Millions of Samsung Phones Shipped With Encryption Flaw - ThreatWire
Added 2022-03-02 23:30:01 +0000 UTCBy Shannon Morse, ThreatWire
About 100 million Samsung smartphones include a “severe” design flaw that could have allowed an attacker to steal the cryptography keys for encryption. This is now patched but it was discovered to affect Samsung Galaxy S8, 9, 10, 20, and 21 devices due to how the hardware encryption implementation called Keystore was designed. Keystore resides within the Trusted Execution Environment or TEE and creates and stores the cryptographic keys for the device. This environment is isolated which makes it harder for anything within the TEE to be extracted.
But according to a group of researchers from Tel Aviv University, Keystore was doing this wrong. It was exposing APIs in the form of a Keymaster trusted application, so an attacker who had root could extract the private keys. This included two main flaws with separate CVEs: CVE 2021 25444 and CVE 2021 25490. The first was an initialization vector reuse flaw, and the second was a downgrade attack.
After discovery, the researchers shared this information with Samsung and they were remediated in security updates that were pushed out in August and October. The researchers explained that one of the major reasons problems like this occur is because brands like Samsung and Qualcomm are very private about how they implement their cryptographic systems. They mention that these products should be audited and reviewed by independent researchers and shouldn’t rely on reverse engineering proprietary systems.
Samsung encryption:
https://eprint.iacr.org/2022/208.pdf
https://thehackernews.com/2022/02/100-million-samsung-galaxy-phones.html
https://threatpost.com/samsung-shattered-encryption-on-100m-phones/178606/
