How to Crack Android Full Disk Encryption on Qualcomm Devices

The heated battle between Apple and the FBI provoked a lot of talk about Encryption – the technology that has been used to keep all your bits and bytes as safe as possible.

We can not say a lot about Apple's users, but Android users are at severe risk when it comes to encryption of their personal and sensitive data.

Android's full-disk encryption can be cracked much more easily than expected with brute force attack and some patience, affecting potentially hundreds of millions of mobile devices.

And the worst part:

There may not be a full fix available for current Android handsets in the market.

Google started implementing Full Disk Encryption on Android by default with Android 5.0 Lollipop. Full disk encryption (FDE) can prevent both hackers and even powerful law enforcement agencies from gaining unauthorized access to device's data.

Android's disk encryption, in short, is the process of encoding all user's data on an Android device before ever written to disk using user's authentication code. Once encrypted, the data is decrypted only if the user enters his/her password.

However, after thoroughly analyzing Android's full disk encryption implementation, a security researcher came to the conclusion that the feature is not as secure as the company claims it is, and he has a working code to prove it.

Cracking Android Full Disk Encryption: Exploit Available Online

Security researcher Gal Beniamini has discovered  issues (CVE-2015-6639 and CVE-2016-2431) in how Android devices handle its full disk encryption, making it easier for attackers to gain access to the user's sensitive data.

Beniamini also published a detailed step-by-step guide this week on how one can break down the encryption protections on Android smartphones powered by Qualcomm Snapdragon processors.

You can find the full source of the exploit on GitHub.

Basically, Android's disk encryption on devices with Qualcomm chips based only on your password. However, in real, Android uses your password to create a strong 2048-bit RSA key (KeyMaster) derived from it instead.

Qualcomm runs in the Snapdragon TrustZone to protect critical functions like encryption and biometric scanning, but Beniamini discovered that it is possible to exploit an Android security flaw to extract the keys from TrustZone.

Qualcomm runs a small kernel in TrustZone to offer a Trusted Execution Environment known as QSEE (Qualcomm Secure Execution Environment) that allows small apps to run inside of QSEE away from the main Android operating system. KeyMaster is also a QSEE app.

The researcher has detailed how attackers can exploit an Android kernel security flaw to load their own version of QSEE app inside this secure environment, thereby exploiting privilege escalation flaw and hijacking of the complete QSEE space, including the keys generated for full disk encryption.

Once getting hold of this key, an attacker could perform a brute-force attack to grab the user password, PIN or lock, cracking Android's full disk encryption.

Moreover, Qualcomm or OEMs can comply with government or law enforcement agencies to break the FDE.

"Since the key is available to TrustZone, Qualcomm, and OEMs [Original Equipment Manufacturers] could simply create and sign a TrustZone image which extracts the KeyMaster keys and flash it to the target device," Beniamini wrote. "This would allow law enforcement to easily brute force the FDE password off the device using the leaked keys."

Beniamini has provided all the technical bits of the analysis on this blog, so you can go through this blog if you are interested in having highly technical details on the issue with Android's FDE.

Although Beniamini is working with both Qualcomm as well as Google, the core of the issue might not be completely fixable and might even require new hardware changes to fix.