Android Full Disk Encryption Flaw Found

Google's Android operating system can provide full disk encryption, but there are some issues that make it more breakable than it should be under some circumstances. Android 5 or later, particularly if running on devices with a Qualcomm processor are demonstrably hackable, researcher Gal Beniamini has shown.
While the technical details are all here, the gist of the research is that Android uses a strong 2048-bit RSA key alongside the user’s PIN, password or pattern to encrypt files. That strong RSA key makes brute-force attacks, where a computer simply tries every single possible combination of a password, almost impossible.
However, the researcher proved that thanks to flaws in the way Qualcomm implements some security measures, combined with Android kernel flaws, an attacker could get that key. That means that all that stands between him and your data is your password. And we know how good users are at choosing secure passwords.

No comments:

Post a Comment