Published: 05/08/2021 Updated: 01/08/2022

CVSS v2 Base Score: 2.1 | Impact Score: 2.9 | Exploitability Score: 3.9

CVSS v3 Base Score: 5.5 | Impact Score: 3.6 | Exploitability Score: 1.8

VMScore: 187

Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N

An IV reuse vulnerability in keymaster prior to SMR AUG-2021 Release 1 allows decryption of custom keyblob with privileged process.

Vulnerable Product	Search on Vulmon	Subscribe to Product
google android 8.1
google android 9.0
google android 10.0

Keybuster Keybuster is a research tool that allows to interact with the Keymaster TA (Trusted Application) on Samsung devices that run Android Keybuster implements a Keymaster client - based on the libkeymaster_helperso library from Samsung's Keymaster HAL - that sends custom requests to the Keymaster TA without any input validation or filtering Research Paper This repo

Samsung shipped '100 million' phones with flawed encryption

The Register • Thomas Claburn in San Francisco • 01 Jan 1970

Get our weekly newsletter Academics found TrustZone-level code could not be trusted to keep secrets

Academics at Tel Aviv University in Israel have found that recent Android-based Samsung phones shipped with design flaws that allow the extraction of secret cryptographic keys. The researchers – Alon Shakevsky, Eyal Ronen, and Avishai Wool – describe their work in a paper titled, "Trust Dies in Darkness: Shedding Light on Samsung's TrustZone Keymaster Design," which is scheduled for presentation at Real World Crypto and USENIX Security, 2022. Android smartphones, which pretty much all use Ar...

CVE-2021-25444

Vulnerability Summary

Vulnerability Trend

Github Repositories

Recent Articles

References

Vulmon Search

About

Products

Connect