Full disk encryption flaw could affect millions of Android users

Full disk encryption flaw could affect millions of Android users

When it comes to vulnerabilities and security, Google’s Android has never been in the good books of security experts or even its users to a great extent. Now, another vulnerability has surfaced that claims to leave millions of devices affected. Security expert Gal Beniamini has now revealed another flaw in Android encryption.

According to the DailyMail, the security researcher has said that Android devices with full disk encryption and powered by Qualcomm processors are at risk of brute force attacks wherein hackers can use persistent trial and error approach. Full disk encryption is on all devices running Android 5.0 onwards. It generates a 128-bit master key for a user’s password. The report adds that the key is stored in the device and can be cracked by malicious minds.

“Android FDE is only as strong as the TrustZone kernel or KeyMaster. Finding a TrustZone kernel vulnerability or a vulnerability in the KeyMaster trustlet, directly leads to the disclosure of the KeyMaster keys, thus enabling off-device attacks on Android FDE,” Beniamini explains.

A combination of things like Qualcomm processors verifying security and Android kernels are causing the vulnerability. Google along with Qualcomm is working at releasing security patches, but Beniamini said hat fixing the issue may require hardware upgrade.

“Full disk encryption is used world-wide, and can sometimes be instrumental to ensuring the privacy of people’s most intimate pieces of information. As such, I believe the encryption scheme should be designed to be as “bullet-proof” as possible, against all types of adversaries. As we’ve seen, the current encryption scheme is far from bullet-proof, and can be hacked by an adversary or even broken by the OEMs themselves (if they are coerced to comply with law enforcement),” he adds.

Lately, encryption debate had taken centre stage when Apple refused to unlock an iPhone belonging to a terrorist involved in San Bernardino shooting. The FBI reportedly managed to break into the device without Apple’s help and is believed to have paid a whopping $13 million to do so.

Recommended

The encryption challenge

IT managers know the movies get it wrong. A teenager with a laptop cannot crack multiple layers of encryption -- unless that laptop is connected to a supercomputer somewhere and the teenager can afford to wait a few billion years. Encryption works. It works so well that even the government gets stymied, as demonstrated by ...

How Apple makes encryption easy and invisible

Do you know how many times a day you unlock your iPhone? Every time you do, you’re participating in Apple’s user-friendly encryption scheme. Friday, the company hosted a security “deep dive” at which it shared some interesting numbers about its security measures and philosophy as well as user habits. To be honest, we’re less concerned ...

Apple’s rivals wary of taking stand on encryption issue, against the FBI

As Apple resists the US government in a high profile stand-off over privacy, rival device makers are, for now, keeping a low profile. Most are Asian companies — the region produces eight of every 10 smartphones sold around the world — and operate in a complex legal, political and security landscape. Only China’s Huawei has ...

Apple and FBI to testify before Congress next week over encryption

Over the past few days, Apple has made it abundantly clear that it will not comply with the FBI’s demand that it write a new piece of software to help bypass built-in iPhone security measures. On the contrary, Apple has said that it wants the FBI to withdraw all of its demands while adding that ...

暂无评论

发表评论

您的电子邮件地址不会被公开,必填项已用*标注。

This site uses Akismet to reduce spam. Learn how your comment data is processed.