A new security flaw related to the encryption measures in Android smartphones has posed a risk to millions of users. While some flaws related to Google have been patched, others related to Qualcomm’s Snapdragon processors have been labelled unpatchable.
We recently told you about the dangerous malware that can root your Android smartphone without your permission. While users continue to use multiple Android antivirus software, Google’s security features continue to face numerous challenges from time to time.This time, Gal Beniamini, a security researcher has reported a massive flaw that has posed a risk to millions of Android users.
Due
to multiple security loopholes in Android’s full disk encryption
feature, one can launch a series of brute-force attacks to compromise
the platform’s security.
If you are thinking that Google is soon going to roll-out an OTA fix that will cure this vulnerability, think once more. This time, it isn’t the search engine giant’s flaw. Instead, the problem lies with Qualcomm’s Snapdragon-branded processors.
The full disk encryption technology protects Android and stops intruders, hackers, and your government from accessing the content stored on your phone.
You might be knowing that encryption was the main cause of the feud between Apple and FBI over the San Bernardino iPhone case.
Similar to iOS, theoretically, Android 5.0 or higher provides similar kind of security features. However, the researchers have found flaws in the way Qualcomm has handled these measures.
Android uses a secure 2048-bit RSA key to encrypt files and passwords. Due to the flaw, a hacker can easily get an access to the keys. This simply means that an attacker can brute-force a password without an effort to crack the encryption.
The researcher is working with Google and Qualcomm and helping them patch the reported flaws. However, there are some flaws that are solely related to hardware and might be unpatchable.
Beniamini has said that patching these issues is not simple and these problems would remain until handsets are upgraded to newer models.
For more details on how this flaw is exploited to crack Android encryption, you can read Beniamini’s blog.
If you are thinking that Google is soon going to roll-out an OTA fix that will cure this vulnerability, think once more. This time, it isn’t the search engine giant’s flaw. Instead, the problem lies with Qualcomm’s Snapdragon-branded processors.
The full disk encryption technology protects Android and stops intruders, hackers, and your government from accessing the content stored on your phone.
You might be knowing that encryption was the main cause of the feud between Apple and FBI over the San Bernardino iPhone case.
Similar to iOS, theoretically, Android 5.0 or higher provides similar kind of security features. However, the researchers have found flaws in the way Qualcomm has handled these measures.
Android uses a secure 2048-bit RSA key to encrypt files and passwords. Due to the flaw, a hacker can easily get an access to the keys. This simply means that an attacker can brute-force a password without an effort to crack the encryption.
The researcher is working with Google and Qualcomm and helping them patch the reported flaws. However, there are some flaws that are solely related to hardware and might be unpatchable.
Beniamini has said that patching these issues is not simple and these problems would remain until handsets are upgraded to newer models.
For more details on how this flaw is exploited to crack Android encryption, you can read Beniamini’s blog.
Did you find this article helpful? Don’t forget to drop your feedback in the comments section below.
0 comments:
Post a Comment