{"id":978,"date":"2016-07-05T06:10:20","date_gmt":"2016-07-05T06:10:20","guid":{"rendered":"http:\/\/www.dogoodsoft.com\/blog\/?p=978"},"modified":"2024-12-23T07:56:30","modified_gmt":"2024-12-23T07:56:30","slug":"full-disk-encryption-flaw-could-affect-millions-of-android-users","status":"publish","type":"post","link":"https:\/\/www.dogoodsoft.com\/blog\/full-disk-encryption-flaw-could-affect-millions-of-android-users-978\/","title":{"rendered":"Full disk encryption flaw could affect millions of Android users"},"content":{"rendered":"<p><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter wp-image-979 size-full\" src=\"https:\/\/www.dogoodsoft.com\/blog\/wp-content\/uploads\/2016\/07\/android.jpg\" alt=\"Full disk encryption flaw could affect millions of Android users\" width=\"640\" height=\"359\" srcset=\"https:\/\/www.dogoodsoft.com\/blog\/wp-content\/uploads\/2016\/07\/android.jpg 640w, https:\/\/www.dogoodsoft.com\/blog\/wp-content\/uploads\/2016\/07\/android-300x168.jpg 300w, https:\/\/www.dogoodsoft.com\/blog\/wp-content\/uploads\/2016\/07\/android-2x1.jpg 2w\" sizes=\"auto, (max-width: 640px) 100vw, 640px\" \/><\/p>\n<p>When it comes to vulnerabilities and security, Google\u2019s Android has never been in the good books of security experts or even its users to a great extent. Now, another vulnerability has surfaced that claims to leave millions of devices affected. Security expert Gal Beniamini has now revealed another flaw in Android encryption.<\/p>\n<p>According to the DailyMail, the security researcher has said that Android devices with full disk encryption and powered by Qualcomm processors are at risk of brute force attacks wherein hackers can use persistent trial and error approach. Full disk encryption is on all devices running Android 5.0 onwards. It generates a 128-bit master key for a user\u2019s password. The report adds that the key is stored in the device and can be cracked by malicious minds.<\/p>\n<p>\u201cAndroid FDE is only as strong as the TrustZone kernel or KeyMaster. Finding a TrustZone kernel vulnerability or a vulnerability in the KeyMaster trustlet, directly leads to the disclosure of the KeyMaster keys, thus enabling off-device attacks on Android FDE,\u201d Beniamini explains.<\/p>\n<p>A combination of things like Qualcomm processors verifying security and Android kernels are causing the vulnerability. Google along with Qualcomm is working at releasing security patches, but Beniamini said hat fixing the issue may require hardware upgrade.<\/p>\n<p>\u201cFull disk encryption is used world-wide, and can sometimes be instrumental to ensuring the privacy of people\u2019s most intimate pieces of information. As such, I believe the encryption scheme should be designed to be as \u201cbullet-proof\u201d as possible, against all types of adversaries. As we\u2019ve seen, the current encryption scheme is far from bullet-proof, and can be hacked by an adversary or even broken by the OEMs themselves (if they are coerced to comply with law enforcement),\u201d he adds.<\/p>\n<p>Lately, encryption debate had taken centre stage when Apple refused to unlock an iPhone belonging to a terrorist involved in San Bernardino shooting. The FBI reportedly managed to break into the device without Apple\u2019s help and is believed to have paid a whopping $13 million to do so.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>When it comes to vulnerabilities and security, Google\u2019s Android has never been in the good books of security experts or even its users to a great extent. Now, another vulnerability has surfaced that claims to leave millions of devices affected. Security expert Gal Beniamini has now revealed another flaw in Android encryption. According to the &hellip; <a href=\"https:\/\/www.dogoodsoft.com\/blog\/full-disk-encryption-flaw-could-affect-millions-of-android-users-978\/\" class=\"more-link\">Continue reading <span class=\"screen-reader-text\">Full disk encryption flaw could affect millions of Android users<\/span><\/a><\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[8],"tags":[132,370,29],"class_list":["post-978","post","type-post","status-publish","format-standard","hentry","category-news","tag-android","tag-full-disk-encryption","tag-security"],"_links":{"self":[{"href":"https:\/\/www.dogoodsoft.com\/blog\/wp-json\/wp\/v2\/posts\/978","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.dogoodsoft.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.dogoodsoft.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.dogoodsoft.com\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.dogoodsoft.com\/blog\/wp-json\/wp\/v2\/comments?post=978"}],"version-history":[{"count":1,"href":"https:\/\/www.dogoodsoft.com\/blog\/wp-json\/wp\/v2\/posts\/978\/revisions"}],"predecessor-version":[{"id":980,"href":"https:\/\/www.dogoodsoft.com\/blog\/wp-json\/wp\/v2\/posts\/978\/revisions\/980"}],"wp:attachment":[{"href":"https:\/\/www.dogoodsoft.com\/blog\/wp-json\/wp\/v2\/media?parent=978"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.dogoodsoft.com\/blog\/wp-json\/wp\/v2\/categories?post=978"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.dogoodsoft.com\/blog\/wp-json\/wp\/v2\/tags?post=978"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}