Full disk encryption vulnerabilities discovered in Qualcomm-powered Android devices11
The problem lies in both the hardware and software compartments, as Android stores the disk encryption keys in software, which makes them vulnerable to extraction on Qualcomm-powered devices due to two oversights in ARM's TrustZone – hardware-based security built into SoCs by semiconductor chip designers before they are distributed to the device manufacturers. The blog post also includes the exploit code capable to execute code within the TrustZone kernel and thus, to extract cryptographic keys, which can then be cracked in numerous different ways.
Beniamni also goes over Apple's approach to FDE, which is apparently pretty good at keeping your data safe. We are going to take a more summarized look at both systems.
Each iDevice has a unique 256-bit key that cannot be modified, called a Unique Identification Number (UID). It is randomly generated and basically fused in to the device's hardware at the factory. This key is bound to the device's hardware and is completely inaccessible to both software and firmware, meaning that even Apple cannot extract it from the device once it's been set. The UID is also used in combination with the user's password, in order to generate an encryption key which effectively “tangles” the device-specific key and the user's password. This complicates the matters for would-be attackers a lot, as it necessitates the use of the device itself for each cracking attempt, which in itself allows Apple to introduce a myriad of other measures – such as an incrementally increasing delay between subsequent password guesses – to further mitigate brute-force attacks.
The worst part is, Beniamini claims, that patching TrustZone vulnerabilities does not necessarily protect users from this issue, as even on patched devices, hackers can still obtain the encrypted disk image which can be used to roll the device back to a vulnerable version, extract the key by exploiting TrustZone, and crack the key.
Having said all that, Beniamini claims that regular users are not likely to fall victim to such an attack, as the protection scheme involved is elaborate enough to not make it worthwhile for would-be attackers. Enterprise Android users on the other hand, are still at risk. Beniamini is currently working with both Google and Qualcomm to come up with a solution to the issue and we can only hope for the best.
source: Gel Beniamini via ARS Technica