A new report has found that the full-disk encryption system that is found on devices running Android 5.0 and higher is not exactly foolproof. A vulnerability allows attackers to easily decrypt the device, putting user data at risk.
While Google has been quick to issue patches to these bugs, it is said that simply reverting back to an older patch version will open the vulnerability again. It is said that devices running Qualcomm’s processors are affected by this bug.
Under Full Device Encryption or FDE, devices are protected using the 128-bit encryption, making it practically impossible to crack without the help of the user’s PIN, gesture lock or the password.
To put it in simple words, device encryptors should be hardware based, but it seems like Google is resorting to a software solution, making it easier for attackers to brute-force their way into getting the device decrypted. The exploit was found by Gal Beniamini, who has since posted the exploit on GitHub for everyone to understand.
He said “The key derivation is not hardware bound. Instead of using a real hardware key which cannot be extracted by software (for example, the SHK), the KeyMaster application uses a key derived from the SHK and directly available to TrustZone.”
On whether a patch would fix this, he said “If an attacker can obtain the encrypted disk image (e.g. by using forensic tools), they can then ‘downgrade’ the device to a vulnerable version, extract the key by exploiting TrustZone, and use them to brute-force the encryption. Since the key is derived directly from the SHK, and the SHK cannot be modified, this renders all down-gradable devices directly vulnerable.”
Also Read: Malware named Ghost Push spotted on Android, affecting about 1,44,199 devices in India