- Expert reveals disk encryption and processor vulnerable leaves phones
- The vulnerabilities leave devices open to potential ‘brute force attacks’
- Hackers Could exploit the security flaws to gain access to Personal data
151
View comments
Security experts Have uncovered a serious security flaw in Android phones Which Could leave millions of users vulnerable to hackers.
The finding comes from an expert who says That phones running full disk encryption (FDE) and Qualcomm chips are Most at risk.
An investigation by security analyst Gal Beniamini of the Israeli Defense Forces revealed That devices are vulnerable Particularly to so called ‘brute force attacks’ – Where hackers overwhelm security Measures using a persistent trial and error approach.
Scroll down for video
A security expert has Identified security vulnerabilities Which Could leave millions of Android users open to attack. The vulnerabilities are Reportedly due to a combination of factors, treats including how Qualcomm processors verify security information as well as issues with the Android kernel – the core operating system
SECURITY Vulnerabilities
An investigation by Israeli security analyst Gal Beniamini found Android devices using full disk encryption and running Qualcomm processors Were MOST at risk.
According to Beniamini’s analysis, the vulnerabilities are down to a combination of factors, Namely how the processors verify security and the Android kernel -. the core operating system
It could leave millions of Android users open to so called ‘brute force attacks’ – Where hackers overwhelm security Measures using a persistent trial and error approach .
Google and Qualcomm Have worked to release security patches, but Beniamini advises hardware upgrades May be required to fix the issue.
Android rolled out full disk encryption (FDE) on all devices from Android 5.0, Which Involves the phone generating a 128-bit master key based on the user’s password.
However, the way in Which the key is stored on the device Means it Could Potentially be Easily cracked by cyber criminals and even law enforcement agencies.
Phone encryption center was to the Involving Apple FBI recent case, in Which the tech firm Authorities wanted to break the encryption of an iPhone used by one of the attackers in the San Bernardino shootings in the US. In This case, the iPhone ran 256-bit FDE, Which not even Apple Could crack.
For Android users, the vulnerabilities are down to a combination of factors.
, According to Neowin, These Are Namely flaws in how Qualcomm processors verify security and Android kernel – the core operating system
on a blog post outlining the full technical details of the Android hack, Beniamini Explains That while Both Google and the chip-maker Have Been made aware of the vulnerabilities, users May require hardware upgrades to fix the issue
ANDROID DEVICES WHICH?
The analysis highlights Android phones running Qualcomm processors and Android 5.0 ( ‘Lollipop’) are Most at risk.
Provides Qualcomm processors for Most popular Android phones on the market, including:
- Sony Xperia
- Nexus 6P
- Microsoft Lumia
- HTC One
- Samsung Galaxy
- Asus ZenFone
- LG G5
on a blog post outlining the full technical details of the Android hack, Beniamini Explains That while Both Google and the chip-maker Have Been made aware of the vulnerabilities, users May require hardware upgrades to fix the issue.
I wrote. ‘I’ve Been in Contact with Qualcomm Regarding the issue prior to the release of this post, and let them review have the blog post
‘As always, they’ve Been very helpful and fast to Reply. Unfortunately, it seems, as though fixing the issue is not simple, and Might require hardware changes. ‘
The post Explained how vulnerable phones Could be targeted through everyday activities Including email, web browsing and text messages.
A spokesperson for Google Told MailOnline: ‘We appreciate the researcher’s findings and paid him for His work through our Vulnerability Rewards Program. We rolled out patches for These issues Earlier This Year. ‘
Google and Qualcomm Have worked to release a number of security patches, with an Android security bulletin in May
No comments:
Post a Comment