If you have an Android device running 5.0 (Lollipop) or later, and powered by a Qualcomm Snapdragon processor, then you should know that a security researcher demonstrated how to crack the full-disk encryption (FDE) with brute-force attacks. And the fix is not necessarily as simple as installing new firmware and might require changes to hardware.
Full-disk encryption, which is supported on devices running Lollipop on up, is supposed to protect files on the storage drive. Android uses a randomly chosen 128-bit device encryption key that is further encrypted using a user’s PIN, password or swipe pattern. The master key, or Device Encryption Key (DEK), is stored on a user’s device. It is bound to the device’s hardware though Android’s KeyMaster, which runs in the TrustZone. In other words, an attacker should not be able to extract the crypto key for this walled-off and protected section.
But security researcher Gal Beniamini demonstrated how an attacker could use brute-force attacks to extract the key off a locked phone that has a Qualcomm processor. Not only did he show “how TrustZone kernel code-execution can be used to effectively break Android's Full Disk Encryption (FDE) scheme,” but he also released the attack code. Beniamini provided both the source code to extract Qualcomm’s KeyMaster keys, as well as the Python scripts to brute-force the FDE off the device, on GitHub.
“The key derivation is not hardware bound,” Beniamini explained. “Instead of using a real hardware key which cannot be extracted by software (for example, the SHK), the KeyMaster application uses a key derived from the SHK and directly available to TrustZone.”
It’s not only attackers that could break the encryption on vulnerable devices, according Beniamini. He suggested OEMs might comply with law enforcement to break Android’s full-disk encryption.
“Since the key is available to TrustZone, OEMs could simply create and sign a TrustZone image that extracts the KeyMaster keys and flash it to the target device,” he wrote. “This would allow law enforcement to easily brute-force the FDE password off the device using the leaked keys.”
Millions of Androids are reportedly still vulnerable, even though Qualcomm said “patches were made available to our customers and partners,” and Google said it rolled out patches in May and January. Duo Security told Ars Technica that an estimated 37 percent of all Android phones running the Duo app had not yet received the patches.
“Patching TrustZone vulnerabilities does not necessarily protect you from this issue,” Beniamini wrote. “Even on patched devices, if an attacker can obtain the encrypted disk image (e.g., by using forensic tools), they can then ‘downgrade’ the device to a vulnerable version, extract the key by exploiting TrustZone, and use them to brute-force the encryption. Since the key is derived directly from the SHK, and the SHK cannot be modified, this renders all down-gradable devices directly vulnerable.”
Beniamini delved into the technical details, which you can check out in full on “Bits, Please!” He concluded:
As we've seen, the current encryption scheme is far from bullet-proof and can be hacked by an adversary or even broken by the OEMs themselves (if they are coerced to comply with law enforcement). I hope that by shedding light on the subject, this research will motivate OEMs and Google to come together and think of a more robust solution for FDE.