One of the biggest area of drawbacks when it comes to Android devices is encryption, and that is exactly where it has been hit again. Security expert Gal Beniamini demonstrated the flaw in a blog post that goes deep into explaining the exact drawbacks that Qualcomm-powered Android device’s encryption system has, especially as compared to Apple’s encryption. While the flaw can be fixed by patches, this method can be easily bypassed by just downgrading to a pre-patched version of Android.
Full Disk Encryption, the encryption system in place Android 5.0 onwards, is based on 128-bit device encryption which should be impossible to decrypt without the knowledge of the specific protection on the device – be it a PIN, a password or a gesture. The blog post reveals that since the encryption system on the Qualcomm-powered Android devices stores the encryption keys in software, they are vulnerable to a wide variety of attacks that can reveal the key from the device. This particular key can then be processed to crack the password.
The ARM processors sold by Qualcomm carry a security feature called TrustZone, which is what was exploited for two vulnerabilities that it had. Google and Qualcomm have since announced that patches have been released to fix this, but it is doubtful that Android users will benefit immediately from this. This is due to the way the Android ecosystem works – most users do not receive these patches due to update restrictions placed by manufacturers that prevent users from receiving updates directly from Google.
The researcher has since gone on to publish the code for this on Github and goes on to comment that this vulnerability could make hacking an Android phone easier both for hackers as well as law enforcement agencies directing the OEMs.
After the Apple-FBI encryption debate, which ultimately ended with FBI decrypting the phone themselves after apparently paying a huge sum, this revelation brings forth a significant trend in the Android ecosystem. And that trend might lead to your private information being in the hands of unknown malicious entities until some kind of an ecosystem-wide fix is developed.
Read the full blog post here