could try and rely on the official Android documentation, which states that the KeyMaster module: ‘…offers an opportunity for Android devices to provide hardware-backed, strong security services…’. But surely that’s not enough,” Beniamini wrote in a technical write-up on his find. That KeyMaster module is dependent on Qualcomm’s Trusted Execution Environment called QSEE (Qualcomm Secure Execution Environment). And it’s Qualcomm’s chips that allow attackers to reverse engineer the code used in the QSEE and KeyMaster portion of the OS on unpatched Android devices.
In this example, attackers can run password attacks against the TrustZone software portion of the Android OS without worrying about the primary (non-secure) portions of the Android hardware from initiating a data-wipe based on too many failed attempts to guess a password. “Android FDE is only as strong as the TrustZone kernel or KeyMaster. Finding a TrustZone kernel vulnerability or a vulnerability in the KeyMaster trustlet, directly leads to the disclosure of the KeyMaster keys, thus enabling off-device attacks on Android FDE,” Beniamini wrote.
Under these conditions, Beniamini wrote, OEMs can comply with law enforcement to break Full Disk Encryption. “Since the key is available to TrustZone, OEMs could simply create and sign a TrustZone image which extracts the KeyMaster keys and flash it to the target device. This would allow law enforcement to easily brute-force the FDE password off the device using the leaked keys,” he wrote.