Millions of Android devices may be vulnerable to brute-force hacking attempts
July 5, 2016
Shah Sheikh (1294 articles)

Millions of Android devices may be vulnerable to brute-force hacking attempts

A researcher has found that some of Google’s devices running Qualcomm components have full encryption vulnerable to a bypass.

If recent reports are to be believed, millions of Android devices using full disk encryption are at serious risk from hackers. According to a Neowin report, a series of exploitables in Android’s kernel and Qualcomm processors means the smartphones in question are vulnerable to a blunt-force attempt to gain entry.

Any phone using Android 5.0 or later employs full disk encryption, the same thing the FBI was recently fighting Apple in court to break on its own smartphones. Full disk encryption utilizes a 2048-bit digital “key”, without which the device’s data is unreadable. Even brute force attempts, where an automated system tries every possible result, is nearly impossible.

However, security researcher Gal Beniamini recently spotted a flaw in both Android’s kernel and Qualcomm’s own precautions, that allow a malicious hacker to get their hands on that key, after which the only failsafe is a user password. Beniamini is currently working with Google and Qualcomm to fix the issues, some of which have already been rectified. However, Neowin indicates that not all of those problems can simply be patched, some might require entirely new device hardware.

Of course, while the nature of the exploitables indicate this isn’t necessarily an immediate cause for concern, it’s still a point of worry for some users. However, seeing as the security flaw is caused by some Qualcomm components and not Google’s software, users with Androids running other hardware are likely safe, at least until the next exploit is discovered.

Source | DNAIndia