If you are an Android user, you may want to read this. Millions of Android devices may be at risk from a security flaw as revealed recently by a security expert.
In a posted blog, researcher Gal Beniamini of the Israeli Defense Forces outlined how Android devices with Full Disk Encryption (FDE) and Qualcomm chips are susceptible to brute force attacks.
FDE was rolled out on Android phones running “5.0 Lollipop” as a way to secure and protect user data by automatically encoding it using encryption keys generated from the user’s unlock credentials. This is supposed to prevent hackers and even the government from reading user data without the user’s consent.
The vulnerability lies in a combination of factors but a major one is in Qualcomm’s TrustZone implementation where it could be exploited to execute code to extract the encryption keys that reside in the device.
TrustZone is Qualcomm’s hardware based System on Chip security technology that provides applications roots of trust and since the encryption keys are available to the TrustZone, an attacker could potentially run code to pull the encryption keys. Once the keys are extracted, brute forcing the user password through trial and error is all that remains to decrypt the user data.
Device encryption and unlocking has been a hot topic recently with the battle between the FBI and Apple regarding the seized iPhone of the San Bernardino shooter. Although the FBI resorted to third parties to eventually crack the phone, forensic experts are saying that with the way iOS utilizes its 256-bit Full Disk Encryption, there is no way to lift the encryption keys from the device without the user password, unlike in Qualcomm Android devices.
The security researcher also added that he has been working with Qualcomm and Google to resolve these Android flaws and patches have already been deployed. But he warned that even on patched devices, an attacker can downgrade the device to an unpatched version and run the TrustZone exploit again to extract the keys. This makes all downgradeable devices directly vulnerable. To completely close this flaw, additional hardware or chipsets may be required.
So who is affected? If your Android device is running version 5.0 (Lollipop) or higher and your device has a Qualcomm processor, then you are likely to be affected by this flaw. Since Qualcomm chips are the most popular Android processors, the number of devices impacted could run in the millions.
Examples of popular Android phones running Qualcomm processors include Sony Experia, Asus ZenFone, LG G5, HTC One, Samsung Galaxy, and the Nexus 6P. If you have one of these phones, make sure you apply new security patches as soon as possible.
To check your Android version, go to the Settings section of your phone, then select About Phone >> Android Version. To find out what hardware and chipset your phone is running, you may need a free Google Play app like CPU-Z to reveal that information in detail. A simple Google search for your phone model specifications will also suffice if you are not keen on installing third-party apps.
For added security, as always, use strong passwords to lock your device and be wary of third-party apps you download. Pay attention to the permissions you grant and always install from trusted sources to reduce the chances of compromising your Android device.
Regularly upgrading to newer Android gadgets and installing security updates as they become available are good ways to stay safe. It also helps to have a security app on your gadget. This can scan new apps for malicious content and block them before they install.