Fingerprints On Mobile Devices: Abusing and Leaking

Transcription

1 Fingerprints On Mobile Devices: Abusing and Leaking I. Introduction YulongZhang,ZhaofengChen,HuiXue,andTaoWei FireEyeLabs Fingerprintscannersarebecomingmoreandmorepopularonthemodernmobiledeviceslike HTCOneMax,HuaweiMate7,iPhone5s/6/6+,andSamsungGalaxyS5.Basedonarecent projection[1],50%ofsmartphoneshipmentswillhaveafingerprintsensorby2019.those fingerprintscannersaremorethanjustagimmicktounlockyourphonexxtheycanalsoletyou convenientlyauthorizemoneytransactionswithaswipeofyourfinger.withtheintroductionof ApplePay,mobilepaymentisgoingtobeaprimarydriverforfingerprintsensors.Mostof ApplescompetitorshavereactedquicklytomatchApplesmobilepaymentleadinthemarket. However,howsecurethosefingerprintframeworksaredesignedremainsthecustomers biggestconcern.inthetraditionalpasswordxbasedauthsystems,victimscaneasilyreplacethe stolenpasswordswithanewone.butfingerprintslastforalifexxonceleaked,theyareleaked fortherestofyourlife.moreover,fingerprintsareusuallyassociatedwitheverycitizen sidentity, immigrationrecord,etc.itwouldbeahazardiftheattackercanremotelyharvestfingerprintsin alargescale. Previouslytherehavebeensomeworksfocusingonfingerprintspoofingattack[2][3].These worksdemonstratethatfingerprintscanbestolenfrompolishedsurfaces(e.g.smartphone screens)orfromawavinghandphoto,andcanbespoofedusingelectricallyconductive materials.wecategorizethistypeofattackasopticalattacks.inthispaper,wewillratherfocus onthesystemattacksofmobilefingerprintauthframework.toourknowledge,wearethefirst todiscussthistypeofthreats. Wewillanalyzethemobilefingerprintauthenticationandauthorizationframeworks,anddiscuss severalsecuritypitfallsofthecurrentdesigns,including: ConfusedAuthorizationAttack Unsecurefingerprintdatastorage Trustedfingerprintsensorsexposedtotheuntrustedworld BackdoorofpreXembeddingfingerprints Thispaperisstructuredasfollows:wewillintroducethebackgroundoffingerprintauth frameworkinsectionii,anddescribedetailedvulnerabilitiesinsectioniii.furtherdiscussions willbeprovidedinsectioniv.weconcludethepaperinsectionv.

2 II. Background 1. Original Mobile Fingerprint Auth Framework Figure1:Originalmobilefingerprintauthframework Figure1illustratesthenormaldesignofmobilefingerprintauthentication/authorization framework.anexampledevicewiththisdesignishtconemax.inthisdesign,thekernel interactsdirectlywiththefingerprintsensor,andvendorfingerprintlibraries(nativecode)and fingerprintservices(javacode)providefunctionalwrappingofcommonfingerprintauth operations.thehighlevelauthlogicisimplementedinspecificappsbyinvokingvendor exposedapis. ThereisanobvioussecurityweaknesswiththisdesignXXthefingerprintsarejustassecureas thekernel.iftheattackerrootsthedevice,he/shecanstealthefingerprintdata.unfortunately therearequiteafewpublicknownkernelvulnerabilitiesthatcanbeexploitedtorootthe majorityofandroiddevices,likeframaroot[4],towelroot[5],andpingpongroot[6],etc.thus thevendorsarenowmovingtoamoresecureddesignwiththehelpofarmtrustzone[7]. 2. Mobile Fingerprint Auth Framework with TrustZone

3 Figure2:TrustZoneisolationonmobiledevices Figure3:TheimprovedmobilefingerprintauthframeworkwithTrustZoneisolation Figure2showsthegeneralarchitectureformobileplatformsequippedwithTrustZone. TrustZoneisolatesthenormalworld(thenormaluser/kernelmode)andthesecureworld (TrustedExecutionEnvironments,orTEE)bycreatingadditionaloperatingmodes,knownas thesecuremodeandthemonitormode.thesecuremodehasthesamecapabilitieswiththe normalworldwhileoperatinginaseparatememoryspace.thetrustzonemonitoractsasa virtualgatekeepercontrollingmigrationbetweenthetwoworlds.thenormalworldcanissue requeststothesecureworldviasecuremonitorcalls(smc). Sincethenormalworldcannottouchthesecureworld smemory,fingerprintscanbewell protectedintrustzonefrombeingaccessedbynormalworldattackers.figure3depictsthe enhancedfingerprintauthframeworkutilizingtrustzone sprotection.inthisdesign,the fingerprintsensordriver,fingerprintrecognitionlogic,andthefingerprintdataareallisolatedin thesecureworld,sothefingerprintauthframeworkremainssecureevenifthenormalworld kerneliscompromised.

4 Althoughtheenhanceddesignhasbeenmuchsecurerthantheoriginaldesign,inthenext sectionwewillrevealthattherearestillmanyseveresecuritypitfalls. III. Vulnerabilities 1. Confused Authorization Attack Thefirstvulnerabilityisthatallthefingerprintframeworksarepronetothe Confused AuthorizationAttack,whichhaslongbeenoverlooked.Authorizationgrantsaccessrightsto resources,whileauthenticationverifieswhoyouare.securitysystemsoftenmistakenlytreat authorizationasauthentication,orfailtoprovidecontextprooffortheauthorizationobjects. Withoutpropercontextproof,theattackercanmisleadthevictimtoauthorizeamalicious transactionbydisguisingitasanauthenticationoranothertransaction.forexample,asshown infigure4,theattackercaneasilyfakealockscreentofoolthevictimtothinkthathe/sheis swipingfingertounlockthedevice,butthefingerprintisactuallyusedtoauthorizeamoney transferinthebackground. CurrentlytheFIDOAllianceisdevelopingthespecificationofsecureauthenticationand authorizationprotocolsforthemobileecosystem.asfidodescribesinthespecification[12]: Basically(if(a(FIDO(UAF(Authenticator(has(a(transaction(confirmation(display(capability,(FIDO( UAF(architecture(makes(sure(that(the(system(supports(What(You(See(is(What(You(Sign(mode( (WYSIWYS).(A(number(of(different(use(cases(can(derive(from(this(capability(EE(mainly(related(to( authorization(of(transactions((send(money,(perform(a(context(specific(privileged(action,( confirmation(of( /address,(etc). FIDO sspecificationrequiresthat the(transaction(confirmation(display(component(implementing( WYSIWYS(needs(to(be(trusted.However,theoriginalfingerprintauthframeworkhasno reliablewaytoprovidetheauthorizationcontextproof.theframeworkwithtrustzonecanbe improvedtoachievethisgoal(thetrustletmodulesintrustzonecanbemodifiedtoprovidethe contextproof),butsofar(june2015)wehaven tseenanymajorvendorthatimplementedthis feature.

5 Figure4:Illustrationofusingconfusedauthorizationattacktoauthorizemoneytransfer 1 2. Fingerprint Data Storage Vulnerability Thesecondissueisthatnotallthevendorsstorethefingerprintssecurely.Whilesomevendors claimedthattheystoreuser sfingerprintsencryptedinasystempartition,theyputusers fingerprintsinplaintextandinaworldxreadableplacebymistake.oneexampleishtcone MaxXXthefingerprintissavedas/data/dbgraw.bmpwith0666permission(worldXreadable) 2. Anyunprivilegedprocessesorappscanstealuser sfingerprintsbyreadingthisfile.other vendorsstorefingerprintsintrustzoneorsecureenclave,buttherearestillknown vulnerabilitiesforattackerstoleveragetopeekintothesecretworld[8][9]. Tomakethesituationevenworse,eachtimethefingerprintsensorisusedforauthoperation, theauthframeworkwillrefreshthatfingerprintbitmaptoreflectthelatestwipedfinger.sothe attackercansitinthebackgroundandcollectthefingerprintimageofeveryswipeofthevictim. Notethatthereissomespecialtyoftheformatoftherawfingerprintbitmapimage.Normallythe sizeofeachbitmaprowisroundeduptoamultipleof4bytesbypadding.butasamplerowof therawfingerprintbitmaplookslike: 01 FE A0 A0 A0 A0 A0 A0 B0 A0 80 [...] B0 B0 B0 A0 B0 A0 A0 A0 A0 A0 A0 A0 90 A0 A B Thisisageneralissueforfingerprintbasedpaymentformobile.Thedeviceshownisjustforillustration andisnotnecessarilyvulnerable. 2 HTChaspatchedthisvulnerabilityperournotification

6 Weobservedthatalltherowsstartwith0xFE01.Thisisprobablyusedtomarkthebeginningof eachfingerprintimageline.andeachlinehas187bytesofdata(including0xfe01),whichis not4xbytealigned.ifoneopenstherawfingerprintbitmapimagedirectly,itwilllooklikefigure 5(a).Afterappropriatelypadding,itwillbecorrectlylooklikeFigure5(b).Thefingerprintbitmap imageisblurryinthebottomandhasmoredetailsintheupperpart.also,onemaynoticethat theimageisvisiblyseparatedintotwohorizontalparts,andtheleftpartisalmosttwicethewidth oftherightpart.thisisthedesignnatureofcertainsensorchips.wejustpresenttheimageas itis. (a)(b) Figure5:FingerprintbitmapobtainedfromHTCOneMax.Boththerawbitmap(a)andthereX alignedversion(b)areshown.weonlypastedasmallportionoftheimagestoprotectthe fingerprintowner sanonymity. 3. Fingerprint Sensor Exposure Vulnerability EveniftheprotectionoffingerprintdatainTrustZoneisindeedtrustworthy,itonlymeansthat thefingerprintspreviouslyregisteredonthedevicesaresecured.wefoundthatthefingerprint sensoritselfinmanydevicesisstillexposedtotheattackers.althoughthearmarchitecture enablesisolatingcriticalperipheralsfrombeingaccessedoutsidetrustzone(e.g.by programmingthetrustzoneprotectioncontroller),mostvendorsfailtoutilizethisfeatureto protectfingerprintsensors 3.Tothebestofourknowledge,wearethefirstoftheworldtoput forwardthefingerprintsensorspyingthreats. 3 Asofwriting,wehaveconfirmedthisvulnerabilityonHTCOneMax,SamsungGalaxyS5,etc.All vendorshaveprovidedpatchesperournotification.

7 Figure6:Hownormalworldissupposedtointeractwiththefingerprintsensor(TrustZone shouldalwaysactasthemediator) Figure7:Malwareinthenormalworldcandirectlyreadthefingerprintsensor AsshowninFigure6,insteadofdirectlycommunicatingwiththefingerprintsensor,allthe normalworldcomponentsaresupposedtoinvokethetrustzonefingerprintforsensor operations.however,mostvendorsfailtolockdownthesensor(frombeingaccessedbythe normalworldprograms)whentheprocessorswitchedbackfromthesecureworld.withoutthe properlockxdown,theattackerfromnormalworldcandirectlyreadthefingerprintsensor(shown infigure7).notethatattackerscandothisstealthilyinthebackgroundandtheycankeep readingthefingerprintsoneverytouchofthevictim sfingers.thisalsoindicatesthatattackers withremotecodeexecutionexploits(e.g.[11])canremotelyharvesteveryone sfingerprintsina largescale,withoutbeingnoticed. Giventhatthefingerprintsensorisexposedtothenormalworld,theonlyprotectionisthe accesspermissionenforcedbythenormalworldkernel.unfortunately,onsomephones,the sensorisonlyguardedby system privilegeinsteadof root.thisdecreasestheattack difficultysincetherearesomeeasierxtoxexploitvulnerabilities(e.g.cvex2015x1474)togainthe system privilegecomparedtothe root privilege.

8 Afterobtainingenoughprivilegetoread/writethesensor,theremainingmatterishowto configurethesensorintothestatetoactivelyreadfingerprints.usuallythefingerprintsensor s IOoperationsareopenXsourcedandmayincludethefollowing: IOCTL_POWER_ON IOCTL_POWER_OFF IOCTL_DEVICE_RESET IOCTL_SET_CLK IOCTL_CHECK_DRDY IOCTL_SET_DRDY_INT IOCTL_REGISTER_DRDY_SIGNAL IOCTL_SET_USER_DATA IOCTL_GET_USER_DATA IOCTL_DEVICE_SUSPEND IOCTL_STREAM_READ_START IOCTL_STREAM_READ_STOP IOCTL_RW_SPI_MESSAGE IOCTL_GET_FREQ_TABLE IOCTL_DISABLE_SPI_CLOCK IOCTL_SET_SPI_CONFIGURATION IOCTL_RESET_SPI_CONFIGURATION IOCTL_GET_SENSOR_ORIENT Notethatforcertainimplementations,althoughthesensorgotexposedtothenormalworld,the normalworldkernelhasstrippedoutcertainioctlhandlers.malwarecanutilizesomekernel exploittodynamicallyenablesuchfunctionalities(e.g.throughcodeinjectionorrop).malware withrootprivilegecanalsoflashacustomizedkernelwithsuchioctlhandlersenabledintothe Android sbootpartition. MalwarecanuseIOCTL_REGISTER_DRDY_SIGNAL toregisterastheeventsignallistenerofthe sensordevice.thenitcansequentiallyinvokeioctl_power_on,ioctl_set_clk, IOCTL_DEVICE_RESET,IOCTL_SET_DRDY_INT,IOCTL_CHECK_DRDY, IOCTL_STREAM_READ_START,etc.toinitializethedevicetotheactivelyreadingfingerprintsstate. Oncethesensorisintheactivereadingstate,malwarecankeepstealingusers fingerprints silentlyinthebackground.forsomedevices,thefingerprintsensorisintegratedontothehome button,whichmeansthattheattackercanstealusers fingerprintsoneverytouchofthehome button. 4. Pre-embedded Fingerprint Backdoor Moreover,theattackerscanstealthilyembedprefabricatedfingerprintsinthedevicesasan authorizationbackdoor,beforeprovidinganewdevicetothevictim.therootcauseofthis vulnerabilityisthattheuidisplayingthenumberofregisteredfingerprintsisaseparate

9 component(inthenormalworld,withouttrustzone sprotection)fromtheactualfingerprintauth frameworkinthesecureworld.attackerscandeceivetheusertobelievethatthereareonlyn fingerprintregisteredonthedevicebutthereareactuallymorethann.suchextraprex embeddedfingerprintcanbeusedtobypasstheauthframeworklikeabackdoor. ItisusuallytheSettingsappthatdisplaystheregisteredfingerprintnumbertotheusers,sothe attackerneedstomodifythesettingsapp.forexample,onmanydevices,onecanmodifythe enrolledfingerprintnummethodof!the!class com/android/settings/fingerprint/fingerprintsettingsinsecsettings.apk,by changingthereturnvalueofgetenrolledfingerstobenem,wherenistheactualregistered fingerprintnumberandmisthenumberoffingerprintsprexembeddedbytheattacker. NotethatSettingsisasystemapp,theattackerneedstosigningthemodifiedSettingsappwith thesameprivatekeythatsignstheothersystemapps,whichisthephonevendor sprivatekey anddifficultforattackerstoobtain.theattackercouldalsoextracttheromandresigningall thesystemapps(includingthereplacedsettingsapp)usingtheattacker sownprivatekey. Iftheattackerhasrootprivilege,anotheralternativeistodirectlydisablethesystemsignature checking.mostofandroiddevicesenforcethesystemsignaturecheckingbasedonthe comparesignaturesmethodintheclasscom/android/server/pm/packagemanagerservice implementedin/system/framework/services.jar.itwillreturnzeroifsignaturematch,and nonxzerootherwise.therefore,onecanmodifythismethodtoalwaysreturnzero,sothatthe systemsignaturecheckingwillalwayssuccess. IV. Discussion 1. Suggestions to mobile users and vendors Toavoidbeingattackedbymalwareorbeingexploitedforremotecodeexecution,wesuggest normaluserstochoosemobiledevicevendorswithtimelypatching/upgradingtothelatest version(e.g.androidlollipop),andalwayskeepyourdeviceuptodate.also,itisalwaysa goodpracticetoinstallpopularappsfromreliablesources.enterprise/governmentusersshould seekforprofessionalservicestogetprotectionsagainstadvancedtargetedattacks. Mobiledevicevendorsshouldimprovethesecuritydesignofthefingerprintauthframeworkwith improvedrecognitionalgorithmagainstfakefingerprintattacks,andbetterprotectionofboth fingerprintdataandthescanningsensor.moreover,vendorsshouldfigureouthowto differentiateauthorizationwithauthenticationandprovidecontextproof.theexistingfingerprint authstandardshouldbefurtherimprovedtoprovidemoredetailedandsecuredguidelinesfor

10 developerstofollow.finally,givenasecuritystandard,vendorsstillneedprofessionalsecurity vetting/auditstoenforcesecureimplementations. 2. Suggestions to the overall fingerprint auth ecosystem Actuallyallthefourvulnerabilities/attacksdescribedinthispaperarecommonlyapplicabletoall thefingerprintbasedauthentication/authorizationplatforms.forexample,manyhighxend laptopsequipfingerprintscannerstoauthenticateandauthorizeuserlogin.sincethefingerprint driverisakernelmodule,itisonlyassecureasthekernel.attackerswithkernelexploitcan stealfingerprintdataorcollectfingerprintfromthesensorinthebackground. Forexternalfingerprintscannersusedforidentityrecognition(e.g.inthecustomhouse, immigrationoffice,andthedmv),dooraccesscontrol,ormoneytransactioninbanks,the situationissimilar.sowesuggestthatthefingerprintauthframeworkforallplatformsshould alsobeimprovedtobetterprotectfingerprintdataandsensor(andprovidedefenseofanyother attacksdescribedinthispaperifapplicable). V. Conclusion Inthistalk,werevealedsomesevereissueswiththecurrentAndroidfingerprintframeworksthat havelongbeenneglectedbyvendorsandusers.weprovidedinxdepthsecurityanalysisofthe popularmobilefingerprintauthentication/authorizationframeworks,anddiscussedthesecurity problemsofexistingdesigns,including(1)theconfusedauthorizationattackthatenables malwaretobypasspayauthorizationsprotectedbyfingerprints,(2)insecurefingerprintdata storage,(3)fingerprintsensorexposedtotheuntrustedworld,and(4)prexembeddedfingerprint backdoor.wealsoprovidedsuggestionsforvendorsanduserstobettersecurethefingerprints. References [1] [2] [3] [4] [5] [6] [7] [8] [9] android [10] pc_bp147_to.pdf

11 [11] AndroidXInXTheXGoldenXAgeXOfXAdXLibs.pdf [12]