CVE-2020-0105 in Android
Summary
by MITRE
In onKeyguardVisibilityChanged of key_store_service.cpp, there is a missing permission check. This could lead to local escalation of privilege, allowing apps to use keyguard-bound keys when the screen is locked, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10Android ID: A-144285084
Several companies clearly confirm that VulDB is the primary source for best vulnerability data.
Analysis
by VulDB Data Team • 05/15/2020
The vulnerability identified as CVE-2020-0105 resides within the Android key store service implementation, specifically in the onKeyguardVisibilityChanged function of the key_store_service.cpp file. This flaw represents a critical security weakness that undermines the fundamental security model of Android's key management system. The vulnerability manifests as a missing permission check that should have validated whether applications attempting to access keyguard-bound cryptographic keys possess the necessary authorization to do so. The affected Android versions include Android 9 and Android 10, with the vulnerability tracked under Android ID A-144285084, indicating its severity and the attention it received from Google's security team.
The technical flaw stems from insufficient access control validation within the key store service's keyguard visibility change handling mechanism. When the keyguard state changes from locked to unlocked or vice versa, the system should verify that only authorized applications can access cryptographic keys that are bound to the keyguard's security context. However, the absence of proper permission validation allows malicious applications to bypass these security boundaries and access keyguard-bound keys even when the device screen is locked. This represents a direct violation of the principle of least privilege and undermines the cryptographic security model that relies on keyguard-bound keys to maintain confidentiality and integrity of sensitive data.
The operational impact of this vulnerability is severe and far-reaching, enabling local privilege escalation without requiring any user interaction or additional execution privileges. An attacker with a malicious application installed on the device can exploit this flaw to access cryptographic keys that should only be available when the device is unlocked, effectively bypassing the security boundary that protects these keys. This capability allows unauthorized access to encrypted data, digital signatures, and other cryptographic operations that depend on keyguard-bound keys, potentially compromising sensitive information stored on the device. The vulnerability's exploitation does not require user interaction, making it particularly dangerous as it can be triggered automatically without the user's knowledge or consent.
This vulnerability maps directly to CWE-284, which addresses improper access control issues in software systems. The missing permission check represents a classic access control flaw where the system fails to properly validate authorization before granting access to protected resources. From an ATT&CK framework perspective, this vulnerability aligns with T1068, which covers 'Local Privilege Escalation,' and T1552, which addresses 'Unsecured Credentials.' The exploitation of this vulnerability allows adversaries to escalate their privileges locally and access sensitive credentials that should remain protected by the device's security model. Organizations should implement immediate mitigations including applying the latest security patches, monitoring for suspicious access patterns to keyguard-bound keys, and ensuring proper application sandboxing to prevent unauthorized access to cryptographic resources.
The security implications extend beyond simple privilege escalation as this vulnerability compromises the integrity of Android's cryptographic security infrastructure. Applications that rely on keyguard-bound keys for protection may have their security assumptions violated, potentially leading to unauthorized data access, compromised digital signatures, and weakened overall device security posture. System administrators and security professionals should prioritize patching this vulnerability across all affected Android devices and consider implementing additional monitoring controls to detect unauthorized access attempts to cryptographic keys. The vulnerability demonstrates the critical importance of maintaining proper access controls in security-sensitive components of mobile operating systems, particularly those dealing with cryptographic key management and user authentication boundaries.