A team comprising Tel Aviv University’s academics disclosed details of a severe design flaw found in Samsung devices in mid-2021, which the company patched by October 2021. However, the details of it were only been shared last week according to which the flaw might have risked roughly 100 million Samsung’s Android-based smartphones.
According to Tel Aviv University’s researchers, Alon Shakevsky, Eyal Ronen, and Avishai Wool, some Samsung Galaxy smartphones contained a major security flaw that exposed encrypted keys and let attackers perform “trivial decryption.”
The vulnerabilities were established as CVE-2021-25444 and CVE-2021-25490. The devices found to be at-risk were the company’s flagship models, including Samsung Galaxy S1 and S20, and some of its old smartphones, such as the S8, S9, and S10.
What was the Issue?
The flaw was detected in the encryption hardware feature of Samsung Galaxy smartphones, and it could have allowed threat actors to extract secret cryptographic keys. The flaws originated from the cryptographic design and how it was implemented on the hardware-backed Keystore in the abovementioned Samsung Galaxy models.
On Android devices, this Keystore is a system that allows the creation and storing of cryptographic keys within the Trusted Execution Environments or TEEs. TEEs are secure zones created to provide an isolated environment for Trusted Applications/Tas execution and perform critical security-related tasks to maintain data integrity and confidentiality. Hence, it becomes difficult to extract cryptographic keys from the device.
The flaw allowed the Keystore to expose APIs as Keymaster TA and perform cryptographic operations, such as generating secure keys, storing them, and using them for digital encryption and signing, within this new environment.
The report suggests that security flaws identified in Samsung Galaxy models could offer an attacker an opportunity to gain root privileges and recover the hardware-protected private keys and data stored by the TEE. If successfully exploited against Keymaster TA, the attacker can bypass authentication on the device and carry out advanced attacks such as breaking the fundamental security features of cryptographic systems.
Between May and July 2021, Tel Aviv University researchers informed Samsung Inc about the identified flaws under responsible disclosure. The flaws were patched through security updates in phones shipped in August and October 2021. The findings will be presented at the USENIX Security Symposium due to be held in August 2022.