Security Researcher Publishes How-To Guide To Crack Android Full Disk Encryption

An anonymous reader writes: Google first implemented Full Disk Encryption in Android by default with Android 5.0 Lollipop in an effort to prevent criminals or government agencies from gaining unauthorized access to one's data. What it does is it encodes all the data on a user's Android device before it's ever written to disk using a user's authentication code. Once it is encrypted, it can only be decrypted if the user enters his/her password. However, security researcher Gal Beniamini has discovered issues with the full disk encryption. He published a step-by-step guide on how one can break down the encryption protections on Android devices powered by Qualcomm Snapdragon processors. The source of the exploit is posted on GitHub. Android's disk encryption on devices with Qualcomm chips is based only on your password. However, Android uses your password to create a 2048-bit RSA key (KeyMaster) derived from it instead. Qualcomm specifically runs in the Snapdragon TrustZone to protect critical functions like encryption and biometric scanning, but Beniamini discovered that it's possible to exploit a security flaw and retrieve the keys from TrustZone. Qualcomm runs a small kernel in TrustZone to offer a Trusted Execution Environment known as Qualcomm Secure Execution Environment (QSEE), which allows small apps to run inside of QSEE away from the main Android OS. Beniamini has detailed a way for attackers to exploit an Android kernel security flaw to load their own QSEE app inside this secure environment, thereby exploiting privilege escalation flaw and hijacking of the complete QSEE space, including the keys generated for full disk encryption. The researcher also said Qualcomm or OEMs can comply with government or law enforcement agencies to break the FDE: "Since the key is available to TrustZone, Qualcomm and OEMs [Original Equipment Manufacturers] could simply create and sign a TrustZone image which extracts the KeyMaster keys and flash it to the target device," Beniamini wrote. "This would allow law enforcement to easily brute force the FDE password off the device using the leaked keys."

Unlocked access still required

[NotInHere]

From reading TFA, I conclude that you still need unlocked access to the phone? so if somebody gets hold of your turned off phone, they can't use it.

Not feasible against a good password.

[BitterOak]

I read the article and it looks like this exploit merely allows offline brute forcing of the password. Now, of course, many people choose short passwords on their portable devices, but if you choose a password with sufficient entropy (at least 100 bits, or better yet, 128) you should be safe from this attack. Note: that would require a fairly long and random alphanumeric password.

Re:The solution is horribly obvious

[swillden]

"Trusted" stuff cannot be trusted. It's called "trusted" because its maker trusts it to keep you from doing anything its maker didn't intend you to.

No, the only thing that makes it "trusted" is that it's small, and isolated. Those characteristics reduce its attack surface and reduce the number of bugs it has, on average.

I'll grant that the primary purpose of TrustZone in Android devices, historically, has been DRM, which is absolutely something the maker doesn't want you to muck with. That's not the case with Keymaster. If you want to know what it does, there's a full open source reference implementation in AOSP. That's not the implementation used in Qualcomm devices; they wrote their own and it's closed -- but it does as close to the same thing as what the reference implementation does as the engineers involved could make it. Some other devices do use the code from AOSP.

Re:Easier ways

[swillden]

Hell, you can even plant something on it, and then return it to them... turn it into the carrier or lost and found or the police or something; odds are they'll be so happy/surprised that it turned up again they won't even think that it was hacked.

Planting something on it isn't so easy if it's locked. But, really, you don't have to do that. Want to get into someone's phone? Here's how:

Buy an identical device. Get a good look at theirs so you can put similar scratches, cover, lockscreen background, etc. on it. Configure your device to send the password they enter to you. Steal theirs and leave yours in its place. When they enter your password, you get it and use it to get into their device. To keep it from being obvious that their device has been replaced, have it refuse to "unlock" no matter what they enter. This also helps you in the event they get their password wrong the first time, because they'll helpfully re-enter it. Meanwhile, they'll think their password on their phone has gotten messed up.

This works on *any* model... Android, iPhone, Windows phone, Blackberry... you name it.