Recently, a security Researcher Gal Beniamini disclosed that Android’s full disk encryption can be cracked easily with brute force and some patience.
The problem lies with Qualcomm’s Snapdragon processors
Hacker Tells How to Crack Android Encryption on Millions of Smartphones
We recently discussed some malware and Ransomware attacks that can completely destroy your Android smartphone. We noticed how “Godless” malware affected over 90% of Android device. So one must agree to the fact that Android users are at severe risk.
As we know, Android is developed by Google so if you are assuming that Google will release an OTA fix that will forever cure the rising vulnerability, then let me tell you this is not the search engine giant’s flaw. The problem was found in Qualcomm Snapdragon processors.
Gal Beniamini, a security researcher reported the issue (CVE-2015-6639) revealed a step-by-step Guide to breaking down the encryption protections on Android smartphone which are powered by Qualcomm Snapdragon Processors.
Android 5.0 or higher versions provides nearly comparable features and they also share same encryption process. However, researchers had displayed how hackers can misuse Android kernel security flaw to merge their own version of QSEE (Qualcomm secure Execution Environment) inside their secure system which gives the full authorization to hijack the complete QSEE space which also includes the keys generated for full disk encryption
Android usually utilize your password to create a powerful 2048-bit RSA key (KeyMaster) that helps to encrypt files and passwords. According to the flaw, the hacker can easily rectify the keys and can use brute force attack to break the Android’s full disk encryption. For more detail about this flaw you can visit Beniamini’s blog
Gal Beniamini is working both with Google and Qualcomm to sort out the issue about the reported flaws. However, as we already mentioned the flaws are being detected in hardware so it might be unpatchable or may even require adopting new hardware.