Samsung shipped '100 million' phones with flawed encryption

Academics found TrustZone-level code could not be trusted to keep secrets

Academics at Tel Aviv University in Israel have found that recent Android-based Samsung phones shipped with design flaws that allow the extraction of secret cryptographic keys.

The researchers – Alon Shakevsky, Eyal Ronen, and Avishai Wool – describe their work in a paper titled, "Trust Dies in Darkness: Shedding Light on Samsung's TrustZone Keymaster Design," which is scheduled for presentation at Real World Crypto and USENIX Security, 2022.

Android smartphones, which pretty much all use Arm-compatible silicon, rely on a Trusted Execution Environment (TEE) supported by Arm's TrustZone technology to keep sensitive security functions isolated from normal applications. These TEEs run their own operating system, TrustZone Operating System (TZOS), and it's up to vendors to implement the cryptographic functions within TZOS.

The Android Keystore, the researchers explain, offers hardware-backed cryptographic key management via the Keymaster Hardware Abstraction Layer (HAL). Samsung implemented the HAL through a Trusted Application running in the TrustZone called Keymaster TA, to carry out cryptographic operations like key generation, encryption, attestation, and signature creation in a secure environment. The results of these TEE crypto calculations can then be used in apps operating in the less secure Android environment.

The Keymaster TA stores cryptographic keys as blobs – the keys are wrapped (encrypted via AES-GCM) so they can be stored in the file system of the Android environment. In theory, they should only be readable within the TEE.

However, Samsung failed to implement Keymaster TA properly in its Galaxy S8, S9, S10, S20, and S21 phones. The researchers reverse engineered the Keymaster app and showed they could conduct an Initialization Vector (IV) reuse attack to obtain the keys from the hardware-protected key blobs.

The IV is supposed to be a unique number each time, which ensures the AES-GCM encryption operation produces a different result even when the same plain text is encrypted. But when the IV – referred to by the researchers as "salt" – and encryption key remain the same, the same output gets generated. And that sort of predictability is the bane of encryption.

"So they could have derived a different key-wrapping key for each key they protect," observed Matthew Green, associate professor of computer science at the Johns Hopkins Information Security Institute in the US, via Twitter. "But instead Samsung basically doesn’t. Then they allow the app-layer code to pick encryption IVs. This allows trivial decryption."

Our Tel Aviv University boffins found three blob formats used among the Samsung phones – v15, v20-s9, and v20-s10. The first, v15, is the default in the Galaxy S8; v20-s9 corresponds to the Galaxy S9; and v20-s10 was found in the S10, S20, and S21.

In the v15 and v20-s9 blobs, the researchers say, the salt is a deterministic function that relies on the application ID, application data, and constant strings from the Android environment. So for any given application, corresponding key blobs will be protected by the same key-wrapping key.

"Surprisingly, we discovered that the Android client is allowed to set the IV when generating or importing a key," the paper stated. "All that is necessary is to place an attacker-chosen IV as part of the key parameters, and it is used by the Keymaster TA instead of a random IV.

"As the [Android environment] also controls the application ID and application data, this means that an attacker can force the Keymaster TA to reuse the same key and IV that were previously used to encrypt some other v15 or v20-s9 blobs. Since AES-GCM is a stream cipher, the attacker can now recover hardware-protected keys from key blobs."

More recent model Samsung devices with v20-s10 blobs are not normally vulnerable to IV reuse attacks, though the researchers found a way to conduct a downgrade attack by having the Android environment pass an "encryption version" parameter telling the device to use the vulnerable v15 blob format.

The weak crypto was also used by the researchers to bypass FIDO2 WebAuthn, a way to use public-key cryptography, instead of passwords, to register for and authenticate to websites. Their proof-of-concept attack allowed the researchers to authenticate themselves to a website protected by the Android StrongKey application. What's more, they also managed to bypass Google's Secure Key Import, designed to let servers share keys securely with Android devices.

In all, the researchers estimate 100 million Samsung devices were vulnerable when they identified the encryption flaw last year. However, they responsibly disclosed their findings to Samsung in May 2021, which led to the August 2021 assignment of CVE-2021-25444 to the vulnerability, and a patch for affected devices. In July 2021, they revealed their downgrade attack, which led in October 2021 to CVE-2021-25490 and a patch that removed the legacy blob implementation (v15) from devices including the S10, S20, and S21.

Looking ahead, the boffins argue that an encryption scheme other than AES-GCM, or an IV reuse resistant version like AES-GCM-SIV, should be considered.

Samsung did not immediately respond to a request to confirm the researchers' estimate of affected devices and to estimate how many affected devices, if any, remain unpatched. ®

Other stories you might like

  • Deepfake attacks can easily trick live facial recognition systems online
    Plus: Next PyTorch release will support Apple GPUs so devs can train neural networks on their own laptops

    In brief Miscreants can easily steal someone else's identity by tricking live facial recognition software using deepfakes, according to a new report.

    Sensity AI, a startup focused on tackling identity fraud, carried out a series of pretend attacks. Engineers scanned the image of someone from an ID card, and mapped their likeness onto another person's face. Sensity then tested whether they could breach live facial recognition systems by tricking them into believing the pretend attacker is a real user.

    So-called "liveness tests" try to authenticate identities in real-time, relying on images or video streams from cameras like face recognition used to unlock mobile phones, for example. Nine out of ten vendors failed Sensity's live deepfake attacks.

    Continue reading
  • Lonestar plans to put datacenters in the Moon's lava tubes
    How? Founder tells The Register 'Robots… lots of robots'

    Imagine a future where racks of computer servers hum quietly in darkness below the surface of the Moon.

    Here is where some of the most important data is stored, to be left untouched for as long as can be. The idea sounds like something from science-fiction, but one startup that recently emerged from stealth is trying to turn it into a reality. Lonestar Data Holdings has a unique mission unlike any other cloud provider: to build datacenters on the Moon backing up the world's data.

    "It's inconceivable to me that we are keeping our most precious assets, our knowledge and our data, on Earth, where we're setting off bombs and burning things," Christopher Stott, founder and CEO of Lonestar, told The Register. "We need to put our assets in place off our planet, where we can keep it safe."

    Continue reading
  • Conti: Russian-backed rulers of Costa Rican hacktocracy?
    Also, Chinese IT admin jailed for deleting database, and the NSA promises no more backdoors

    In brief The notorious Russian-aligned Conti ransomware gang has upped the ante in its attack against Costa Rica, threatening to overthrow the government if it doesn't pay a $20 million ransom. 

    Costa Rican president Rodrigo Chaves said that the country is effectively at war with the gang, who in April infiltrated the government's computer systems, gaining a foothold in 27 agencies at various government levels. The US State Department has offered a $15 million reward leading to the capture of Conti's leaders, who it said have made more than $150 million from 1,000+ victims.

    Conti claimed this week that it has insiders in the Costa Rican government, the AP reported, warning that "We are determined to overthrow the government by means of a cyber attack, we have already shown you all the strength and power, you have introduced an emergency." 

    Continue reading

Biting the hand that feeds IT © 1998–2022