TechSpot

Security researcher easily circumvents full disk encryption used by millions of Android devices

By Shawn Knight
Jul 1, 2016
Post New Reply
  1. Google’s implementation of full disk encryption on its Android mobile operating system was an important step forward in terms of personal privacy and security. But as security researcher Gal Beniamini discovered, however, it’s not fail proof.

    As Neowin explains, Android uses a strong 2048-bit RSA key alongside a user’s PIN, password or pattern to encrypt files. The key’s strength makes brute-force attacks nearly impossible but by utilizing flaws in select Qualcomm security measures plus Android kernel flaws, an attacker could obtain the key and thus, nullify full disk encryption.

    At that point, all an attacker would need to gain access to your data is your password. Given the poor password practices of most, that may not be too difficult to ascertain.

    Fortunately, Beniamini isn’t a nefarious hacker and has been working with both Qualcomm and Google to rectify some of the flaws.

    In a statement to Engadget, a Qualcomm representative said the two security vulnerabilities discussed in Beniamini’s post were also discovered internally and patches were made available to customers and partners.

    Similarly, a spokesperson for Google said they appreciate the researcher’s findings and paid him for his work through their Vulnerability Rewards Program. What’s more, they also rolled out patches for the issues earlier this year.

    The bad news, however, is that the core of the problem may be unpatchable without new hardware.

    Full details on the vulnerabilities can be found in Beniamini’s blog post.

    Permalink to story.

     
  2. Skidmarksdeluxe

    Skidmarksdeluxe TS Evangelist Posts: 6,491   +2,043

    I'm not going to be losing any sleep about this. If you're online you can be hacked, no matter what.
     
  3. Uncle Al

    Uncle Al TS Evangelist Posts: 1,666   +776

    Well said and spot on!
     
  4. Kibaruk

    Kibaruk TechSpot Paladin Posts: 2,508   +501

    Lol... this article is click bait, you made it sound like someone could access anything just like that.
     

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...