Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Android's full disk encryption can be brute-forced on devices with Qualcomm chips

Lucian Constantin | July 5, 2016
Android smartphone makers can help law enforcement break full-disk encryption on Qualcomm-based devices.

The deeper issue is that on Qualcomm's implementation, the Android FDE is not directly bound to a unique hardware-based key that only exists on the device and cannot be extracted by software. Instead, it's tied to a key that is accessible to the QSEE software and which could be leaked through future TrustZone vulnerabilities.

"Finding a TrustZone kernel vulnerability or a vulnerability in the KeyMaster trustlet, directly leads to the disclosure of the KeyMaster keys, thus enabling off-device attacks on Android FDE," the researcher concluded.

Furthermore, because Android manufacturers can digitally sign and flash TrustZone images to any device, they can comply with law enforcement requests to break Android full-disk encryption.

Source: Infoworld 

 

Previous Page  1  2 

Sign up for CIO Asia eNewsletters.