1. Welcome Guest! In order to create a new topic or reply to an existing one, you must register first. It is easy and free. Click here to sign up now!.
    Dismiss Notice

The full-disk encryption protecting your Android can be cracked

Discussion in 'Mobile Phones & Devices' started by starbuck, Jul 3, 2016.

  1. starbuck

    starbuck Rest In Peace Pete Administrator

    Joined:
    Sep 26, 2009
    Messages:
    3,830
    Location:
    Midlands, UK
    Operating System:
    Windows 10
    CPU:
    AMD Athlon II x2 250 Processor 3.00GHz
    Memory:
    8gb DDR3
    Hard Drive:
    500gb SATA
    Graphics Card:
    ASUS GeForce GTX 960 2gb
    Power Supply:
    650w PowerCool X-Viper
    A security researcher showed how to crack full-disk encryption on Qualcomm-powered Android devices running Lollipop or later.

    a6cf40400029bca84a2ea54a4b8b6d84.gif

    If you have an Android device running 5.0 (Lollipop) or later, and powered by a Qualcomm Snapdragon processor, then you should know that a security researcher demonstrated how to crack the full-disk encryption (FDE) with brute-force attacks; the fix is not necessarily as simple as installing new firmware and might require changes to hardware.

    Full-disk encryption, which is supported on devices running Lollipop on up, is supposed to protect files on the storage drive.
    Android uses a randomly chosen 128-bit device encryption key which is further encrypted using a user’s PIN, password or swipe pattern.
    The master key, or Device Encryption Key (DEK), is stored on a user’s device; it is bound to the device’s hardware though Android’s KeyMaster, which runs in the TrustZone.
    In other words, an attacker should not be able to extract the crypto key for this walled-off and protected section.

    But security researcher Gal Beniamini demonstrated how an attacker could use brute-force attacks to extract the key off a locked phone that has a Qualcomm processor.
    Not only did he show “how TrustZone kernel code-execution can be used to effectively break Android's Full Disk Encryption (FDE) scheme,” he also released the attack code; on GitHub, Beniamini provided both the source code to extract Qualcomm’s KeyMaster keys as well as the Python scripts to brute-force the FDE off the device.

    The key derivation is not hardware bound,” Beniamini explained. “Instead of using a real hardware key which cannot be extracted by software (for example, the SHK), the KeyMaster application uses a key derived from the SHK and directly available to TrustZone.”

    It’s not only attackers that could break the encryption on vulnerable devices, according Beniamini.
    He suggested OEMs might comply with law enforcement to break Android’s full-disk encryption. “Since the key is available to TrustZone, OEMs could simply create and sign a TrustZone image which extracts the KeyMaster keys and flash it to the target device,” he wrote. “This would allow law enforcement to easily brute-force the FDE password off the device using the leaked keys.”

    Millions of Androids are reportedly still vulnerable, even though Qualcomm said “patches were made available to our customers and partners,” and Google said it rolled out patches in May and January.
    Duo Security told Ars Technica that an estimated 37 percent of all Android phones running the Duo app had not yet received the patches.

    Patching TrustZone vulnerabilities does not necessarily protect you from this issue,” Beniamini wrote. “Even on patched devices, if an attacker can obtain the encrypted disk image (e.g. by using forensic tools), they can then ‘downgrade’ the device to a vulnerable version, extract the key by exploiting TrustZone, and use them to brute-force the encryption.
    Since the key is derived directly from the SHK, and the SHK cannot be modified, this renders all down-gradable devices directly vulnerable
    .”

    Beniamini delved into the technical details which you can check out in full on “Bits, Please!” He concluded:


    Source:
    http://www.networkworld.com/article...r-android-can-be-cracked.html#tk.rss_security
     
  2. bob12a

    bob12a Senior Member

    Joined:
    Aug 14, 2009
    Messages:
    857
    Location:
    uk
    Operating System:
    Windows 7
    Computer Brand or Motherboard:
    MEDIONPC MS-7204
    CPU:
    3.00 gigahertz Intel Pentium D 16 kilobyte primary memory cache 1024 kilobyte secondary memory cache
    Memory:
    3072 Megabytes Installed Memory Slot 'A0' has 512 MB Slot 'A1' has 512 MB Slot 'A2' has 512 MB Sl
    Hard Drive:
    910.14 Gigabytes Usable Hard Drive Capacity 376.83 Gigabytes Hard Drive Free Space
    Power Supply:
    NVIDIA GeForce 6700 XL [Display adapter] Samsung SyncMaster [Monitor] (22.0"vis, s/n HS2P405617, A
    Thank you for the information.
     

Share This Page