The vulnerability lies in how Samsung implemented a portion of the Android Trusted Execution Environment, leading to devices as new as the S21 being vulnerable to initialization vector reuse attacks.
Attention, Samsung Galaxy smartphone owners: There’s a good chance your device is one of the 100 million that a Tel Aviv University research paper said suffer from a serious encryption flaw.
Though Samsung patched the vulnerabilities (yes, there’s more than one) when the researchers reported it in early 2021, they argue that it’s not just about exposing the flaws in a single company’s designs; “it raises the much more general requirement for open and proven standards for critical cryptographic and security designs,” the paper said.
Must-read security coverage
SEE: Password breach: Why pop culture and passwords don’t mix (free PDF) (TechRepublic)
The researchers didn’t stumble upon this error, either: They purposely targeted Samsung devices as an attempt to prove that proprietary, and often undocumented, encryption applications endanger everyone using a smartphone.
How Samsung breaks its own encryption
Understanding what Samsung has done wrong in its implementation of Android’s cryptographic security requires understanding a bit of how the Android operating system is designed. This gets complicated, and there are a lot of acronyms. Consider yourself warned.
ARM-based Android smartphones, which is pretty much all of them, use a split design that separates the top-level Android OS from the TrustZone, a separate bit of hardware that contains a Trusted Execution Environment (TEE) where an isolated TrustZone Operating System (TZOS) lives and makes use of Trust Applications (TAs) to carry out security-related functions.
In essence, when an Android app needs to do something related to user authentication or anything else related to ensuring device security, Android has to send that request to the TZOS. Here’s the catch, and the particular thing that the researchers were trying to point out: “The implementation of the cryptographic functions within the TZOS is left to the device vendors, who create proprietary undocumented designs,” the paper said.
Vendors like Samsung connect the user-facing Android side (a.k.a., the normal world) with the secure world of the TEE through a hardware abstraction layer that shares data between the Android and TEE worlds via APIs. In the case of Samsung Galaxy devices in the S8, S9, S10, S20 and S21 families, the hardware abstraction layer is managed using an app called the Keymaster TA.
Keymaster TA has a secure key storage area in the normal world that contains keys stored in blob form, meaning that they are encrypted for storage in the normal world, and are decrypted (and re-encrypted) by the Keymaster TA.
The actual decryption is done using an initialization vector (IV), which is essentially a randomized number that serves …….