Android units equipped with Qualcomm processors could be at risk because of a flaw found in the Full Disk Encryption (FDE). In fact, several reports noted that millions of Android phones could be at risk because of the flaw.
Google Android Critical Flaw
Google’s Android operating system is now making headlines, as it appears to have a critical flaw that can be taken advantage of to decrypt a device. The bigger problem is, although there are patches and fixes to the flaw, hackers have the option to downgrade the pre-patch state, then decrypt the device conveniently.
Security researcher Gal Beniamini discovered the flaw, according to BGR.
“The key derivation is not hardware bound,” said Beniamini. “Instead of using a real hardware key which cannot be extracted by software (for example, the SHK), the KeyMaster application uses a key derived from the SHK and directly available to TrustZone.”
What Happens With Android Devices
He also explained, “Since the key is available to TrustZone, OEMs could simply create and sign a TrustZone image which extracts the KeyMaster keys and flash it to the target device. This would allow law enforcement to easily brute-force the FDE password off the device using the leaked keys.”
This means that millions of Android units are still at risk. Qualcomm and Google have issued updates in May and January, but not all users have access to the patch. Users may need to get in touch with their manufacturers or stay updated to find out how to fix the issue. For now, it may be a painful waiting game for some users since companies try to figure out what to do with the said flaw.
“If an attacker can obtain the encrypted disk image (e.g. by using forensic tools), they can then ‘downgrade’ the device to a vulnerable version, extract the key by exploiting TrustZone, and use them to brute-force the encryption,” added the researcher.