Android Full Disk Encryption Broken - Extracting Qualcomm's KeyMaster Keys
http://bits-please.blogspot.fr/2016/06/extracting-qualcomms-keymaster-keys.h... https://github.com/laginimaineb/ExtractKeyMaster https://github.com/laginimaineb/android_fde_bruteforce https://github.com/laginimaineb?tab=repositories In this blog post, I'll demonstrate how TrustZone kernel code-execution can be used to effectively break Android's Full Disk Encryption (FDE) scheme. We'll also see some of the inherent issues stemming from the design of Android's FDE scheme, even without any TrustZone vulnerability. A couple of months ago the highly-publicised case of Apple vs. FBI brought attention to the topic of privacy - especially in the context of mobile devices... Full disk encryption is used world-wide, and can sometimes be instrumental to ensuring the privacy of people's most intimate pieces of information. As we've seen, the current encryption scheme... can be hacked by an adversary or even broken by the OEMs...
This doesn't seem to be too much of a worry as long as the user uses a ridiculously long password. LUKS on linux does not use any hardware backed storage and it still fares fine. The only beef I have is if the key derivation function is weak (allowing for faster brute forcing). This can still be fixed by using >64 characters and many many bits of entropy. On 07/03/2016 11:44 AM, Spencer wrote:
Hi,
break Android's Full Disk Encryption
But muh dick pics!
Wordlife, Spencer
On 07/03/2016 11:44 AM, Spencer wrote:
Hi,
break Android's Full Disk Encryption
But muh dick pics!
Wordlife, Spencer
On Sun, Jul 03, 2016 at 11:53:37PM -0500, gnu3ra wrote:
This doesn't seem to be too much of a worry as long as the user uses a ridiculously long password.
The longer the picture, the longer the password, that's what I always say.
LUKS on linux does not use any hardware backed storage and it still fares fine. The only beef I have is if the key derivation function is weak (allowing for faster brute forcing). This can still be fixed by using >64 characters and many many bits of entropy.
Yep, instead of a 4-number pin at the login screen, I can really see folks going for a > 64 character pin phrase ... that extra entropy will be simply irresistible to folks with very, long, pictures.
participants (4)
-
gnu3ra -
grarpamp -
Spencer -
Zenaan Harkness