Attacking the Linux PRNG on Android: Weaknesses in Seeding of Entropic Pools and Low Boot-Time Entropy

Presented at Black Hat Europe 2014, Oct. 16, 2014, 5 p.m. (60 minutes).

Android is the most prevalent Linux-based mobile Operating System in the market today. Many features of the platform security (such as stack protection, key generation, etc.) are based on values provided by the Linux Pseudorandom Number Generator (LPRNG) and weaknesses in the LPRNG could therefore directly affect platform security. Much literature has been published previously investigating and detailing such weaknesses in the LPRNG. We build upon this prior work and show that - given a leak of a random value extracted from the LPRNG - a practical, inexpensive attack against the LPRNG internal state in early boot is feasible. Furthermore, the version of the Linux kernel vulnerable to such an attack is used in the majority of Android-based mobile devices in circulation. We also present two real-world exploitation vectors that could be enabled by such an attack. Finally, we mention current mitigations and highlight lessons that can be learned in respect to the design and use of future PRNGs for security features on embedded platforms.


Presenters:

  • Sagi Kedmi - IBM Security Systems
    Sagi Kedmi is a Security Researcher with IBM Security Systems. The IBM Security Research Team is responsible for cutting-edge Application Security research and has published numerous vulnerabilities and whitepapers. Sagi holds a BSc in Computer Engineering from the Hebrew University and is currently pursuing an MSc in Computer Science.

Links:

Similar Presentations: