As Neowin reports, security researcher Gal Beniamini detailed the attack in a blog post this week. A flaw in the way Qualcomm implements full disk encryption on its processors makes it possible for attackers to break into Full Disk Encryption via vulnerabilities in Android’s TrustZone kernel.
With Android 5.0, Google began to enable full disk encryption by default, following the approach Apple has taken with iOS for the past several years. Android generates the encryption key used to protect the data by creating a 128-bit master key and an accompanying 128-bit salt.
The key is protected using an “elaborate” set of mechanisms that include the user’s credentials, such as a password or pattern. The result is stored on the device in a special unencrypted location.
Once the key has been generated, data can be decrypted from the user’s credentials. The credentials are passed through the same function used to generate the key. The resulting output is used to decode the key. This is then used to retrieve information from the disk.
To protect against brute-force external attacks, a module called KeyMaster is used to tie encryption keys to specific hardware. The mechanism runs in a sandbox, isolated from the main Android OS. In theory, the keys it creates should be invisible to the outside world and specific to the device that KeyMaster is running on, preventing hackers from decrypting data.
Qualcomm’s implementation of KeyMaster on its processing chips contains a serious flaw though. In his technical blog post, Beniamini revealed that KeyMaster doesn’t actually use a hardware key. Instead, the key it employs to protect data is a derivative of the hardware key, making it directly accessible to the TrustZone kernel. KeyMaster isn’t sandboxed after all.
This discovery has major implementations. Android Full Disk Encryption isn’t as secure as previously thought. Devices could be decrypted externally, including by Qualcomm itself if requested to by a court or the government. Since the keys used to encrypt data can be drawn out of KeyMaster, manufacturers could be forced to create a version of the TrustZone kernel that extracts the keys. These could be used to decrypt the entire disk.
Beniamini has created a working exploit that loads the keys from KeyMaster. This could allow anyone to decrypt the data stored on the device. The researcher said the discovery of the vulnerability highlights the need to move to true hardware keys as soon as possible, enabling authorities and attackers to access data.
“Full disk encryption is used world-wide, and can sometimes be instrumental to ensuring the privacy of people’s most intimate pieces of information,” said Beniamini. “As such, I believe the encryption scheme should be designed to be as “bullet-proof” as possible, against all types of adversaries. As we’ve seen, the current encryption scheme is far from bullet-proof, and can be hacked by an adversary or even broken by the OEMs themselves (if they are coerced to comply with law enforcement).”
Beniamini has already contacted Qualcomm with details of the flaw. While the company has been “helpful” and responded quickly, it may be unable to patch the issue on existing devices. Hardware changes will be required to ensure security in the future, leaving tens of millions of current encrypted Android phones and tablets at risk.
The researcher said he will continue to investigate full disk encryption and the mechanisms used by device manufacturers to ensure its integrity. He called on Google, Qualcomm and other OEMs to form a “concentrated effort” to develop a system allowing the next generation of Android devices to be truly “uncrackable.”
