Android Flaw Allows Full-Disk Crypto Bypass57% of All Android Phones Vulnerable to Related Exploits
More than half of all Android smartphones in current use have a flaw that can be exploited to bypass the devices' full-disk encryption. As a result, law enforcement agencies - or malicious attackers - could access all supposedly encrypted data being stored on vulnerable devices.
To prevent brute-force cracking attempts against device hardware, Android employs a hardware-backed keystore known as the KeyMaster, which is designed to generate encryption keys and perform other secure functions without interacting with the non-secure part of the device or operating system environment.
But security researcher Gal Beniamini has published details of how KeyMaster keys in Qualcomm devices can be extracted and used to crack full-disk encryption, using a flaw that he discovered, which has been designated CVE-2016-2431.
"These attacks affect Android devices with processors manufactured by Qualcomm - and Qualcomm happens to dominate the Android market," says Kyle Lady, a senior research and development engineer at Duo Labs, in a blog post.
The flaw was fixed as part of the May 2016 Android security update. But just because Google patches its open source Android operating system doesn't mean that original equipment manufacturers - OEMs - will craft related updates for subscribers or customers in a timely manner, especially for older devices. Indeed, Duo Security, which develops authentication software, says that "an analysis of Duo's dataset of [500,000] Android phones used as a second factor in two-factor authentication" found that 57 percent of all Android phones do not yet have a patch for CVE-2016-2431, and are thus vulnerable to attacks that bypass full-disk encryption.
Software-Based Crypto Key
Beniamini says the exploit involves Qualcomm-built ARM chips used in Android devices, which include a technology called TrustZone. This can be used to create a so-called Trusted Execution Environment that facilitates a special CPU mode called "secure mode" that can be used to secure everything from the operating system kernel and on-device fingerprint scanner to secure boot and digital rights management.
Android generates an "SHK" - silicon-based hardware key - that's tied to the device itself, meaning that short of using an electron microscope to study the chip, or else brute-forcing the key, it's unlikely that it can be cracked.
But Android then uses the SHK to create - or derive - a second, software-based key that gets used for full-disk encryption (FDE), and Beniamini discovered that this can be retrieved and cracked. "The key derivation is not hardware-bound. Instead of using a real hardware key which cannot be extracted by software (for example, the SHK), the KeyMaster application uses a key derived from the SHK and directly available to TrustZone," Beniamini says. "Since the key is available to TrustZone, OEMs could simply create and sign a TrustZone image which extracts the KeyMaster keys and flash it to the target device. This would allow law enforcement to easily brute-force the FDE password off the device using the leaked keys."
Missing: Hardware Entanglement
While Google has fixed the bug, Beniamini says "this issue underscores the need for a solution that entangles the full disk encryption key with the device's hardware in a way which cannot be bypassed using software," and which may involve redesigning Android FDE from the ground up, and potentially adding new hardware to keep it secure.
As of iOS 8, for example, all Apple devices use full-disk encryption by default, and create "an encryption key which is derived from the user's password," as well as tied to the device hardware, he says. As a result, cracking an Apple crypto key would most likely require having to first guess the user's password, or else compelling Apple to create a backdoored version of iOS. The latter approach was the focus of the Apple-FBI crypto battle, in which the Department of Justice attempted to legally force Apple into creating a crackable version of iOS software that could be loaded onto an iPhone 5c used by San Bernardino shooter Syed Rizwan Farook. Ultimately, however, the FBI backed off - at least in that case.
Fast Patches: Nexus, Samsung
For Android users who want to protect themselves against the encryption bypass attack detailed by Beniamini, "Duo recommends that users patch your phones, which is no surprise," Lady says. "If your manufacturer has not yet made patches available, put some pressure on them to do so."
Of course, many Android smartphone buyers have long complained that device manufacturers and carriers can be slow to release updates and patches, if they release them at all. The lack of timely patching by many Android device providers continues to draw scrutiny from U.S. regulators, although to date they have taken no action to fix the problem (see FTC, FCC Launch Mobile Security Inquiries).
Duo Labs says that Android users who want to ensure that their smartphones get protected against the likes of CVE-2016-2431 as quickly as possible should opt for Nexus devices, which use a vanilla implementation of Google. Likewise, it says that recent handsets from Samsung have also been seeing relatively fast updates. As of July 1, 75 percent of all Samsung Galaxy S6 devices, which Duo says is the most-used phone model in its dataset, had been patched, which was equivalent to the number of patched Nexus devices. Meanwhile, 45 percent of Galaxy S5 phones had been patched.
"Given these improvements in the security stance of Samsung phones, we're hopeful that Samsung will continue this trend of rolling out security updates at a rapid rate," Duo's Lady says.