Android Devices Running on Qualcomm Chips have Full Disk Encryption Vulnerability

Android Devices Running on Qualcomm ChipsNew data shows that hackers have been able to exploit certain vulnerabilities in Android devices employing chipsets made by Qualcomm.  Research indicates that these vulnerabilities allow attackers to extract the encrypted keys that would normally protect user data, also letting the users runs brute-force attacks against the mobile user.

Last week, security researcher Gal Beniamini demonstrated how the attack actually uses two vulnerabilities patched just this year when Qualcomm implemented the the ARM CPU TrustZone. This is a hardware security module which is set to run on its own kernel and Trusted Execution Environment that is independent of the main operating system.  When it comes to Qualcomm chips, the Trusted Execution Environment is known as Qualcomm Secure Execution Environment, or QSEE.

This full disk encryption is a feature on Android devices which relies solely on a randomly generated key called device encryption key (DEK). This key also has its own encryption with another key that is derived from user security like the PIN, password, or swipe pattern.

Android is similar to iOS in that the operating system makes regular, solid attempts to prevent encrypted DEK extraction that potentially allows attackers to execute brute-force passwords guessing attacks where there are no other protections (such as software-enforced delays between password guess failures).  And this is done through the binding of the DEK to the device hardware through an application called “KeyMaster” which Qualcomm runs within the Trusted Execution Environment.

Beniamini demonstrated, however, that iOS binds this DEK to a hardware-based key known as the UID which cannot be extracted by any software.  Qualcomm’s implementation uses a particular key type that can be available to the Android-based KeyMaster application running within the QSEE.  This, then, means that if you can successfully break into the QSEE, you can get access to the KeyMaster key which then allows for extraction of the DEK.  After getting the DEK, then, attackers can run brute-force attacks against it using far more powerful equipment like a server cluster designed specifically for password cracking.

This, of course, reduces Android’s full-disk encryption security over the user password or swipe pattern or PIN.

Beniamini goes on to explain, “Even on patched devices, if an attacker can obtain the encrypted disk image (e.g. by using forensic tools), they can then ‘downgrade’ the device to a vulnerable version, extract the key by exploiting TrustZone, and use them to brute-force the encryption.”

[graphiq id=”ezn7gkjBH1P” title=”Qualcomm Inc. (QCOM)” width=”700″ height=”475″ url=”” link=”” link_text=”Qualcomm Inc. (QCOM) | FindTheCompany” ]