Botched encryption exposes millions of Samsung smartphones

You will also be interested

[EN VIDÉO] Kézako: how is data encrypted on the Internet?
Cryptography is the oldest form of encryption. There are traces of its use until 2,000 BC. This technique still used today, especially on the Web, reveals its mysteries on video thanks to the Kézako program from Unisciel and the University of Lille 1.

The algorithms of encryption current ones are tough and should withstand anything, except maybe a quantum computer. However, this is only true as long as the encryption keys are kept secret. Unfortunately, this is where Samsung made a mistake. According to researchers from tel aviv university, due to flaws in their design, it is possible to extract the encryption keys from some recent smartphones of the brand. They estimated the number of affected devices at more than 100 million.

Smartphones have a hardware mechanism called TrustZone in the processor ARM. This allows you to create a trusted execution environment (TEE), with its own operating system TrustZone Operating System (TZOS), separated from Android. This is the one that manages the encryption keys, and it is up to the manufacturer to set it up. And that’s where the flaw lies in the Samsung mobiles.

The flaw is at the level of “blobs” supposed to protect the keys

The hardware encryption key is communicated inside a “blob”, an element itself protected by a encryption based on a key as well as an initialization vector (IV). This vector is normally a random number, and makes it possible to ensure that two identical messages are distinct when they are encrypted, thus avoiding the possibility of extrapolating the key. However, on Samsung mobiles, this vector is based on the identifier and data of theapplication who requested the encryption, as well as some data from the Android environment.

Because of this, the researchers were able to force the system to use the same vector, which allowed them to access the contents of the blob and thus obtain the hardware key. They were then able to use this attack to circumvent Fido2 WebAuthna cryptographic identification method that avoids the use of a password. They were thus able to connect to a site protected by the StrongKey application on Android. They also managed to bypass the protection of the function Secure Key Importwhich allows a server share encryption keys securely with an Android device. This function is mainly used by Google Pay… The good news is that it is necessary to have privileged access to the device by another means (physical, using another loophole…) to get the key. However, once the key is extracted, it can be used without having access to the device.

The flaw contained in a forgotten code on the most recent devices

This attack method works on Samsung Galaxy S8 and S9 devices. The Galaxy S10, S20 and S21 models use a new version of this system which this time includes a random number for each new blob. However, this was not enough, since the device still contains the code for the previous version, and it is possible to force its use. This same attack therefore makes it possible to obtain the hardware encryption keys on the latest Samsung devices.

The researchers reported the initial flaw to the manufacturer in May 2021, and it was fixed in August 2021. They then reported the presence of the deprecated code in newer models in July 2021, and Samsung released a patch in October 2021. However, just because a patch is available does not mean it has been installed on affected smartphones. Users of Samsung devices must therefore ensure that their mobiles are up to date as soon as possible.

Interested in what you just read?

Leave a Comment