Skip to main content
banner image
venafi logo

Millions of Samsung Android Phones Shipped with Encryption Flaw [Report]

Millions of Samsung Android Phones Shipped with Encryption Flaw [Report]

samsung-galaxy-encryption-flaw
March 1, 2022 | Brooke Crothers

Researchers at Tel-Aviv University have found that Samsung phones shipped with design flaws in Android’s s hardware-backed cryptographic key management services. The flaw affects millions of Samsung’s flagship phones including the Galaxy S8, S9, S10, S20, and S21.

Take control of your machine identities now with Venafi
">

Samsung failed to implement Keymaster TA (Trusted Application) properly in its Galaxy series phones. These “severe” cryptographic design flaws could allow attackers to extract hardware-protected keys, according to a paper describing the problem.

The flaw was first reported by The Register.

ARM processor-based Android smartphones use a Trusted Execution Environment (TEE) to implement security functions. The TEE, in turn, runs a separate, isolated, TrustZone Operating System (TZOS) in parallel to Android. The problem lies in the “implementation of the cryptographic functions within the TZOS” which “is left to the device vendors, who create proprietary undocumented designs,” according to “Trust Dies in Darkness: Shedding Light on Samsung’s TrustZone Keymaster Design,” the paper authored by Tel-Aviv University researchers.

The TrustZone splits the device into two execution environments: (1) A non-secure REE (Rich Execution Environment) where the “Normal World” operating system runs and (2) a secure TEE where the “Secure World” operating system runs, according to the paper.

In most mobile devices, the Android OS runs the nonsecure Normal World. In the Secure World, there are more choices. For example, in Samsung devices, there are at least three different TrustZone Operating Systems in use, according to the paper.

Findings

“We present an IV reuse attack on AES-GCM that allows the attackers to extract keys from hardware-protected key blobs; and a downgrade attack that makes even the latest Samsung flagship devices vulnerable to our IV reuse attack," the paper says.

An IV (initialization vector) reuse attack can adversely impact encryption randomization. AES with Galois/Counter Mode (AES-GCM) is an authenticated encryption algorithm.

The paper continues:

“Surprisingly, we discovered that the Android client is allowed to set the IV when generating or importing a key. All that is necessary is to place an attacker-chosen IV as part of the key parameters and it is used by the Keymaster TA instead of a random IV,” the paper says. 

Bane of encryption

“The IV is supposed to be a unique number each time, which ensures the AES-GCM encryption operation produces a different result even when the same plain text is encrypted,” as described by The Register.  “But when the IV...and encryption key remain the same, the same output gets generated. And that sort of predictability is the bane of encryption.”

A Downgrade Attack was also described by the paper. 

Experts were surprised by the lapses.

“[There are] serious flaws in the way Samsung phones encrypt key material in TrustZone and it’s embarrassingly bad. They used a single key and allowed IV re-use,” said Matthew Green, who teaches cryptography at Johns Hopkins University, in a tweet.

“So they could have derived a different key-wrapping key for each key they protect. But instead Samsung basically doesn’t. Then they allow the app-layer code to pick encryption IVs. This allows trivial decryption,” Green said in another tweet.

Venafi has reached out to Samsung for comment.

Proper Encryption Strategies

Encryption is a very powerful tool for securing corporate assets. To realize the full power of encryption, a mature organization will not only properly implement encryption but will go a step further and manage the encryption keys and certificates using an automated solution, such as Venafi’s Trust Protection Platform, paired with strong governance that includes best practices, policies, standards and awareness and training activities that complement the capabilities of the automated solution.

To learn more how Venafi Trust Protection Platform can supplement your data governance program, contact our experts.

Related Posts

 

Like this blog? We think you will love this.
encryption-key
Featured Blog

What Is Encryption Key Management?

Why Is Key Manag

Read More
Subscribe to our Weekly Blog Updates!

Join thousands of other security professionals

Get top blogs delivered to your inbox every week

Subscribe Now

See Popular Tags

You might also like

TLS Machine Identity Management for Dummies
eBook

TLS Machine Identity Management for Dummies

Certificate-Related Outages Continue to Plague Organizations
White Paper

CIO Study: Certificate-Related Outages Continue to Plague Organizations

About the author

Brooke Crothers
Brooke Crothers
Read Posts by Author
get-started-overlay close-overlay cross icon
get-started-overlay close-overlay cross icon

How can we help you?

Thank you!

Venafi will reach out to you within 24 hours. If you need an immediate answer please use our chat to get a live person.

In the meantime, please explore more of our solutions

Explore Solutions

learn more

Email Us a Question

learn more

Chat With Us

learn more