Cracking Android's full-disk encryption is easy on millions of phones – with a little patience

Just need a couple of common bugs, some GPUs and time


So... is it patched?

Beniamini exploited a chain of security bugs to infiltrate KeyMaster – bugs that have since been patched in the source code: one in January and the other in May.

If you're running a Nexus device or otherwise have received and installed the fixes from Google and Qualcomm, then you're safe until the next privilege escalation bugs are found (and there will be more. There always is). Without these programming flaws, you cannot leap from userspace to the kernel to QSEE to KeyMaster.

However, there's a large pool of unpatched Android handsets out there because it's down to the manufacturers and mobile carriers to test, validate and distribute updates to their customers. People's phones and tablets won't trust patches unless they've been signed off by their manufacturers, and Android hardware makers are notoriously slow to do so. That leaves folks with holes in their handhelds' operating system.

A lot of the time, Google can quietly push out patches via Google Play services: the software can install fixes directly from the mothership, bypassing tardy hardware makers. However, problems deep within Android and its drivers – such as the bugs exploited to crack the KeyMaster – cannot be fixed by the Play services, and must be fixed via updates obtained from the manufacturer. When they finally appear, of course.

Even if you are patched, this issue isn't going to go away, Beniamini said, because the way the Qualcomm TrustZone operates means that if another privilege escalation hole is found it can be used in the same way.

"If anyone finds another TrustZone bug in the KeyMaster module, or manages to elevate privileges to the TrustZone kernel, they'd be able to extract the KeyMaster keys again," he said. "This is really the sore point of it all – it means that the FDE scheme is only as strong as the TrustZone software."

Beniamini's exploit code, published on GitHub, checks out according to security experts contacted by The Reg, and the attack does make it possible to brute-force decrypt a phone's file system. Obviously, the stronger the PIN or password, the longer it will take to crack the encryption key – but it's better than trying to crack a 2048-bit RSA key.

"I've been contacted by the developer of hashcat, a platform used to rapidly crack various types of hashes and PRFs," Beniamini said.

"He said he would like to implement the key derivation function (which is the function being brute-forced) in the hashcat framework. Such an implementation would be very fast (and even faster once you 'throw' more hardware at it)."

Google pointed out that the issue is patched in the latest build of Android. Qualcomm told The Register that it had been working with Beniamini and Google on the issue after finding the bugs some time ago.

A Google spokesperson said: "We appreciate the researcher's findings and paid him for his work through our Vulnerability Rewards Program. We rolled out patches for these issues earlier this year."

Alex Gantman, vice president of engineering at Qualcomm, told us: "It's an architectural problem in how current Android architecture handles FDE. We are aware of this and are working with Google to make this more robust in the future."

The fear is that a serious change will require new hardware, leaving older customers with insecure handsets. But Gantman said that there are "things that can be done" with the existing hardware to make this kind of attack a lot less plausible. ®


Other stories you might like

  • DuckDuckGo tries to explain why its browsers won't block some Microsoft web trackers
    Meanwhile, Tails 5.0 users told to stop what they're doing over Firefox flaw

    DuckDuckGo promises privacy to users of its Android, iOS browsers, and macOS browsers – yet it allows certain data to flow from third-party websites to Microsoft-owned services.

    Security researcher Zach Edwards recently conducted an audit of DuckDuckGo's mobile browsers and found that, contrary to expectations, they do not block Meta's Workplace domain, for example, from sending information to Microsoft's Bing and LinkedIn domains.

    Specifically, DuckDuckGo's software didn't stop Microsoft's trackers on the Workplace page from blabbing information about the user to Bing and LinkedIn for tailored advertising purposes. Other trackers, such as Google's, are blocked.

    Continue reading
  • Despite 'key' partnership with AWS, Meta taps up Microsoft Azure for AI work
    Someone got Zuck'd

    Meta’s AI business unit set up shop in Microsoft Azure this week and announced a strategic partnership it says will advance PyTorch development on the public cloud.

    The deal [PDF] will see Mark Zuckerberg’s umbrella company deploy machine-learning workloads on thousands of Nvidia GPUs running in Azure. While a win for Microsoft, the partnership calls in to question just how strong Meta’s commitment to Amazon Web Services (AWS) really is.

    Back in those long-gone days of December, Meta named AWS as its “key long-term strategic cloud provider." As part of that, Meta promised that if it bought any companies that used AWS, it would continue to support their use of Amazon's cloud, rather than force them off into its own private datacenters. The pact also included a vow to expand Meta’s consumption of Amazon’s cloud-based compute, storage, database, and security services.

    Continue reading
  • Atos pushes out HPC cloud services based on Nimbix tech
    Moore's Law got you down? Throw everything at the problem! Quantum, AI, cloud...

    IT services biz Atos has introduced a suite of cloud-based high-performance computing (HPC) services, based around technology gained from its purchase of cloud provider Nimbix last year.

    The Nimbix Supercomputing Suite is described by Atos as a set of flexible and secure HPC solutions available as a service. It includes access to HPC, AI, and quantum computing resources, according to the services company.

    In addition to the existing Nimbix HPC products, the updated portfolio includes a new federated supercomputing-as-a-service platform and a dedicated bare-metal service based on Atos BullSequana supercomputer hardware.

    Continue reading

Biting the hand that feeds IT © 1998–2022