Android

Millions Of Android Phones At Risk As Storage Encryption In Android OS Can Be Bypassed; How To Protect Your Data

By on
Security Threat

Reports specific to cyber attacks crop up once or twice a year without fail. In the past, we have seen such attacks targeting both Google?s Android and Apple?s iOS devices. This time around, more than half of Android phones, across the globe, are reportedly vulnerable to cyber attacks.

According to an Israeli security researcher?Gal Beniamini, the new vulnerability allows hackers to bypass the Full Disk Encryption (FDE) in Android phones. With this bug, hackers will be able to breach the ?levels of trust and privileges? that are typically built to make sure only genuine codes access internal secret information like DRM keys and various encryption keys,?Beta News noted.

At the same time, it is worth noting that Android phones received a security patch to fix this vulnerability not long ago in May. However, folks at the famous?Duo Security, known for specializing in two-factor authentication, noted recently that only 43 percent of Android devices have been patched thus far, which leaves the 57 percent vulnerable to critical cyber attacks.

Android Nutella

The silver lining is that Android phones running ?Android 5.0 Lollipop? version of the OS and above are automatically fine-tuned to protect personal information stored in the device by enabling the Full Disk Encryption (FDE). The OS apparently makes use of a key derived from the user’s password and binds it to the hardware with the help of Android’s KeyMaster key store.

However, Beniamini says when it comes to devices powered by ?Qualcomm processors,? there is a way to make the KeyMaster application execute hijacked system calls and divert keys to a shared buffer, which can ultimately be read by the hackers. Not to forget, Qualcomm?s Snapdragon chipsets power a good majority of Android devices sold worldwide.

Duo Security, on the other hand, says all Android phones should install the latest security patch to avoid this vulnerability. As it turns out, Google?s Nexus and Samsung?s Galaxy S6 units have been patched the most with roughly 75 percent of devices covered, while the well-received Galaxy S5?s patch history stands at 45 percent.

About the author

To Top