A team of academic researchers has shared a detailed study about a major security design flaw in Samsung mobile phones. The researchers tested several Samsung flagship phones and found errors in the TrustZone implementation that allow extracting cryptographic keys.
Samsung Phones TrustZone Design Flaw
Elaborating their findings in a detailed research paper, researchers from Tel-Aviv University described how Samsung phones put users’ security due to faulty TrustZone OS implementation.
Briefly, most Android phones of today rely on ARM TrustZone hardware support for the secure Trusted Execution Environment (TEE).
In simple words, TEE is an isolated environment on a device meant for storing sensitive data in encrypted form. It remains outside the usual operating system (such as Android OS) and hence, segregated from regular apps.
For this, TEE runs on its own operating system, the TrustZone Operating System (TZOS), which the vendors deploy at their discretion to implement cryptographic functions. Unfortunately, that’s where Samsung lagged.
Specifically, the researchers found the vulnerability in the Keymaster TA (Trusted Application), through which Samsung implements the Hardware Abstraction Layer (HAL) of the Android Keystore. Explaining these terminologies, the researchers stated,
The Android Keystore provides hardware-backed cryptographic key management services through a Hardware Abstraction Layer (HAL) that vendors such as Samsung implement. The Keystore exposes an API to Android applications, including cryptographic key generation, secure key storage, and key usage (e.g., encryption or signing actions).
About the attack
Samsung’s Keymaster TA runs the TrustZone on Samsung phones, performing cryptographic operations. Describing Keymaster TA functionality, the paper reads,
The Keymaster TA’s secure key storage uses blobs: these are “wrapped” (encrypted) keys that are stored on the REE’s file system. The “wrapping”, “unwrapping”, and usage of the keys are done inside the Keymaster TA using a device unique hardware AES key.
Being a “Secure World” component, only the Keymaster TA should have access to the secret keys, sans “Normal World”.
However, the faulty Keymaster TA implementation made it possible to extract the cryptographic keys.
The researchers tested Samsung Galaxy S8, S9, S10, S20, and S21 phones. They reverse-engineered Keymaster and demonstrated Initialization Vector (IV) reuse attack to retrieve the keys.
Alongside key retrieval, the researchers also demonstrated downgrade attacks that even make the latest Samsung phones vulnerable.
Technical details about the research methodology, attack model, and implications are available in the research paper.
Samsung Deployed Patches
Following this study, the researchers responsibly disclosed the vulnerabilities to Samsung in 2021.
First, they disclosed the IV reuse attack (CVE-2021-25444) in May. Then, they shared another report for the downgrade attack (CVE-2021-25490) in October. Both vulnerabilities received high-severity ratings.
In response, Samsung addressed both vulnerabilities and released patches, according to the August 2021 and October 2021 advisories. For fixing CVE-2021-25444, Samsung “removed the option to add a custom IV from the API. To patch CVE-2021-25490, the tech giant removed the “legacy key blob implementation” in the latest models S10, S20, and S21, running Android P or later.