Implementing Cryptography right is hard

The security researcher Gal Beniamini has just published here the results of his investigation on the security of Android’s Full Disk Encrytion and found a way to get around it on smartphones and tablets based on the Qualcomm Snapdragon chipset.

The cryptography is ok but some a priori minor implementation details give the possibility to resourceful attackers (like state / nation agencies or well funded organized crime groups) of extracting the secret keys which should be protected in hardware. The knowledge of these keys would allow to decrypt the data in the file systems, the very issue which has been at the basis of the famous Apple vs. FBI case a few months ago.

Software patches have been released by Google and Qualcomm but, as usual with smartphones and tablets, it is not clear how many afflicted devices have received the update or will ever receive it.

In a few words, the problem lies in the interface between the Qualcomm’s hardware module, called the KeyMaster module, which generates, manages and protects the secret keys and the Android Operating System that needs to indirectly access the keys in this case to encrypt and decrypt the file-system. Some KeyMaster’s functions used by Android can be abused to make them reveal the secret keys.

This is another case which proves how it is difficult to implement cryptography right.

On Cryptolocker and the like

Cryptolocker and similar malware are getting more and more common. The latest versions that appeared work on also Android (one id called Simplelocker). In general what they do is to encrypt some or most of the files on your PC, tablet or smartphone, in particular text, sound, images and video files, which of course includes all your music video library.

Been a ransom, you are asked to pay some bitcoins (or similar untraceable currency) to get your files decrypted.The only defense, a part from keeping your PC clean, up-to-date, with good anti- … whatever … and being very careful on what you click and the email you open, is to keep very updated backups. Indeed once you get infected and locked / encrypted, there is absolutely nothing that you can do to decrypt the files (unless of course if you pay).

The only precaution is to have good and recent backups, and start all-over again from scratch.

But there is a very important point to remember here, not all backups are equal! Good backups are only those done on off-line media, like dvd, blu-ray disks, external usb disks that are connected only for the time of making the backup, and so on. In technical term it is often called an air-gapped backup, that is a storage that you cannot usually access from your device. This excludes most of the Clod storage and backup systems!

The reason for this is that if the backup is on a continuously or very often connected device, and the backup is done automatically as soon as new data is on your device, when the ransomware encrypts your file, the encrypted version is automatically copied on the backup device substituting the original data, and you can end up having also the backup data encrypted.

Note Added: Simplelocker is more a proof-of-concept than a real malware, in these two posts [1] and [2] Simon Bell describes the malware and how to decrypt the files.

A new way of authenticating yourself

We all know very well that username+password is a very weak form of authentication. Unfortunately alternative universal and more secure methods are not available.

Some researcher (see here for example) are proposing to use our mobile phones as pencils to draw our signature in the air and to use this movement as our password. This approach has many interesting characteristics, from the hardware-set used, to the movement itself which can be extremely difficult to replicate, much more difficult than a fingerprint, and a few drawbacks like the obvious need of space to do it.

There is already an App for Android that you can download here. In any case, more research is needed in particular in the full evaluation of the security features of this almost biometric authentication method.

Decrypting your Frozen Mobile Phone

The idea is not new, but the implementation is new, interesting and eye-catching. Tilo Müller and Michael Spreitzenbarth of FAU managed to implement FROST: “Forensic Recovery of Scrambled Telephones”.

The story in brief goes like this: Android phones from version 4.0, have a built-in option to encrypt all data on the storage device. Obviously data is decrypted on the fly when needed and stored not encrypted in the memory (RAM). When not needed anymore or the phone is turned-off, all un-encrypted data in RAM is very carefully deleted.

So what you do is to remove the battery with the phone on and then immediately restart the phone performing a so-called “cold.-boot”. In principle by removing the power all data is lost in the RAM and maintained (encrypted) only on the storage device. But it takes some (short) time for the RAM to forget all data, and this time depends on the kind/material of RAM chip and its temperature. Müller and Spreitzenbarth discovered that if the temperature of the chip in some Galaxy Nexus devices is below 10 degrees Celsius (please put your phone in the fridge…) then you have just enough time to read the unencrypted data in the RAM after the cold-boot, without need to know the password or PIN.

Enjoy the pictures on their website!