Samsung reportedly shipped millions of phones with flawed encryption

Samsung Galaxy S21 FE
(Image credit: Peter Hoffmann)

Some of the top Samsung flagship smartphones were being shipped with a major security flaw that could allow threat actors “trivial decryption” of secret, encrypted keys, experts have warned.

Overall, around 100 million devices are thought to have been at risk, including flagship devices such as the Samsung Galaxy S21 and S20 models, along with older top-end smartphones including the S8, S9 and S10.

The flaw was discovered by a group of cybersecurity researchers, Alon Shakevsky, Eyal Ronen, and Avishai Wool, from the Tel Aviv University in Israel. Their work resulted in the establishment of multiple vulnerabilities, including CVE-2021-25444 and CVE-2021-25490, as well as their subsequent patching, by October 2021. 

TechRadar needs you!

We're looking at how our readers use VPNs with different devices so we can improve our content and offer better advice. This survey shouldn't take more than 60 seconds of your time. Thank you for taking part.

>> Click here to start the survey in a new window <<

Poorly implemented encryption

Here are the flaw’s details, described as briefly as possible:

Sensitive secondary functions on virtually all Android smartphones are separated from “normal” Android applications, through what’s known as Trusted Execution Environment (TEE), supported by Arm’s TrustZone technology. TEE basically runs its own operating system, called TrustZone Operating System (TZOS), while individual vendors decide whether or not to implement cryptographic functions within the OS.

At the same time, there’s the Android Keystore, offering hardware-backed cryptographic key management through the Keymaster Hardware Abstraction Layer (HAL), which Samsung implemented through Keymaster TA - a Trusted Application on TrustZone.

This gives Samsung phones the ability to use TEE crypto calculations in other apps that operate on Android. 

The cryptographic keys, or blobs, stored by the Keymaster TA, are encrypted via AES-GCM and stored in the Android file system. The trouble is - while these should only be readable within the TEE, in practice - that’s not the case. 

Samsung implemented Keymaster TA poorly in S8, S9, S10, S20, and S21, allowing researchers to reverse-engineer the Keymaster app and get the keys from the hardware-protected key blobs. 

Commenting on the findings on Twitter, associate professor of computer science at the Johns Hopkins Information Security Institute, Matthew Green, said Samsung could have derived a different key-wrapping key for each key they protect. “But instead Samsung basically doesn’t. Then they allow the app-layer code to pick encryption IVs. This allows trivial decryption,” he said.

Samsung has yet to comment on the findings, but TechRadar Pro has approached the company for comment. 

Via: The Register

TOPICS

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.