A group of academics from Tel Aviv University in Israel have reported that a number of Samsung Android-based phones were shipped to users with design flaws that allowed the extraction of secret cryptographic keys.
The researchers in a paper they prepared titled “Trust Dies in Darkness: Shedding Light on Samsung’s TrustZone Keymaster Design” explain how they arrived at their conclusions. The paper is also scheduled for presentation at Real World Crypto and USENIX security expo that will take place later this year.
Let us get into the details to get a better understanding of how all these work and where Samsung might have messed up in their implementation compared to other Android OEMs.
Android smartphones by large use Arm-compatible silicon and rely on a Trusted Execution Environment (TEE) that is supported by TrustZone technology from Arm to keep security functions separate from normal applications.
This is to keep users’ information safe, among other things, and to also ensure the apps a user interacts with do not have the ability to alter how the Android operating system is fundamentally supposed to work. Basically, normal apps should not have access to things such as a device’s drivers or even passwords that you have saved to log in to a different application or website.
These TEEs do not use Android, but instead have their own operating system called TrustZone Operating System (TZOS). It is here that the onus then falls on manufacturers to implement their cryptographic functions to keep user information and by large their devices safe from would-be attackers.
Samsung implemented a system using a tool called Keymaster TA that was responsible for carrying out cryptographic operations including key generation, encryption, attestation, and signature creation in the secure environment of the TEE. Once the data is encrypted and deemed safe to use by the Keymaster TA, the results would then be used in the Android environment that users and normal applications have access to.
By operation, the Keymaster TA creates the cryptographic keys, which are then wrapped by AES-GCM (an encryption algorithm) then stored in the file system of the Android environment. This format should be unreadable to anyone and can only be decrypted in the secure environment of the TEE.
However, the researchers from Israel report that this implementation was not carried out correctly in the Samsung Galaxy S8, S9, S10, S20, and S21 smartphones. As a result, they were able to reverse engineer the Keymaster tool in these devices and decrypt the keys that were being protected.
The researchers were also able to take advantage of the flaw in Samsung’s implementation to bypass FIDO2 WebAuthn, which is a way to use public-key cryptography, instead of passwords, to register for and authenticate to websites.
In total, the researchers estimate a total of 100 million Samsung devices were vulnerable when they first made the discovery last year. They have since then shared their findings with the South Korean company which has rolled out two updates to the affected devices, effectively patching the flaw.
They conclude their paper by advising a different encryption algorithm other than AES-GCM should be used moving forward, to avoid a reoccurrence of a similar vulnerability.