Security Researcher cracks disk encryption on Android




security researcher has discovered how full disk encryption to bypass the Android operating system. By encrypted files can be retrieved on disk two holes in the security of Qualcomm TrustZone implementation.

The exploit was conceived and published by Gal Beniamini who on his blog explained how he came to his discovery. According to security researcher can be used two vulnerabilities in TrustZone, the hardware protection system developed by ARM to be used among others in Qualcomm chips. The bugs have been given the numbers CVE-2015-6639 and CVE-2016-2431, but have now already patched by Google updates that came out in January and May. Therefore it is not clear how many Android users are still vulnerable to the bugs.

Beniamini discovered that it is possible to identify the encryption keys, through to gain access to the so-called Qualcomm Secure Execution Environment. Within this environment can be run certain applications, irrespective of the Android operating system itself. One of those apps is Keymaster, which are managed under other keys for disk encryption for Android. It is possible to extract the stored keys from TrustZone, in order to then use them in order to bypass the encryption.

However, there is need physical access to the device to retrieve the keys from TrustZone; with only the malware attackers fails to bypass security. This entails an image to be flashed TrustZone to deceive. The method is therefore particularly suitable for government agencies that want to crack seized smartphones suspects.

To gain access to the file must however still be retrieved password, or the user’s pin with a brute force -aanval. Usually it works only the trace of the password does not, because it this is used in combination with the encryption key in order to maintain the security. Also, after finding out the encryption key, it is possible that users are currently protected; Who chooses a long and complex password is less susceptible to a brute force attack.

Qualcomm is aware of the problems with the implementation of TrustZone, but a quick fix for the vulnerability does not seem to get there. The claimed possible hardware changes are needed, says Beniamini. Google introduced encryption of the file system in Android 5.0. From version 6.0 introduced Google Drive Encryption required for part of the Android devices.

Because of the security problems users with an encrypted filesystem still prone to steal data. This is true or only for devices that are built on a Qualcomm soc, and thus run on an Android version that does not have the latest security patches. Incidentally Beniamini suggests that other chip makers have a vulnerable implementation of TrustZone, but this has not been investigated yet.


In: A Technology & Gadgets Asked By: [22108 Red Star Level]

Answer this Question

You must be Logged In to post an Answer.

Not a member yet? Sign Up Now »