Qualcomm-Based Android Devices Vulnerable To Brute Force Attacks
A test conducted by Gal Beniamini showed that encrypted keys on Android devices featuring Qualcomm chipsets can be extracted by attackers through some of its vulnerabilities. After the keys are extracted, brute force attacks can be used against the devices.
Two vulnerabilities in the ARM CPU TrustZone implementation were exploited by the security researcher. The ARM CPU TrustZone features a kernel and Trusted Execution Environment that works independent of the OS of the device. The Trusted Execution Environment on Qualcomm chips is also known as QSEE.
A device encryption key or DEK is the basis for the full-disk encryption feature on devices powered by Android. The key is encrypted using a different key based on the password, PIN or swipe pattern of the user.
The extraction of an encrypted DEK is one of the objectives of Android to prevent the use of brute-force attacks on its devices without any protection, such as delays in between failed guesses of the password. This is made possible by linking the DEK with the hardware of the device using an application running within the Trusted Execution Environment.
But, the implementation of Qualcomm utilizes a key available through the KeyMaster key running on the QSEE. In this situation, the KeyMaster key can be accessed when the QSEE is accessed and allow attackers to extract the DEK. Brute-force attacks can be made by attackers on other equipment, like server clusters.
Due to this, the full-disk encryption security of Android devices is reduced, which is risky for users who use simple passwords on their devices. The conceptual attack of Beniamini uses the vulnerability patches of Android in January and May. An analysis conducted by security company Duo Security on its user base showed that more than half of Android-powered devices are vulnerable to the attack of Beniamini since Qualcomm leads the market for ARM CPUs used on mobile devices.
Even if patches are released to these devices, some issues may remain. Beniamini indicated that devices can be downgraded into a vulnerable version by attackers if they are able to obtain an encrypted disk image. After this, they can extract the key through TrustZone and use brute-force the encryption.
The implementation of Qualcomm is a bigger issue since the Android FDE is not linked directly to a single hardware-base key that is found only on the device and is not extractable using software. It is connected to a key accessible through the QSEE, which can result to future vulnerabilities in the TrustZone.
The researcher indicated the KeyMaster keys can be obtained by looking for the TrustZone kernel vulnerability leading to attacks on the Android FDE. In addition, manufacturers can comply with requests from law enforcers in breaking the full-disk encryption of Android devices since they are capable of digitally signing and flashing TrustZone images.