Google s Android OS has always been prone to security and vulnerability issues. Last year, we came across two nasty vulnerabilities – Android stagefright that allowed to remotely brick devices with a single SMS, and a CVE-2015-3842 that allowed hackers to run a code with whatever permission that want. Now, the security of your Android smartphone is at risk once again, especially those running on Qualcomm chipsets. Also Read - WhatsApp users on iPhone will soon able to Undo Status, suggests reportAlso Read - New Android Auto feature lets you easily reply to texts while driving: How it works
While you can always encrypt your Android smartphone, the operating system has a critical flaw that can be easily exploited to decrypt the device. Sure, Google does release monthly patches to fix the issues, but attackers can easily downgrade it to the earlier version and then decrypt the smartphone. Also Read - Google will not store your bank card details from January 1, 2022: Here’s how it will impact you
Talking to Network World, Security researcher Gal Beniamini demonstrated how the flaw in Android encryption works. Devices running on Android 5.0 Lollipop and above have a feature called full-disk encryption (FDE), which encrypts the smartphone with 128-bit device encryption. In order to decrypt the smartphone, one needs to know the PIN, password or gesture pattern that protects the device.
The Device Encryption Key (DEK) of a smartphone can be found in the KeyMaster, which runs inside the TrustZone. However, Beniamini proved that hacking a locked smartphone and extracting the key isn t that difficult at all. In fact, he also shared the required tools on Github, using which one can easily get around to decrypt an encrypted smartphone.
The key derivation is not hardware bound. Instead of using a real hardware key which cannot be extracted by software (for example, the SHK), the KeyMaster application uses a key derived from the SHK and directly available to TrustZone, Beniamini said.
He further added, Since the key is available to TrustZone, OEMs could simply create and sign a TrustZone image which extracts the KeyMaster keys and flash it to the target device. This would allow law enforcement to easily brute-force the FDE password off the device using the leaked keys.
Soon after the vulnerability was discovered, Google and Qualcomm have already patched the issue and released respective updates in January and May. However, knowing the Android fragmentation issue, several manufacturers may have not rolled out the update to all these devices. This means that millions of Android devices out there are still vulnerable.
Recently, the encryption debate had been a hot topic when Apple refused to unlock the encrypted iPhone that belonged to a terrorist involved in San Bernardino shooting. However, FBI did manage to break into the device by paying $1.3 million to break into the iPhone.