[guardian-dev] [Cryptography] Android Full Disk Encryption Broken - Extracting Qualcomm's KeyMaster Keys
Jerry Leichter
leichter at lrw.com
Sun Jul 3 10:35:41 EDT 2016
> http://bits-please.blogspot.fr/2016/06/extracting-qualcomms-keymaster-keys.html
> https://github.com/laginimaineb/ExtractKeyMaster
> https://github.com/laginimaineb/android_fde_bruteforce
> https://github.com/laginimaineb?tab=repositories
>
> In this blog post, I'll demonstrate how TrustZone kernel
> code-execution can be used to effectively break Android's Full Disk
> Encryption (FDE) scheme....
The underlying blog posts on github are well worth reading for an understanding of what hacking is these days. (FYI, it's not *all* that different from hacking back in the early 1970's - the basic approach, the style of thinking, the general things you look for and abuse, even some of the basic problems you need to solve,b were the same back then - but the scale and intensity necessary to break through these days is so much higher. Then again, the tools are better, too. If you still think not releasing source code is protecting you, well, I can get you a good deal on a bridge in NYC.)
While the headlines are about Android FDE, what the attacker here has done is show how to take over the entire TrustZone used in standard ARM chips. This is a mechanism somewhat like the TPM in x86 chips: An isolated environment that can hold secrets and perform various operations in a way that even the operating system can neither interfere with nor even observe. Unlike Apple's "Secure Enclave" - which has limited capabilities implemented entirely in hardware - TrustZone is a protected mode of operation in which arbitrary software can be run - and what's running in it is the equivalent in a small OS. That OS is then used to load some fairly substantial bits of software - including some stuff to implement DRM, which in fact happened to provide the entry point used in these attacks - though there's nothing specific to DRM that opens the way to the attack.
Lessons? Generality and power lead (to complexity, which is the enemy of security. Even fairly simple and apparently limited systems have been hacked by turning their own mechanisms against them (see the classic attacks against IBM HSM's). But the more you add, the easier this becomes. In particular, making a mechanism to implement secure key management general enough to implement DRM is a mistake. KISS - Keep It Simple, Stupid - needs to be the guiding principle.
-- Jerry
More information about the guardian-dev
mailing list