Researchers at Tel-Aviv University have found that Samsung phones shipped with design flaws in Android’s s hardware-backed cryptographic key management services. The flaw affects millions of Samsung’s flagship phones including the Galaxy S8, S9, S10, S20, and S21.
Samsung failed to implement Keymaster TA (Trusted Application) properly in its Galaxy series phones. These “severe” cryptographic design flaws could allow attackers to extract hardware-protected keys, according to a paper describing the problem.
The flaw was first reported by The Register.
ARM processor-based Android smartphones use a Trusted Execution Environment (TEE) to implement security functions. The TEE, in turn, runs a separate, isolated, TrustZone Operating System (TZOS) in parallel to Android. The problem lies in the “implementation of the cryptographic functions within the TZOS” which “is left to the device vendors, who create proprietary undocumented designs,” according to “Trust Dies in Darkness: Shedding Light on Samsung’s TrustZone Keymaster Design,” the paper authored by Tel-Aviv University researchers.
The TrustZone splits the device into two execution environments: (1) A non-secure REE (Rich Execution Environment)where the “Normal World” operating system runs and (2) a secure TEE where the “Secure World” operating system runs, according to the paper.
In most mobile devices, the Android OS runs the nonsecure Normal World. In the Secure World, there are more choices. For example, in Samsung devices, there are at least three different TrustZone Operating Systems in use, according to the paper.
“We present an IV reuse attack on AES-GCM that allows the attackers to extract keys from hardware-protected key blobs; and a downgrade attack that makes even the latest Samsung flagship devices vulnerable to our IV reuse attack," the paper says.
An IV (initialization vector) reuse attack can adversely impact encryption randomization. AES with Galois/Counter Mode (AES-GCM) is an authenticated encryption algorithm.
The paper continues:
“Surprisingly, we discovered that the Android client is allowed to set the IV when generating or importing a key. All that is necessary is to place an attacker-chosen IV as part of the key parameters and it is used by the Keymaster TA instead of a random IV,” the paper says.
Bane of encryption
“The IV is supposed to be a unique number each time, which ensures the AES-GCM encryption operation produces a different result even when the same plain text is encrypted,” as described by The Register. “But when the IV...and encryption key remain the same, the same output gets generated. And that sort of predictability is the bane of encryption.”
A Downgrade Attack was also described by the paper.
Experts were surprised by the lapses.
“[There are] serious flaws in the way Samsung phones encrypt key material in TrustZone and it’s embarrassingly bad. They used a single key and allowed IV re-use,” said Matthew Green, who teaches cryptography at Johns Hopkins University, in a tweet.
“So they could have derived a different key-wrapping key for each key they protect. But instead Samsung basically doesn’t. Then they allow the app-layer code to pick encryption IVs. This allows trivial decryption,” Green said in another tweet.
Venafi has reached out to Samsung for comment.
Proper Encryption Strategies
Encryption is a very powerful tool for securing corporate assets. To realize the full power of encryption, a mature organization will not only properly implement encryption but will go a step further and manage the encryption keys and certificates using an automated solution, such as Venafi’s Trust Protection Platform, paired with strong governance that includes best practices, policies, standards and awareness and training activities that complement the capabilities of the automated solution.
To learn more how Venafi Trust Protection Platform can supplement your data governance program, contact our experts.