Faux Disk Encryption: Mobile phone crypto not a magic bullet
And sorry fandroids, iOS provides 'more granular control'
Black Hat Europe Full-disk encryption on mobile devices is nowhere near as secure as commonly believed and Android offers less granular control than iOS, according to security researchers from NCC Group.
Daniel Mayer and Drew Suarez debunked some commonly held but inaccurate beliefs about smartphone crypto as well as presenting a comparison between iOS and Android during a presentation at last week’s Black Hat Europe conference in Amsterdam, The Netherlands.
The talk, Faux Disk Encryption: Realities of Secure Storage on Mobile Devices, peeled out a few realities known to those in computer forensics, if not those in the wider IT community – much less the general public. In particular, the talk highlighted some of the risk that arise from lost or stolen devices.
For one thing, crypto keys are kept in memory if a smartphone is running, which means that attackers with physical access to a target smartphone or tablet can recover its secrets. Although passcode-protected iPhones have robust permissions tied into hardware components, it might still make sense to protect data until it is read. That way attackers would have to enter a code to get access to that information, even if they got their hands on a running device.
Suarez explained that the fragmentation of Android creates additional mobile device encryption security risks over and above those found on iOS devices. A targeted device may not be fully patched. In addition, not all the boot processes on Android are signed. This makes it possible to backdoor Android firmware and plant it on a device, given physical access. The same risk does not exist of iPhones and iPads because code is signed.
The latest version of Android (Marshmallow 6.0) mitigates several of these risks so arguably the bigger risk is that many mobile application developers fail to take advantage of security protections built into Android. More than 50 per cent make mistakes in this category, according to Suarez.
This is important because in traditional browser-server applications, data tends to be stored on the server side where tight controls can be enforced. In contrast, many mobile applications cache data locally on the device thus exposing it to a number of new attack vectors. Moreover, locally stored data often includes authentication tokens that are, typically, long-lived than browser applications.
The loss or theft of a device which grants an attacker physical access might therefore be be used to bypass security controls in order to gain access to application data. The research is far from theoretical. Mayer and Suarez told El Reg that problems with lost smartphones are already causing problems from NCC Group’s clients.
The talk aimed to helping mobile app developers to better understand the risks and thereby take steps to secure app data as well as debunking common misconceptions about full-disk encryption, which the researchers warned is not sufficient for most attack scenarios. More secure storage methods are available on both platforms and ought to be considered even though they may incur some usability tradeoffs that mean they aren’t suitable in every case.
A white paper on the research can be found here (pdf). The researchers’ 70 page presentation, which digs much deeper into the problem, is here (pdf). A video of an earlier version of the talk, as delivered at Black Hat US, can be found here. ®