Samsung shipped ‘100m’ Android telephones with flawed encryption • The Register


Lecturers at Tel Aviv College in Israel have discovered that latest Android-based Samsung telephones shipped with design flaws that permit the extraction of secret cryptographic keys.

The researchers – Alon Shakevsky, Eyal Ronen, and Avishai Wool – describe their work in a paper titled, “Belief Dies in Darkness: Shedding Gentle on Samsung’s TrustZone Keymaster Design,” which is scheduled for presentation at Actual World Crypto and USENIX Safety, 2022.

Android smartphones, which just about all use Arm-compatible silicon, depend on a Trusted Execution Surroundings (TEE) supported by Arm’s TrustZone expertise to maintain delicate safety features remoted from regular functions. These TEEs run their very own working system, TrustZone Working System (TZOS), and it is as much as distributors to implement the cryptographic features inside TZOS.

The Android Keystore, the researchers clarify, presents hardware-backed cryptographic key administration by way of the Keymaster {Hardware} Abstraction Layer (HAL). Samsung carried out the HAL via a Trusted Utility operating within the TrustZone known as Keymaster TA, to hold out cryptographic operations like key era, encryption, attestation, and signature creation in a safe surroundings. The outcomes of those TEE crypto calculations can then be utilized in apps working within the much less safe Android surroundings.

The Keymaster TA shops cryptographic keys as blobs – the keys are wrapped (encrypted by way of AES-GCM) to allow them to be saved within the file system of the Android surroundings. In principle, they need to solely be readable inside the TEE.

Nonetheless, Samsung didn’t implement Keymaster TA correctly in its Galaxy S8, S9, S10, S20, and S21 telephones. The researchers reverse engineered the Keymaster app and confirmed they may conduct an Initialization Vector (IV) reuse assault to acquire the keys from the hardware-protected key blobs.

The IV is meant to be a singular quantity every time, which ensures the AES-GCM encryption operation produces a special end result even when the identical plain textual content is encrypted. However when the IV – referred to by the researchers as “salt” – and encryption key stay the identical, the identical output will get generated. And that kind of predictability is the bane of encryption.

“So they may have derived a special key-wrapping key for every key they shield,” noticed Matthew Inexperienced, affiliate professor of laptop science on the Johns Hopkins Data Safety Institute within the US, by way of Twitter. “However as an alternative Samsung mainly doesn’t. Then they permit the app-layer code to choose encryption IVs. This permits trivial decryption.”

Our Tel Aviv College boffins discovered three blob codecs used among the many Samsung telephones – v15, v20-s9, and v20-s10. The primary, v15, is the default within the Galaxy S8; v20-s9 corresponds to the Galaxy S9; and v20-s10 was discovered within the S10, S20, and S21.

Within the v15 and v20-s9 blobs, the researchers say, the salt is a deterministic operate that depends on the applying ID, utility knowledge, and fixed strings from the Android surroundings. So for any given utility, corresponding key blobs will probably be protected by the identical key-wrapping key.

“Surprisingly, we found that the Android consumer is allowed to set the IV when producing or importing a key,” the paper said. “All that’s essential is to position an attacker-chosen IV as a part of the important thing parameters, and it’s utilized by the Keymaster TA as an alternative of a random IV.

“Because the [Android environment] additionally controls the applying ID and utility knowledge, which means that an attacker can pressure the Keymaster TA to reuse the identical key and IV that had been beforehand used to encrypt another v15 or v20-s9 blobs. Since AES-GCM is a stream cipher, the attacker can now get well hardware-protected keys from key blobs.”

Newer mannequin Samsung units with v20-s10 blobs will not be usually susceptible to IV reuse assaults, although the researchers discovered a method to conduct a downgrade assault by having the Android surroundings go an “encryption model” parameter telling the gadget to make use of the susceptible v15 blob format.

The weak crypto was additionally utilized by the researchers to bypass FIDO2 WebAuthn, a approach to make use of public-key cryptography, as an alternative of passwords, to register for and authenticate to web sites. Their proof-of-concept assault allowed the researchers to authenticate themselves to a web site protected by the Android StrongKey utility. What’s extra, additionally they managed to bypass Google’s Safe Key Import, designed to let servers share keys securely with Android units.

In all, the researchers estimate 100 million Samsung units had been susceptible once they recognized the encryption flaw final 12 months. Nonetheless, they responsibly disclosed their findings to Samsung in Could 2021, which led to the August 2021 task of CVE-2021-25444 to the vulnerability, and a patch for affected units. In July 2021, they revealed their downgrade assault, which led in October 2021 to CVE-2021-25490 and a patch that eliminated the legacy blob implementation (v15) from units together with the S10, S20, and S21.

Wanting forward, the boffins argue that an encryption scheme aside from AES-GCM, or an IV reuse resistant model like AES-GCM-SIV, ought to be thought-about.

Samsung didn’t instantly reply to a request to verify the researchers’ estimate of affected units and to estimate what number of affected units, if any, stay unpatched. ®


Supply hyperlink