Android full disk encryption can be brute-forced on Qualcomm-based devices
Attackers can exploit vulnerabilities in Android devices with Qualcomm chipsets in order to extract the encrypted keys that protect users’ data and run brute-force attacks against them.
The attack was demonstrated last week by security researcher Gal Beniamini and uses two vulnerabilities patched this year in Qualcomm’s implementation of the ARM CPU TrustZone.
The ARM TrustZone is a hardware security module that runs its own kernel and Trusted Execution Environment independent of the main OS. On Qualcomm chips, the Trusted Execution Environment is called QSEE (Qualcomm Secure Execution Environment).
The full-disk encryption feature on Android devices relies on a randomly generated key called the device encryption key (DEK). This key is itself encrypted with another key derived from the user’s PIN, password or swipe pattern.