Much has been written about law enforcement fighting Apple for access to encrypted and locked iPhones, but not...
so much about Android devices. New research showed that may be because Android full-disk encryption can be bypassed by stringing together exploits.
Security researcher Gal Beniamini demonstrated how an attacker could use vulnerabilities in kernel-code-execution handling in the secure element -- TrustZone -- of Qualcomm processors to break Android full-disk encryption. According to Beniamini, the trouble arises due to the way Android uses the hardware key for its full-disk encryption.
"The internal key-derivation function uses an actual hardware key, called the SHK, which would, no doubt, be hard to extract using software, but this is all irrelevant," Beniamini wrote. "Instead of creating a scheme which directly uses the hardware key without ever divulging it to software or firmware, the code above performs the encryption and validation of the key blobs using keys which are directly available to the TrustZone software."
Beniamini discovered he could string together two vulnerabilities to allow code execution in the Qualcomm Secure Execution Environment and escalation of privilege from the QSEE to TrustZone to obtain encryption keys and, ultimately, give an attacker an opportunity to brute-force the device password using those keys.
Neil Rankin, senior security researcher at Black Duck Software Inc., based in Boston, said one way to mitigate the risk of brute force being successful is to use a better password.
"There is nothing unusual about the brute-force element of this attack, so it would be quick to accomplish for short passwords, longer for larger lengths," Rankin wrote to SearchSecurity.
According to Rankin, Android devices provide users with the following options:
- Simple PINs, which consist of about four numbers;
- Swipes, which correspond to the numbers touched in the swipe; or
- Strong, 16-character alphanumeric passwords.
"A five-character PIN could be cracked in a second or two," Rankin said. "A 16-character PIN would take considerably longer -- up to years, if special characters were included."
While the attack itself is nontrivial, especially if the device has a long, complex password that could withstand a brute-force attack, Beniamini said these vulnerabilities also mean OEMs have the ability to comply with law enforcement orders to break Android full-disk encryption.
"Since the key is available to TrustZone, OEMs could simply create and sign a TrustZone image, which extracts the KeyMaster keys, and flash it to the target device," Beniamini wrote. "This would allow law enforcement to easily brute-force the full-disk encryption password off the device using the leaked keys."
Liviu Arsene, senior e-threat researcher at Romania-based antimalware firm Bitdefender, said law enforcement wouldn't necessarily need the help of OEMs.
"While the process might involve additional steps and could be more time-consuming, the result would be the same, without requiring the OEMs' assistance," Arsene told SearchSecurity. "Since the method could be used by anyone with the right skills, it's safe to assume that law enforcement or any type of attacker would not require the direct assistance of the OEM to break Android full-disk encryption."
The true risk of these vulnerabilities is hard to measure. Although many Android devices use Qualcomm processors, full-disk encryption has only been mandatory on devices that shipped with Android 6.0, and only 10% of devices run Android 6.0, per Google's latest platform numbers.
The two vulnerabilities used by Beniamini have been patched in Google security releases from January 2016 and May 2016, although it is unclear how many devices have received those security updates. But, Beniamini said even these patches could be rolled back.
"Even on patched devices, if an attacker can obtain the encrypted disk image (e.g., by using forensic tools), they can then downgrade the device to a vulnerable version, extract the key by exploiting TrustZone and use them to brute-force the encryption," Beniamini wrote. "Since the key is derived directly from the SHK, and the SHK cannot be modified, this renders all downgradable devices directly vulnerable."
Arsene said Beniamini may be understating how difficult such a downgrade would be.
"It's a pretty difficulty method, as you would still need an OEM to sign the TrustZone," Arsene said. "However, considering there's a wide range of Android OEMs -- unlike iPhone that is strictly governed by Apple -- it's plausible that law enforcement agencies could collaborate with one of them."
Learn more about Android's improving enterprise features.