Millions of Android devices are at risk of brute force attacks which take advantage of vulnerabilities in Full Disk Encryption (FDE) and Qualcomm chips to hack into a handset. The weaknesses were uncovered by independent security researcher Gel Beniamini who set about proving how crypto keys could be extracted from a locked phone in a blog post.
All Android 5.0 Lollipop devices and above implement Full Disk Encryption, which makes all the information stored in the smartphone uncrackable without a device encryption key (DEK). This key is further encrypted with another key sourced from a person’s PIN, swipe pattern or password.
Android tries to prevent the DEK from getting extracted by tying it to the device’s hardware via an application called Keymaster which runs inside Qualcomm’s ARM TrustZone, a hardware security module built into the processor independent of the OS. This is where the vulnerability lies, as the TrustZone can be cracked using commonly available exploit code.
This effectively reduces the security of an Android phone down to the user’s password. It should be noted that Beniamini’s attack is based on two vulnerabilities which have already been patched earlier this year. However, most handsets don’t get regular security updates, leaving them exposed.
Moreover, Beniamini thinks hackers could roll the smartphone back to an earlier OS version in order to execute their schemes. He’s of the opinion that Android’s FDE is at risk because of its ties to Qualcomm’s software which leaves it open to brute-force attacks. He further compared it to Apple’s FDE which is entirely device-based and cannot be extracted by software or firmware.
Beniamini is now working with both Google and Qualcomm to address these issues.