Google patched a Critical Elevation of Privilege (EoP) vulnerability in May that affects the majority of Android devices.
The vulnerability could allow an attacker to bypass the Full Device Encryption (FDE) security feature Google implemented in Android 5.0 Lollipop, researchers said.
The security flaw ended up reported in October, and Google patched it in May 2016.
The issue is in the Qualcomm Secure Execution Environment (QSEE), a Linux kernel device designed to allow communication between the normal Android operating system and the secure OS that manages protected services and hardware.
Gal Beniamini, an independent Israeli researcher who found an EoP vulnerability in the Widevine QSEE TrustZone application, discovered the vulnerability.
Tracked as CVE-2015-6639 and patched by Google in January, the vulnerability could enable a compromised, privileged application with access to QSEECOM to execute arbitrary code in the TrustZone context.
Affecting the Qualcomm TrustZone component, CVE-2016-2431 could also end up exploited by a local malicious application to execute arbitrary code within the context of the TrustZone kernel, Google said in the May 2016 security bulletin. The company didn’t offer additional details on the issue, but Beniamini said the hole can end up leveraged to break Android’s Full Disk Encryption (FDE) scheme.
A FDE works when the device generates a randomly-chosen 128-bit master key (the Device Encryption Key or DEK) and a 128-bit randomly-chosen salt, and protects the DEK using an elaborate key derivation scheme that leverages user’s unlock credentials. The encrypted DEK then ends up stored on the device inside an unencrypted structure.
To decrypt the disk, one would need user credentials to decrypt the stored DEK, and Google has implemented several mechanisms to prevent on-device cracking attacks, such as delays between decryption attempts and an option to wipe the user’s information after subsequent failed decryption attempts. A step in the key derivation scheme binds the key to the device’s hardware, thus preventing off-device brute-force attacks.
The module that creates the binding is the KeyMaster, and it operates as a QSEE trustlet on Android devices powered by a Qualcomm chipset (basically, it is part of the secure OS). By reverse-engineering the KeyMaster trustlet, Beniamini found the key derivation is not hardware bound and that OEMs can actually break the Full Disk Encryption security feature.
He also notes that the Android FDE is only as strong as the TrustZone kernel or KeyMaster and that the vulnerability can be exploited even on devices with the appropriate patch installed, because the attacker can downgrade the device to a vulnerable version if they have the encrypted disk image. After that, the attacker can extract the key by exploiting TrustZone, and then brute-force the encryption.