Most Android Devices Susceptible to Full Device Encryption Bypass
A Critical Elevation of Privilege (EoP) vulnerability that affects the majority of Android devices allows an attacker to bypass the Full Device Encryption (FDE) security feature that Google implemented in Android 5.0 Lollipop, researchers discovered.
The security flaw, tracked as CVE-2016-2431, was reported in October 2015, but Google patched it only in May 2016. The issue resides in the Qualcomm Secure Execution Environment (QSEE), a Linux kernel device designed to allow communication between the normal Android operating system and the secure OS that manages protected services and hardware.
The issue was discovered by Gal Beniamini, an independent Israeli researcher who previously detailed an EoP vulnerability in the Widevine QSEE TrustZone application. Tracked as CVE-2015-6639 and patched by Google in January, the bug could enable a compromised, privileged application with access to QSEECOM to execute arbitrary code in the TrustZone context.
Affecting the Qualcomm TrustZone component, CVE-2016-2431 can also be exploited by a local malicious application to execute arbitrary code within the context of the TrustZone kernel, Google revealed in the May 2016 security bulletin. The company didn’t offer additional details on the issue, but Beniamini revealed last week that the bug can be leveraged to break Android’s Full Disk Encryption (FDE) scheme.
A simplified explanation of how FDE works is as follows: the device generates a randomly-chosen 128-bit master key (the Device Encryption Key – DEK) and a 128-bit randomly-chosen salt, and protects the DEK using an elaborate key derivation scheme that leverages user’s unlock credentials. The encrypted DEK is then stored on the device inside an unencrypted structure.
To decrypt the disk, one would need user credentials to decrypt the stored DEK, and Google has implemented several mechanisms to prevent on-device cracking attacks, such as delays between decryption attempts and an option to wipe the user’s information after subsequent failed decryption attempts. Moreover, a step in the key derivation scheme binds the key to the device’s hardware, thus preventing off-device brute-force attacks.
The module that creates the binding is called KeyMaster, and it operates as a QSEE trustlet on Android devices powered by a Qualcomm chipset (basically, it is part of the secure OS). By reverse-engineering the KeyMaster trustlet, Beniamini discovered that the key derivation is not hardware bound and that OEMs can actually break the Full Disk Encryption security feature.
He also notes that the Android FDE is only as strong as the TrustZone kernel or KeyMaster and that the vulnerability can be exploited even on devices with the appropriate patch installed, because the attacker can downgrade the device to a vulnerable version if they have the encrypted disk image. After that, the attacker can extract the key by exploiting TrustZone, and then brute-force the encryption.
“Full disk encryption is used world-wide, and can sometimes be instrumental to ensuring the privacy of people’s most intimate pieces of information. As such, I believe the encryption scheme should be designed to be as “bullet-proof” as possible, against all types of adversaries. As we’ve seen, the current encryption scheme is far from bullet-proof, and can be hacked by an adversary or even broken by the OEMs themselves (if they are coerced to comply with law enforcement),” Beniamini says.
Also highly concerning is the fact that Qualcomm’s processors power around 80% of all Android devices, meaning that most of them are vulnerable to the attack. In fact, Duo Security says that 57% of all Android devices are vulnerable, mainly because many highly popular Andriod smartphones out there have been patched in the meantime.
According to Duo Security researchers, Samsung has been patching popular devices such as Galaxy S6 (75% of them have the security patch level of May 2016 installed), and Galaxy S5 (45% of them are patched), which has a substantial impact over the analyzed dataset. In January, 60% of all Android devices were deemed vulnerable to CVE-2015-6639.
While Nexus 5X and Nexus 6P were never vulnerable, the rest of Nexus devices are. Moreover, the fact that an attacker could downgrade devices susceptible to the attack and then exploit the vulnerability suggests that the number of affected devices could be much higher.
Other Qualcomm Android components were also found to be vulnerable to various types of attacks, and Google’s June 2016 security bulletin focused on patching numerous issues in Qualcomm drivers. However, manufacturers are still far behind with releasing patches for their products and users appear in no hurry to apply the security updates already released, which results in an overwhelming 75% of eligible Android devices lacking the latest patches.
