Bad news for Android users that want to protect their data by enabling full-disk encryption (FDE) on their mobile devices.
The Android full-disk encryption can be easily cracked with a brute force attack, this implies that potentially hundreds of millions of Android mobile are exposed to the risk of hack.
The security researcher Gal Beniamini that analyzed the implementation of the Android full-disk encryption made the disconcerting discovery.
Unfortunately, there may not be a full fix available for current Android mobile devices in the market.
By enabling Android full-disk encryption, the user’s data on a mobile device is encrypted every time it is written to the disk, a process that leveraged on the user authentication code. Every operation on the data will request user enters his password.
Beniamini has discovered two security issues (CVE-2015-6639 and CVE-2016-2431) that reside in the way Android manages full disk encryption.
The expert noticed that despite Qualcomm protect critical functions like encryption running them in the Snapdragon TrustZone, it is possible to exploit an Android security vulnerability to expose the keys from TrustZone.
Qualcomm runs a small kernel in TrustZone to implement the QSEE (Qualcomm Secure Execution Environment), a Trusted Execution Environment for running of small apps outside the main Android operating system. KeyMaster is also a QSEE app.
The KeyMaster also runs in the QSEE environment.
Beniamini demonstrated that an attacker can exploit a vulnerability in the kernel of the mobile device to load its version of QSEE app inside this secure environment, then by exploiting privilege escalation flaw it could compromise the QSEE environment and all the apps running in it, including the keys generated for the Android full-disk encryption.
Once accessed the key, the attacker could run a brute-force attack to access user password, PIN or lock, cracking Android’s full disk encryption.
The expert reported the following implications of this finding:
Beniamini is working with both Qualcomm and Google to solve the issue, but the problem might require significant hardware modification to be solved.
Let me suggest to give a look to the Beniamini analysis, it very interesting.
(Security Affairs – Android full-disk encryption (FDE), Mobile)