Flaws in Qualcomm’s TrustZone implementation allows to crack Android’s disk encryption (device encryption) via brute-force attacks. Millions of Android devices are affected.
Encryption stores your data in a form that can be read only when your phone or tablet is unlocked (via PIN or password). On an encrypted device, all your personal data is encrypted – using an encryption key derived from a users password. This encryption includes things like your email, texts, contacts, Google Account data, app data, photos, media, and downloads.
Encryption (and breaking encryption) has been noticed in the broad masses after the case FBI-Apple encryption dispute went public. But that’s only a small aspect why encryption is helpful. Encryption can add protection to your private or sensitive data, in case your device is stolen or even lost. Also most Companies won’t loose sensitive data via stolen or lost devices.
Android’s disk encryption
Google has added full disk encryption in Android 5.0 – and some Nexus devices are encrypted by default. Full disk encryption is the process of encoding all user data on an Android device using an encrypted key. Once a device is encrypted, all user-created data is automatically encrypted before committing it to disk and all reads automatically decrypt data before returning it to the calling process. If disk encryption is used, it’s important, that data can’t be decrypted by unauthorized third parties – otherwise it would be senseless.
How Apple protects their iOS device encryption
Apple uses an immutable 256-bit unique key called the UID, fused into the device’s hardware at the factory. And Apple Apple cannot extract it from the device, after it is generated (randomly) and fused into the device. This makes it hard to crack the device’s encryption.
To prevent brut-force attacks, Apple has implemented additional security features in iOS. The devices has an incrementally increasingly delay between subsequent password guesses entered by a user. And there is an option allowing to completely erase all of the information stored on the device after 10 failed password attempts. Details may be found here. But let’s have a look at Android.
Android vulnerabilities – and Qualcomm’s flaw
Unfortunately Android has a lot known (and probably even more not publicly known) vulnerabilities. The Stagefright bug sets Millions of Android devices at risk and has been patched several times by Google. But there is also another vulnerability in devices using a Qualcomm SoC. The implementation of Qualcomm’s Trusted Execution Environment (TEE) has a weakness. As documented here, Qualcomm’s Secure Execution Environment (QSEE) has a QSEE privilege escalation vulnerability and exploit (CVE-2015-6639).
Breaking Android Full Disk Encryption on Qualcomm devices
Now security expert Gal Beniamini has published a blog post Extracting Qualcomm’s KeyMaster Keys – Breaking Android Full Disk Encryption, discussing how to use some vulnerabilities in Android to break Full Disk Encryption (FDE) via brute-force attacks.
In brief: Android’s Full Disk Encryption is based on a Linux Kernel subsystem called dm-cryp. The devices generates a randomly-chosen 128-bit master key (Device Encryption Key – DEK) and a 128-bit randomly-chosen salt. More details may be found in the official documentation of Android FDE.
The Device Encryption Key is protected using an elaborate key derivation scheme, that also uses the user’s unlock credentials (PIN/Password/Pattern). The encrypted Device Encryption Key is stored on the device, inside a special unencrypted structure called the “crypto footer“. The encrypted disk can then be decrypted using the user’s provided credentials, and as Gal Beniamini writes here once the Device Encryption Key is decrypted (via brute-force), it can be used to decrypt user’s information.
Android’s Device Encryption also tries to prevent brute-force attacks using delays between decryption attempts. And Android provides also an option to wipe the user’s data after a few subsequent failed decryption attempts.
The problem: The protection is bound to Android’s Hardware-Backed Keystore – KeyMaster. And this module runs in Qualcomm’s Trusted Execution Environment (TEE), which is separate from the Android operating system. To make a long story short, Gal Beniamini was able to decode the Device Encryption Key – and break disk encryption.
As a conclusion: Android’s device encryption is breakable and the key derivation is not hardware bound (as it is in Apple devices). Qualcomm and OEMs can comply with law enforcement to break Full Disk Encryption. And: Patching TrustZone vulnerabilities does not necessarily protect you from this issue. Further details may be read in this blog post. (via)