Vulnerability can bypass the encryption endanger the majority of android devices-vulnerability warning-the black bar safety net

ID MYHACK58:62201676665
Type myhack58
Reporter 佚名
Modified 2016-07-07T00:00:00


! Chip manufacturer Qualcomm mobile processors in the presence of a vulnerability,the vulnerability exists in 6 0% of the android phone,the attacker can use it to hack the device in the full-disk encryption. All running the Qualcomm processor android device only 1 0% can be from this attack. Duo Labs researchers shows that this vulnerability and the android media server component,the component in the Qualcomm secure execution environment(QSEE)in the presence of a security risk. In General,an attacker can exploit these vulnerabilities through the physical way to bypass the full disk encryption(FDE)to access the phone. The vulnerability is in the last week is the Gal Beniamini found,it's found shifted before everyone's attention,Duo laboratory and Beniamini in 5 month published research,to draw attention to Google media server component in the presence of one is not to repair the vulnerability(CVE-2 0 1 6-2 4 3 1 A). Google after that fix the vulnerability,but most of the android phones haven't received the update notification. Duo laboratory shows that 5 7%of android phones exposed to this media server vulnerabilities to attack. Duo Labs blog wrote,“and 1 month of survey 6 0% in comparison,our data collection found that the situation has improved,there are now 5 to 7% of the android phones is threatened.” If the pre-installed did not fix the media server vulnerabilities still exist,in essence the attacker can use it to FDE the Pan function differential equations password attacks. Android phone and iPhone, like,limit to unlock the device a password input number of times. Just like Apple,Google set up the unlocking delay between attempts,in Frequent failed password attempts,will also appear there is an option to delete the user information. In android OS inside,the device encryption key is Hardware-Backed Keystroke Assembly(also called the key master). Key master is runningoperating systemthe security options of the device in one function. Beniamini in their discovery report in the technology section wrote,“but the key is the master module in the end security unsafe? Key master module function implementation depends on the SoC of the OEM, etc., and these are completely not recorded(essentially a black box) is. We can from the android official documentation to find some of the content, the‘key of the master module for android devices provide hardware support and a strong security service...... But this is definitely not enough.’” Key master module is dependent on Qualcomm for the Trusted Execution Environment(referred to as the QSEE) in. This one uses the Qualcomm chip so that the attacker can damage the device QSEE use of the code andoperating systemof the key master features for reverse engineering. In this case,the attacker can be of the TrustZone software to implement password attacks,but do not need to worry about because try the password too many times by hardware automatically delete data information. Beniamini wrote,“androidFDE and TrustZone kernel and the key master as not safe enough. Just find the TrustZone kernel, or the key of the master module of a vulnerability,you can decrypt the key master password,so the implementation of the androidFDE offline attack.” Under these conditions,the OEM will be in accordance with the provisions of to break the full disk encryption.” Since TrustZone can get the key,then the OEM will easily create a TrustZone image to display the key master password,and then sends it to the target device. This makes the attacker can use a leaked key to easily crack the FDE password.”