The recent research reveals that it’s now dramatically easier to crack the devices that use the chip of Qualcomm. When it comes to the security, Android has always shown some problems in terms of vulnerability attack. Security Expert Gal Beniamini had revealed major flaws of security in Android encryption. If you are using the Android Lollipop OS later versions, then you must be aware of the FDE (Full disk encryption) that Mr. Gal demonstrated. As it has public attack code, it can work against 37% of the enterprise user. And to be noted that, this fix is not the easy fix as installing the new interface; it is much difficult and might require hardware changes.
FDE was firstly implemented on Android Lollipop and above versions. It generated 128 – bit master key to generate user’s password. The master key is also known as DEK (Device Encryption key) is stored in user’s device which can be further encrypted using PIN’s password or swipe pattern. The reports also revealed that the key stored in a device can be cracked with the intelligent mind.
Security researcher explained about the attacker, how they can use brute-force attacks to get the keys that have Qualcomm processor. He also added that fixing such issues may require hardware upgrades. Google along with Qualcomm are working on these security patches. Not only did he show “how Trust Zone kernel code execution can be used to effectively break Android’s Full Disk Encryption (FDE) scheme,” but he also released the attack code.
FDE is used everywhere, and it can sometimes be dangerous to the public’s private data. These encryptions must be designed such that, no adversaries affect those private data. Current Encryption of Android is already affected by adversaries and not so strongly designed. Anybody can hack or any brainy mind can break it. Hence this is harmful to the data. Beniamini also added that, as such fixes would require hardware changes, these issues will remain until they upgrade the devices or switch on to the newer handsets.
Later, this debate ended with iPhone, when Apple refused to unlock an iPhone belonging to the terrorist involved in shooting. The FBI somehow managed to crack the device without Apple’s help and report also says that, they might have to pay $13 million for this whooping.