Samsung Delivered 100 Million Phones with Faulty Encryption

Samsung is thought to have shipped 100 million smartphones with flawed encryption, including models ranging from the 2017 Galaxy S8 to last year’s Galaxy S21. Tel Aviv University researchers discovered “serious” cryptographic design defects that might have allowed attackers to steal the devices’ hardware-based cryptographic keys, keys that unlock the vast trove of security-critical data present in smartphones. 

To keep crucial security operations isolated from normal apps, Android devices, which almost all employ Arm-compatible silicon, rely on a Trusted Execution Environment (TEE) backed by Arm’s TrustZone technology. TEEs use their own operating system, TrustZone Operating System (TZOS), and it is up to suppliers to integrate cryptographic features within TZOS. 

According to the researchers, the Android Keystore provides hardware-backed cryptographic key management via the Keymaster Hardware Abstraction Layer (HAL). Samsung implemented the HAL with Keymaster TA, a Trusted Application running in the TrustZone that performs cryptographic activities such as key generation, encryption, attestation, and signature creation in a safe environment. The outcomes of these TEE crypto calculations can subsequently be used in apps that run in less secure Android environments. 

The Keymaster TA saves cryptographic keys as blobs — the keys are wrapped (encrypted using AES-GCM) so that they may be saved in the Android file system. They should, in theory, only be readable within the TEE. 

Samsung Delivered 100 Million Phones with Faulty Encryption