Home » News » General » Android’s encryption system vulnerable to hacking

Android’s encryption system vulnerable to hacking

By Arnab Mukherjee | Updated on 05-Jul-2016
Android’s encryption system vulnerable to hacking
Arnab Mukherjee Arnab Mukherjee
05 Jul 2016 18:22
HIGHLIGHTS

Researcher shares method that renders Android 5.0 and above devices vulnerable to brute force hacking

One of the biggest area of drawbacks when it comes to Android devices is encryption, and that is exactly where it has been hit again. Security expert Gal Beniamini demonstrated the flaw in a blog post that goes deep into explaining the exact drawbacks that Qualcomm-powered Android device’s encryption system has, especially as compared to Apple’s encryption. While the flaw can be fixed by patches, this method can be easily bypassed by just downgrading to a pre-patched version of Android. 

Full Disk Encryption, the encryption system in place Android 5.0 onwards, is based on 128-bit device encryption which should be impossible to decrypt without the knowledge of the specific protection on the device – be it a PIN, a password or a gesture. The blog post reveals that since the encryption system on the Qualcomm-powered Android devices stores the encryption keys in software, they are vulnerable to a wide variety of attacks that can reveal the key from the device. This particular key can then be processed to crack the password.

The ARM processors sold by Qualcomm carry a security feature called TrustZone, which is what was exploited for two vulnerabilities that it had. Google and Qualcomm have since announced that patches have been released to fix this, but it is doubtful that Android users will benefit immediately from this. This is due to the way the Android ecosystem works – most users do not receive these patches due to update restrictions placed by manufacturers that prevent users from receiving updates directly from Google.

The researcher has since gone on to publish the code for this on Github and goes on to comment that this vulnerability could make hacking an Android phone easier both for hackers as well as law enforcement agencies directing the OEMs.

After the Apple-FBI encryption debate, which ultimately ended with FBI decrypting the phone themselves after apparently paying a huge sum, this revelation brings forth a significant trend in the Android ecosystem. And that trend might lead to your private information being in the hands of unknown malicious entities until some kind of an ecosystem-wide fix is developed.

Read the full blog post here

Arnab Mukherjee

Arnab Mukherjee

New Mobiles
Apple IPhone 15Redmi 12 5GRealme 11 Pro+ 5GApple IPhone 15 PlusNothing Phone 2
Top-10s
Best Mobile Phones under 15,000Best Mobile Phones under 20,000Best Mobile Phones Under 10,000Best Mobile PhonesBest 5G Mobile Phones
Terms of Use Privacy Policy About Us Advertise with us Contact Us SiteMap Current / Past Issue Magazine Subscription
9.9 Group

Digit.in is one of the most trusted and popular technology media portals in India. At Digit it is our goal to help Indian technology users decide what tech products they should buy. We do this by testing thousands of products in our two test labs in Noida and Mumbai, to arrive at indepth and unbiased buying advice for millions of Indians.

We are about leadership – the 9.9 kind Building a leading media company out of India. And, grooming new leaders for this promising industry.

logo logo logo logo logo logo
Copyright © 2007-24 9.9 Group Pvt.Ltd.All Rights Reserved.
Digit.in
Logo
Digit.in
Logo