Connect with us

Millions Of Android Phones At Risk Because Of Full Disk Encryption

Millions Of Android Phones At Risk Because Of Full Disk Encryption


Millions Of Android Phones At Risk Because Of Full Disk Encryption

Android units equipped with Qualcomm processors could be at risk because of a flaw found in the Full Disk Encryption (FDE). In fact, several reports noted that millions of Android phones could be at risk because of the flaw.

Google Android Critical Flaw

Google’s Android operating system is now making headlines, as it appears to have a critical flaw that can be taken advantage of to decrypt a device. The bigger problem is, although there are patches and fixes to the flaw, hackers have the option to downgrade the pre-patch state, then decrypt the device conveniently.

Security researcher Gal Beniamini discovered the flaw, according to BGR.

“The key derivation is not hardware bound,” said Beniamini. “Instead of using a real hardware key which cannot be extracted by software (for example, the SHK), the KeyMaster application uses a key derived from the SHK and directly available to TrustZone.”

What Happens With Android Devices

He also explained, “Since the key is available to TrustZone, OEMs could simply create and sign a TrustZone image which extracts the KeyMaster keys and flash it to the target device. This would allow law enforcement to easily brute-force the FDE password off the device using the leaked keys.”

This means that millions of Android units are still at risk. Qualcomm and Google have issued updates in May and January, but not all users have access to the patch. Users may need to get in touch with their manufacturers or stay updated to find out how to fix the issue. For now, it may be a painful waiting game for some users since companies try to figure out what to do with the said flaw.

“If an attacker can obtain the encrypted disk image (e.g. by using forensic tools), they can then ‘downgrade’ the device to a vulnerable version, extract the key by exploiting TrustZone, and use them to brute-force the encryption,” added the researcher.

Liked this story? Subscribe to our newsletter or follow us on Twitter and Facebook for more updates on America.

About Precious Valerie

Precious has more than 11 years of professional writing and managing experience. She has worked with different international organizations in Australia, New York, Philippines and Singapore in delivering news and other related content. She has overseen teams of writers and publications to produce high quality and highly relevant content to keep readers informed.

More in Technology

Good News

To Top