Seocheckout

A Major Security Flaw Has Been Revealed in Android’s Full Disk Encryption



Write the reason you're deleting this FAQ

A Major Security Flaw Has Been Revealed in Android’s Full Disk Encryption

Apple iOS and Android both provide FDE (Full Disk Encryption) which lets you protect the contents of your phone with a password lock. But the thing is, that feature is rarely used by Android users as it slows the phone down and makes it run slower. This is also because it's much harder to enable encryption on Android devices and there's no hardware for encryption or decryption where as its built into iOS devices. As an iOS user all you need to do is turn on passcode lock and encrypt your data with it which all takes place in the background.

However you have to do this manually on Android devices and it makes the device run much much slower. Because of this increased difficulty and difference in speed, a lot of Android users don't even bother to use encryption. Sure their phones will run a little faster but they're basically sacrificing security for speed.

That's because of a huge design flaw in the way Qualcomm chips are used in Android devices to handle the encryption keys. There is no hardware that can protect passwords from being bypassed like there is for iOS devices making the Android keys vulnerable to attack by cyber criminals.

Patched but not for everyone.

This particular vulnerability has now been patched by Qualcomm and Google but a massive 37% of Android devices will never receive the patch. This is because that many of those OS's will never be updated making them vulnerable to the attack which is very easy to execute do to software that is readily available online. And even though Qualcomm and Google have now patched this particular security hole, the issue still remains in that Android devices don't have dedicated hardware to protect passwords with.

Basically, it makes it easy for a cyber criminal to develop a software that can effectively roll back the the OS version running on that device to one that doesn't have the patch. However right now these kind of hacks can't be found easily in the wild so for now, your Android devices FDE is secure.
A Major Security Flaw Has Been Revealed in Android’s Full Disk Encryption
Android - the most bullied OS of them all.

Because of the way that Android devices work and how 3rd party manufacturers can say how passwords are stored on them, there are a number of companies that could potentially hack into an Android device. Only Apple can update its OS firmware into iOS devices. But devices running on Google, Samsung, HTC, Motorola, LG, Qualcomm, and many other devices are easily cracked. It doesn't matter what version of software is running on the Android device, it will always be much less secure than an iOS device.

So how to protect your Android devices data?

The best and most secure way of encrypting your Android devices data is to encrypt it separately using a 3rd party app which will encrypt the files on your device. Then, even if the entire disk is decrypted by a cyber criminal or hacker, and even if the hack can make your device vulnerable to cyber criminals and hackers, it still provides an extra layer of security that would have to be hacked and bypassed which wouldn't be an easy task if that app is using a secure SHA2 like algorithm along with a strong hashed and salted password.

This kind of technique is the standard but for storing highly secure information and top secret details on your Android device you should take this extra step to make sue you research and find out all about the app you're using to protect and secure your devices stored data. Quite simply the best way to encrypt your Android devices data would be to do so on a different device like a MAC or another iOS device.

My conclussion? While Android is very open to do more on it than you can other mobile OS's, it also makes it very open and vulnerable to these sorts of things. So if you're using an Android device you might not want to use it for securing really important information.

Comments

Please login or sign up to leave a comment

Join
CryptoGuru
This is really scary for the end user, I just have one question about this part though.

"Basically, it makes it easy for a cyber criminal to develop a software that can effectively roll back the the OS version running on that device to one that doesn't have the patch."

Do these criminals have to be on the same network as you? Have they hacked the cellular network? I own an Iphone my wife owns an android and i will be taking your advice on this one. Also how do you feel about cloud storage to back up your files?



Are you sure you want to delete this post?

Lynne
Oh wow, so yes I want to know the same thing that jekyz2 does, what about cloud storage on my Samsung phone? I am currently using Dropbox and Google Drive on my phone. I don't use my phone much, only for calls, texts, whatsapp and emails, then also pictures and videos of my kids which I upload straight to Dropbox. I don't have any social networks on my phone or really access the internet much.



Are you sure you want to delete this post?

Corzhens
Compared to the computer, the mobile gadgets such as tablets and smart phones are still infants that’s why there is still the growing pains. In fact, I haven’t downloaded an anti-virus for my smart phone since I am not yet convinced that viruses for mobile are that sophisticated already. Another thing, I don’t store important data on my phone so that when a problem occurs, there is not much data to be lost.



Are you sure you want to delete this post?

KarlRichards
The principal difference between firmware and software is more about functionality specifics. Firmware is a system component that can be customized to define new system functions that can only be implemented within the constraints of the given hardware and firmware.

The environment for embedded firmware development differs significantly from test and production environments. Firmware development https://sirinsoftware.com/services...are_development/ engineers can use specialized software stacks, different chip architectures, and even operating systems. The embedded system allows to significantly facilitate the circuitry and hence reduce project costs and hardware size.

In a nutshell, however, embedded firmware development is not so different from the process of developing “standard” software .



Are you sure you want to delete this post?