An attacker can break Android’s FDE (Full-Disk Encryption) for devices running on Qualcomm Snapdragon processors, according to independent security researcher Gal Beniamini.

By default, Android FDE, supported since Android Lollipop (5.0), uses a randomly chosen 128-bit Device Encryption Key (DEK), which is additionally encrypted using a value that can be the user’s PIN, password, or swipe pattern.

Android uses the DEK key to lock the files you keep on your smartphone’s storage drive. The PIN/password/swipe gesture will encrypt this key, so it would be safe to store it on the phone without an attacker grabbing the DEK key and decrypting your files.


Attackers can extract DEK key from QSEE’s KeyMaster

This encrypted DEK key is stored on the smartphone’s KeyMaster module, an area of the Android’s TrustZone, a special section of the Android kernel, working separately from the rest of the kernel, and tasked with processing the most crucial and sensitive operations, like the ones that handle encrypted data.

On Qualcomm-based devices, the KeyMaster module doesn’t reside in the OS TrustedZone, but in the Qualcomm Secure Execution Environment, a custom implementation of the TruztZone for Qualcomm chipsets.

Beniamini says that there are many public vulnerabilities for the QSEE that can be used to leak the KeyMaster module’s content. The researcher says he can load a malicious app in the QSEE that would allow him to gain control of the entire component.

This would enable him to steal the encrypted DEK key, which is not hardware-bound and can be extracted for subsequent off-device brute-force attacks.

DEK key can be brute-forced with simple Python script

For this, he even put together an 88-line Python script that can do the job and brute-force the encrypted DEK key to reveal the actual DEK key that can unlock the user’s files. The script is available on GitHub.

Fixing this issue is problematic since it requires hardware changes to Qualcomm chips. At this point, all existing devices can be considered compromised if subjected to Beniamini’s attack.

“As we’ve seen, the current encryption scheme is far from bullet-proof, and can be hacked by an adversary or even broken by the OEMs themselves (if they are coerced to comply with law enforcement),” Beniaminimi writes. “I hope that by shedding light on the subject, this research will motivate OEMs and Google to come together and think of a more robust solution for FDE.”

Beniamini running his Python script, extracting DEK key

Beniamini running his Python script, extracting DEK key

Let’s block ads! (Why?)

Related Posts

Facebook Comments

Return to Top ▲Return to Top ▲