Major weakness in Google's key storage breaks open Android's Full Disk Encryption

Posted:
in iPhone
Higher end Android phones using premium Qualcomm chips have been seeking to court the attention of enterprise users, but new research shows that Android encryption is easy to defeat because the devices store their disk encryption keys in software, unlike Apple's iOS.


Android is as secure as wearing a robot costume on a skateboard


Apple's Secure Enclave



A report by Dan Goodin for Ars Technica cited research by Gal Beniamini which detailed "inherent issues" with Android's Full Disk Encryption that are "not simple to fix" and "might require hardware changes."

As detailed in Apple's iOS Security Guide, iOS devices store a Unique ID and encryption keys in the Secure Enclave, a specialized coprocessor internally developed as part of Apple's A7 and later Application Processors. As a result, Apple states that "iOS is a major leap forward in security for mobile devices." iOS is a major leap forward in security for mobile devices

Data held by the Secure Enclave can't even be read by the system; iOS runs on a separate processor and can only make simple requests to the Secure Enclave. This mechanism creates a strong barrier of protection around not only Full Disk Encryption, but also Touch ID, Apple Pay and other security related features in iOS.

Apple's conflict involving the FBI on device encryption involved an iPhone 5c, an older A6 model lacking the Secure Enclave and Touch ID. Even with that model, breaking device encryption required help from third party experts. New iPhones sold since 2013's iPhone 5s all use the Secure Enclave to enforce Full Disk Encryption and to authenticate users by fingerprint, without making biometric data or encryption keys accessible to iOS or to apps--or to any malware that a user might be fooled into installing.


Apple's SVP of worldwide marketing Phil Schiller introduces the A7 in 2013.


Code to extract Android keys already public



Android devices depend on a series of partners to construct security policy. In "stark contrast" to iOS, Goodin noted that "Qualcomm-powered Android devices store the disk encryption keys in software. That leaves the keys vulnerable to a variety of attacks that can pull a key off a device."

A series of exploits related to vulnerabilities in the TrustZone security architecture used by Qualcomm's chips make it possible to run software within the TrustZone kernel, allowing attackers to steal keys and defeat Android's Full Disk Encryption and other security measures.

Google noted that it has since patched those vulnerabilities. However, Goodin noted that based on data compiled by Duo Security researchers, around 37 percent of affected Android phones can't be patched because the maker or carrier has not delivered the necessary patches (and likely will never).

Further, Beniamini (the researcher to detailed the issue) noted that many Android devices that have been patched (including Google's Nexus 6 that he tested, featuring an unlockable bootloader) can be rolled back to an older, vulnerable version of the software that makes the exploit possible again. For the enterprise, having more than a third of its Android devices wide open to broken encryption--and even more potentially exploitable with rollbacks--makes Google's platform unacceptable for deployment.


Google's Nexus 6 dropped plans for a fingerprint sensor, lacks a Secure Enclave, and may be reverted to vulnerable code allowing access to the user's encryption keys


Android open to anyone who wants in



Android's architecture for storing its keys in software also opens the door for unanticipated new exploits from new vulnerabilities that haven't yet been made public. But it also allows phone manufacturers to crack open the encryption of their users--something Apple simply can not do to its own iPhone users, by design.

"Since the key is available to TrustZone," Goodin noted, "the hardware makers can simply create and sign a TrustZone image that extracts what are known as the keymaster keys. Those keys can then be flashed to the target device."

Goodin cited mobile security expert Dan Guido, the chief executive of Trail of Bits, as pointing out that "it's not just Google that can mess around with the software on your phone, but it's also [Google partners], and it's in a very significant way."

Benjamin described that Android's design "makes it possible for phone manufacturers to assist law enforcement agencies in unlocking an encrypted device."

It's noteworthy that Google's partners are regularly in conflict with the search giant over control of Android. And increasingly, Android partners are Chinese companies that operate in close partnership with the Communist Party running the People's Republic of China. That includes Huawei, now the second largest Android licensee after Samsung.

As The Information recently pointed out, Huawei "hasn't yet been able to strike a deal for a top U.S. wireless carrier to sell one of its flagship phones" because "the U.S. government forbids those same carriers from using Huawei telecom equipment due to fears of Chinese government snooping.""Google has always been behind on full disk encryption on Android. They have never been as good as the techniques that Apple and iOS have used" - security expert Dan Guido

Guido added, "Google has always been behind on full disk encryption on Android. They have never been as good as the techniques that Apple and iOS have used.

"They've put all their cards in this method based on TrustZone and based on the keymaster, and now it's come out how risky that is. It exposes a larger amount of attack surface. It involves a third party in the full disk encryption, and all this extra software that handles this key could potentially have bugs that allow an attacker to read it back out.

"Whereas on iOS it's very simple. It's just a chip. The chip is the Secure Enclave, and the Secure Enclave communicates via this thing they call the [interrupt-driven] mailbox. And that basically means you put really simple data in on one end, and you get really simple data out the other end. And there's not a lot else that you can do with it.

"These two approaches are completely different. [On iOS] there's no software to exploit to read the hardware key. On Android they expose the full-disk encryption key to a fairly complex piece of software this researcher has exploited."

In addition to Android phones powered by Qualcomm chips, Benjamin added that "he wouldn't be surprised if TrustZone implementations from chipmakers other than Qualcomm contain similar vulnerabilities."

TrustZone is a security platform licensed by ARM to Qualcomm and other chipmakers. It has been included on all ARM-licensed processors manufactured since 2012, which would include Samsung's Exynos chips.

Even most high-end Android phones turn Full Disk Encryption off



Most Android phones don't even turn on Full Disk Encryption because Google's implementation in Android doesn't rely on hardware accelerated encryption. That makes encryption so slow that most users who try it turn it back off just to have a usable phone. Last year, despite an initial effort to mandate Full Disk Encryption on higher end Android phones in Android 6, Google instead just relaxed its standards and told manufacturers to work toward the goal in the future.

A variety of Android benchmarks also turn off Full Disk Encryption when comparing Samsung's premium products to Apple's iPhone--which began using Full Disk Encryption on iPhone 3GS in 2009--because if they didn't Samsung's Galaxy scores would look much worse.

Android's lack of effective Full Disk Encryption certainly isn't the only security-related problem for Google's platform. In November, security researchers at Lookout noted the emergence of auto-rooting adware designed to survive even a "factory data reset" device wipe.

"For individuals, getting infected with Shedun, Shuanet and ShiftyBug might mean a trip to the store to buy a new phone," noted researcher Michael Bentley. "Because these pieces of adware root the device and install themselves as system applications, they become nearly impossible to remove, usually forcing victims to replace their device in order to regain normalcy."

In January, a new 0-Day kernel privilege escalation flaw that allows unprivileged apps to "gain nearly unfettered root access," including access to camera, microphone, GPS location and personal data, was discovered by Perception Point Research. It was found to have existed since 2012, long enough to have spread vulnerability across "66 percent of all Android devices."

Google has no way to patch those users. In fact, despite making the deployment of Android 6 Marshmallow a major priority over the last year, the new release only managed its way into a tenth of the installed base after a year.

This week, Kaspersky Lab also noted a new surge in ransomware--where attackers freeze users' phones and demand payment to unlock them again--among its Android users, citing136,532 mobile ransomeware infections in April, four times as many as the 35,413 it observed just a year ago.
sockrolidwonkothesanerepressthislolliverpscooter63patchythepirate
«1

Comments

  • Reply 1 of 39
    Where are all the idiots who claimed "encryption is encryption" when talking about Androids software based approach against Apples hardware based approach?

    Seems they're not really equal at all. Surprise surprise.
    cornchipcalisockrolidSolijbdragonmac_dogmacseekermagman1979repressthiscapasicum
  • Reply 2 of 39
    redefilerredefiler Posts: 323member
    Always been a crap platform, from a crap company, founded by crappy people, with really crappy skin.  B)
    calisockrolidmacseekeranton zuykovmagman1979repressthisstarwarslolliverlatifbpdugbug
  • Reply 3 of 39
    lkrupplkrupp Posts: 9,465member
    Doesn’t matter. Android still wins because, well, just because. We know there are a billion Android phones out there with fatal security flaws that will never be patched but it just doesn’t matter. Android wins every time. Nobody cares. Go figure.
    edited July 2016 digital_guyericthehalfbeecalisockrolidmac_dogcornchipanton zuykovmagman1979repressthischia
  • Reply 4 of 39
    lkrupplkrupp Posts: 9,465member
    Perhaps this is why we never hear of FBI or CIA requests for Google to unlock an Android phone. They simply don’t need to. Come to think of it all the government would need to do is mandate every citizen use an Android device and ban iOS from the country. Yep, that’s the ticket.
    ericthehalfbeecornchiprob53calisockrolidjbdragonmac_dogmacseekeranton zuykovmagman1979
  • Reply 5 of 39
    theothergeofftheothergeoff Posts: 2,081member
    lkrupp said:
    Doesn’t matter. Android still wins because, well, just because. We know there are a billion Android phones out there with fatal security flaws that will never be patched but it just doesn’t matter. Android wins every time. Nobody cares. Go figure.
    People buy what they buy.  There are probably a billion people on the planet that have no need for or can't afford digital security, just like there a billions of people who can't afford decent health care.  If a phone makes calls and has facebook... and the buyer puts their entire life on facebook anyway, who are we to say 'you shouldn't buy that phone... it isn't secure.'

    I'm just glad there is a choice. 
    dasanman69wonkothesanemobiuscnocbuibadmonk
  • Reply 6 of 39
    lkrupp said:
    Doesn’t matter. Android still wins because, well, just because. We know there are a billion Android phones out there with fatal security flaws that will never be patched but it just doesn’t matter. Android wins every time. Nobody cares. Go figure.
    People buy what they buy.  There are probably a billion people on the planet that have no need for or can't afford digital security, just like there a billions of people who can't afford decent health care.  If a phone makes calls and has facebook... and the buyer puts their entire life on facebook anyway, who are we to say 'you shouldn't buy that phone... it isn't secure.'

    I'm just glad there is a choice. 
    The problem isn't if you have Facebook. The problem is when you use Android pay or Samsung pay and people figure out how to steal your credit card and bank info. 

    Or worse someone can steal your finger print! 
    sockrolidjbdragonchiacapasicumlolliverlatifbpai46
  • Reply 7 of 39
    calicali Posts: 3,494member
    lkrupp said:
    Perhaps this is why we never hear of FBI or CIA requests for Google to unlock an Android phone. They simply don’t need to. Come to think of it all the government would need to do is mandate every citizen use an Android device and ban iOS from the country. Yep, that’s the ticket.
    A moronic fanboy's defense was "the FBI asked because it was an iPhone"
    cnocbui
  • Reply 8 of 39
    sockrolidsockrolid Posts: 2,789member
    ... around 37 percent of affected Android phones can't be patched because the maker or carrier has not delivered the necessary patches (and likely will never).

    BOOM.



    edited July 2016 ericthehalfbeejbdragoncornchipmacseekermagman1979waverboyrepressthischialatifbpsteveh
  • Reply 9 of 39
    SoliSoli Posts: 10,030member
    Where are all the idiots who claimed "encryption is encryption" when talking about Androids software based approach against Apples hardware based approach?

    Seems they're not really equal at all. Surprise surprise.
    Did someone(s) really say that? Even before we get to the benefits of HW encryption over SW encryption, there are fundamental differences that can make a world of different. I think an apt analogy that semi-technical users can grasp is the differences in HW v SW de/encoding of media, and then the various pros and cons in different codecs.
    dasanman69capasicum
  • Reply 10 of 39
    SoliSoli Posts: 10,030member

    lkrupp said:
    Doesn’t matter. Android still wins because, well, just because. We know there are a billion Android phones out there with fatal security flaws that will never be patched but it just doesn’t matter. Android wins every time. Nobody cares. Go figure.
    Governments and hackers care a great deal. That's a lot of people that care a great deal that Android is an easy target. :smile: 
    macseekercapasicum2old4funjbdragonbadmonk
  • Reply 11 of 39
    alxsbralxsbr Posts: 12member
    I don't know what's the point of this article… everybody knows there is not even a single android user with FDE turned on.
    mac_dogrepressthisbadmonk
  • Reply 12 of 39
    jkichlinejkichline Posts: 1,352member
    Not surprised. Just another faux checkmark on the marketing list. Just slap it together with a "me too" attitude even if it doesn't actually work or perform and has a permanent beta badge applied to it.
    cornchipmagman1979capasicumlolliverbadmonk
  • Reply 13 of 39
    sflocalsflocal Posts: 5,732member
    Android is a hackers dream.  Even with this huge flaw in security, barely a peep in the media.  That's the shitty expectations that people have with Android.  Zero.  Yet, they don't care. 

    And Apple get's chided from every angle about its phones being TOO secure??!! Assholes.
    cornchipanton zuykovmagman1979chiacapasicumlolliverlatifbpnolamacguybaconstangbadmonk
  • Reply 14 of 39
    mac_dogmac_dog Posts: 912member
    lkrupp said:
    Perhaps this is why we never hear of FBI or CIA requests for Google to unlock an Android phone. They simply don’t need to. Come to think of it all the government would need to do is mandate every citizen use an Android device and ban iOS from the country. Yep, that’s the ticket.
    Except them, of course. 
    capasicumbadmonk
  • Reply 15 of 39
    mac_dogmac_dog Posts: 912member
    And look …google stock just went up 10 points. /s
    anton zuykovcapasicumlolliverlatifbpjbdragonbadmonk
  • Reply 16 of 39
    wood1208wood1208 Posts: 2,544member
    lkrupp said:
    Doesn’t matter. Android still wins because, well, just because. We know there are a billion Android phones out there with fatal security flaws that will never be patched but it just doesn’t matter. Android wins every time. Nobody cares. Go figure.
    Let me educate everyone about android. Initial cost to own android is lower. Nothing more. If IOS is given out to phone manufacturers than IOS devices will be everywhere from one end to other in prices. It can easily bury android, no where to be found like Nokia/Blackberry phones.
    edited July 2016 dasanman69
  • Reply 17 of 39
    cnocbuicnocbui Posts: 3,613member
    So has Apple fixed the Keychain vulnerability in OSX yet?  Last I heard they basically said it was too hard.
    alxsbr said:
    I don't know what's the point of this article… everybody knows there is not even a single android user with FDE turned on.
    It is turned on by default on Samsung flagship phones.

    Serious OS X and iOS flaws let hackers steal keychain, 1Password contents

    Researchers sneak password-stealing app into Apple Store to demonstrate threat.

    by
    Dan Goodin - Jun 17, 2015


    Attacks accessing Mac keychain without permission date back to 2011

    Technique lets rogue apps ask for keychain access, then click OK.

    by Dan Goodin - Sep 2, 2015 10:41pm BST

    On Tuesday, Ars chronicled an OS X technique that's being actively used by an underhanded piece of adware to access people's Mac keychain without permission. Now there's evidence the underlying weakness has been exploited for four years.


    This constant 'holier than thou' shit from DED is both tiresome and stupid.
    dasanman69lord amhransingularity
  • Reply 18 of 39
    cnocbui said:
    So has Apple fixed the Keychain vulnerability in OSX yet?  Last I heard they basically said it was too hard.
    alxsbr said:
    I don't know what's the point of this article… everybody knows there is not even a single android user with FDE turned on.
    It is turned on by default on Samsung flagship phones.



    This constant 'holier than thou' shit from DED is both tiresome and stupid.
    The second post was fixed in 10.10.5 

    The first post was fixed the day after the post came out "Update: Late Friday afternoon, Apple officials released the following statement: "Earlier this week we implemented a server-side app security update that secures app data and blocks apps with sandbox configuration issues from the Mac App Store. We have additional fixes in progress and are working with the researchers to investigate the claims in their paper."
    capasicumlolliverericthehalfbeelatifbpnolamacguystevehmagman1979badmonkpatchythepirate
  • Reply 19 of 39
    BismarkBismark Posts: 6member
    I notice DED left in that someone can unlock the bootloader to roll the software back so they can gain access to the vulnerability. He may not know that when you unlock the bootloader it wipes the device deleting anything that was on it.

    I.E. you would have to give to the user before they start using the device and hope they ignore all the alerts to update their phone.
    singularitydasanman69
  • Reply 20 of 39
    cnocbui said:
    So has Apple fixed the Keychain vulnerability in OSX yet?  Last I heard they basically said it was too hard.
    alxsbr said:
    I don't know what's the point of this article… everybody knows there is not even a single android user with FDE turned on.
    It is turned on by default on Samsung flagship phones.



    This constant 'holier than thou' shit from DED is both tiresome and stupid.
    Actually, your links just prove the point of the article. Macs don't have a secure enclave since they use Intel CPUs. Thus, they are in the same position as Android and all other OS are. Software implementation that is prone to being exploited.

    Yet, macOS, Linux, even Windows get regular software updates to close vulnerabilities. Not so with for most Android devices.
    2old4funericthehalfbeelatifbpai46jbdragonmagman1979dugbug
Sign In or Register to comment.