A group of Tel Aviv University academics has revealed details of now-patched “serious” design defects that might have allowed the extraction of secret cryptographic keys from around 100 million Android-based Samsung handsets. Researchers Alon Shakevsky, Eyal Ronen, and Avishai Wool discovered the flaws after studying the cryptographic architecture and implementation of Android’s hardware-backed Keystore in Samsung’s Galaxy S8, S9, S10, S20, and S21 flagship handsets.
TEEs (Trusted Execution Environments) are a safe zone that provides an isolated environment for the execution of Trusted Applications (TAs) to maintain confidentiality and integrity. The hardware-backed Keystore on Android is a technology that simplifies the production and storing of cryptographic keys within the TEE, making them more challenging to extract from the device while preventing direct access by the underlying operating system.
Instead, the Android Keystore offers APIs in the form of Keymaster TA (trusted application) to execute cryptographic activities, such as safe key creation, storage, and use for digital signature and encryption, within this environment. The Keymaster TA operates on an ARM TrustZone-based TEE on Samsung mobile devices. However, security weaknesses discovered in Samsung’s implementation meant that an adversary with root capabilities might use them to extract the secure element’s hardware-protected private keys.
The following concerns have been identified:
- Initialization Vector (IV) reuse in Keymaster TA (CVE-2021-25444) – Before SMR AUG-2021 Release 1, an IV reuse issue in Keymaster allowed privileged processes to decode custom keyblobs (Galaxy S9, J3 Top, J7 Top, J7 Duo, TabS4, Tab-A-S-Lite, A6 Plus, and A9S are all affected).
- Downgrade attack in Keymaster TA (CVE-2021-25490) – Before SMR Oct-2021 Release 1, a keyblob downgrade attack in Keymaster allowed [an] attacker to exploit the IV reuse vulnerability with privileged processes (Galaxy S10, S20, and S21 are affected).
In a nutshell, effective exploitation of the weaknesses in the Keymaster TA might allow unauthorized access to TEE-protected keys and data. The consequences of such an assault might vary from simple authentication bypass to sophisticated attacks that can compromise cryptographic systems’ core security guarantees.
After responsible disclosure in May and July 2021, the flaws were fixed by security patches distributed in August and October 2021 for the impacted devices. The results will be presented at the USENIX Security Symposium later in August.
