Millions of Android Devices Suffer From Flawed Full Disk Encryption

Android_Malware_Virus_2

This is turning out to be a great week for Android. When it rains it pours, rights? Jessica Conditt writing for Engadget:

 Hackers can use brute force to break into tens of millions of Android devices using full disk encryption, thanks to a series of security issues linked specifically to Android kernel flaws and Qualcomm processors, Neowin reports. The vulnerabilities were uncovered by security researcher Gal Beniamini, who is working with Google and Qualcomm to patch the problems — and some of the flaws have already been addressed. However, a few of the issues may not be patchable, instead requiring new hardware, the report says. 

I’ve so far been unable to find a list of devices that might be affected by this but the problem doesn’t look that widespread. Still, Android has long has issues with malware which just popped up again and, this time, 10 million devices have been infected.

 Any phone using Android 5.0 or later uses full disk encryption, the same security feature at the heart of Apple’s recent fight with the FBI. Full disk encryption makes all data on a device unrecognizable without a unique key. Even though modern Android devices use this security feature, Beniamini’s research found that an attacker can exploit kernel flaws and vulnerabilities in some of Qualcomm’s security measures to get that encryption key. Then, all that stands between the hacker and a device’s information is a password. 

If you know of any Sony devices that might be susceptible to this, let me know and I’ll update the article accordingly.

Discuss:

Do you worry about security on your device or are you fairly confident in it?