Security News > 2022 > March > Samsung Encryption Flaw
Researchers have found a major encryption flaw in 100 million Samsung Galaxy phones.
We present an IV reuse attack on AES-GCM that allows an attacker to extract hardware-protected key material, and a downgrade attack that makes even the latest Samsung devices vulnerable to the IV reuse attack.
We demonstrate working key extraction attacks on the latest devices.
We also show the implications of our attacks on two higher-level cryptographic protocols between the TrustZone and a remote server: we demonstrate a working FIDO2 WebAuthn login bypass and a compromise of Google's Secure Key Import.
As we discussed in Section 3, the wrapping key used to encrypt the key blobs is derived using a salt value computed by the Keymaster TA. In v15 and v20-s9 blobs, the salt is a deterministic function that depends only on the application ID and application data, which the Normal World client fully controls.
Samsung took a secure cipher mode and implemented it insecurely.
News URL
https://www.schneier.com/blog/archives/2022/03/samsung-encryption-flaw.html