CVE-2022-20377 – Google Android Fingerprint keymaster_ipc[.]cpp Local Privilege Escalation (11th Aug 2022)

Preface: Pixel phones install downloaded Android updates in the background. The installed updates become active the next time that you restart your phone.

Background: Protection of the sensitive date stored on the mobile devices is a hot topic.This is the reason why it is very important for mobile app developers to take care of it. As a result, the Google development team took advantage of this solution. The Android key store was created to allow you to use asymmetric keys and symmetric keys outside your application code.
HMAC stands for Hash-based Message Authentication Code or Keyed-hash Message Authentication Code. Android use it to verify the authenticity and integrity of data transmitted. HMACs are ideal for high-performance systems like routers due to the use of hash functions which are calculated and verified quickly unlike the public key systems.

Vulnerability details: In TBD of keymaster_ipc[.]cpp, there is a possible to force gatekeeper, fingerprint, and faceauth to use a known HMAC key. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Since the details not disclosed by vendor. One of the possible cause will be caused by the following issue. HMACs uses shared key which may lead to non-repudiation. Non-repudiation is a legal concept that is widely used in information security and refers to a service, which provides proof of the origin of data and the integrity of the data.
If either sender or receiver’s key is compromised then it will be easy for attackers to create unauthorized messages.

Official announcement – Please refer to the link for details – https://source.android.com/security/bulletin/pixel/2022-08-01

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.