Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Android full disk encryption can be brute-forced on Qualcomm-based devices

Lucian Constantin | July 5, 2016
Android smartphone makers can help law enforcement break full-disk encryption on Qualcomm-based devices

The deeper issue is that on Qualcomm's implementation, the Android FDE is not directly bound to a unique hardware-based key that only exists on the device and cannot be extracted by software. Instead, it's tied to a key that is accessible to the QSEE software and which could be leaked through future TrustZone vulnerabilities.

"Finding a TrustZone kernel vulnerability or a vulnerability in the KeyMaster trustlet, directly leads to the disclosure of the KeyMaster keys, thus enabling off-device attacks on Android FDE," the researcher concluded.

Furthermore, because Android manufacturers can digitally sign and flash TrustZone images to any device, they can comply with law enforcement requests to break Android full-disk encryption.


Previous Page  1  2 

Sign up for MIS Asia eNewsletters.