To gain a comprehensive understanding of this vulnerability, it is essential to grasp the purpose of file encryption on mobile devices. While most modern phones are encrypted by default, file-level encryption is necessary for apps like the Content App to ensure the confidentiality of files, even in the event of mobile device getting compromised.
However, the vulnerability identified by REQON indicates that this encryption was not securely implemented and could be bypassed. The vulnerability involves two weaknesses in the design of the Content App, which enable a malicious actor with root access to a Android device to decrypt all files without knowing the configured pincode.
The first weakness lies in the app’s crypto design. Through reverse engineering, it has been revealed that files stored within the Content App are encrypted with a symmetrical key derived from a single asymmetric private key stored in the app container on the device, as well as some parameters that can be derived from the encrypted file itself.
The second vulnerability stems from the pincode implementation. The pincode is not utilised in the encryption and decryption process, and it is not validated against a backend, making it very easy to bypass.