Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Sudden activation loss on Google Pixel devices #354

Closed
hvge opened this issue Feb 11, 2021 · 0 comments
Closed

Sudden activation loss on Google Pixel devices #354

hvge opened this issue Feb 11, 2021 · 0 comments
Assignees
@hvge
Labels
android bug critical

Comments

@hvge
Copy link
Member

hvge commented Feb 11, 2021
edited

We have plenty of reports from our bank customers that activation on PowerAuth based application is sporadically lost on Google Pixel 3 (and newer) devices. From the end-user perspective, the application suddenly loses its activation and switch to a default, not-activated state. After weeks of investigation, we believe that this is due to the unreliability of StrongBox implementation available on such devices.

Since version 1.4.2, PowerAuth mobile SDK uses Android KeyStore backed AES key to protecting its local activation data on the device. The AES-GCM with 256-bit wide key is used. Unfortunately, our implementation is very sensitive to failures, so any data decryption failure may lead to false information that there's no activation data available on the device. So, the result is that the application may end in the default state.

Steps to reproduce

Unfortunately, there are no direct reproduction steps available for PowerAuth mobile SDK. It's challenging to reproduce this bug, so we're using a simplified test application that repetitive perform encrypt and decrypt operation in a similar manner to our SDK. The application is derived from the original work done for CVE-2019-9465.

Our results clearly show that for StrongBox backed keys, the test application sooner or later fails to decrypt data. Following crash logs were collected from two instances of the test app, run in parallel:

All above crashes were collected on fully updated Google Pixel 4 device.

Proposed solution

The best what we can do in this situation is to blacklist the problematic devices. So, we have to implement the following changes to SDK:

  • Add a list of problematic devices (Pixel 3, 4, etc...) that should not use StrongBox backed key.
  • Transparently migrate data encrypted with StrongBox key to non-StrongBox key.

The fix will be implemented for 1.4.x, 1.5.x and develop branches.
@hvge hvge self-assigned this Feb 11, 2021
@petrdvorak petrdvorak mentioned this issue Feb 25, 2021
Closed
hvge added a commit that referenced this issue Mar 1, 2021
@hvge
Android: Fix #354: Don't use StrongBox on Google Pixel devices.
d19571f 
This fix adds transparent data re-encryption in case that SDK determines that device has unreliable StrongBox implementation.
hvge added a commit that referenced this issue Mar 3, 2021
@hvge
Android: Fix #354: Don't use StrongBox on Google Pixel devices (1.5.x…
474b7f0 
… release)

This fix adds transparent data re-encryption in case that SDK determines that device has unreliable StrongBox implementation.
This is cherry-picked commit from develop with removed `androidx` dependencies, so it can be backported to 1.5.x and 1.4.x SDKs
hvge added a commit that referenced this issue Mar 3, 2021
@hvge
Android: Fix #354: StrongBox is now by default turned off for ALL dev…
3fcf4eb 
…ices
hvge added a commit that referenced this issue Mar 4, 2021
@hvge
Android: Added missing inline documentation and improved tests #354
21d846a
@hvge hvge closed this as completed in c3887b7 Mar 16, 2021
hvge added a commit that referenced this issue Mar 16, 2021
@hvge
Android: Fix #354: StrongBox is now by default turned off for ALL dev…
8fe6b1f 
…ices (1.5.x branch)
hvge added a commit that referenced this issue Mar 16, 2021
@hvge
Android: Added missing inline documentation and improved tests #354 (…
af523f9 
…branch 1.5.x)
hvge added a commit that referenced this issue Mar 16, 2021
@hvge
Android: Fix #354: Don't use StrongBox on Google Pixel devices (1.5.x)
5649f85 
This fix adds transparent data re-encryption in case that SDK is configured to do not use StrongBox backed key on supported devices. By default, SDK do not use StrongBox backed keys.
hvge added a commit that referenced this issue Mar 16, 2021
@hvge
Android: Fix #354: Don't use StrongBox on Google Pixel devices (1.4.x)
9f4fb66 
This fix adds transparent data re-encryption in case that SDK is configured to do not use StrongBox backed key on supported devices. By default, SDK do not use StrongBox backed keys.
@hvge hvge mentioned this issue Mar 17, 2021
Closed
@hvge hvge mentioned this issue Mar 25, 2021
Closed
@luckyrat luckyrat mentioned this issue Jul 11, 2022
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@hvge hvge

Labels
android bug critical
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@hvge