Site icon Panda Security Mediacenter

Disk encryption, a security layer that is easy to break

iStock_50681792_XLARGE

Users are pretty familiar with what end-to-end encryption is and why it is used on messaging apps like WhatsApp. It protects our privacy by securing messages as they travel from our device to the person we’re chatting with.  This security measure blocks third parties from intercepting our private messages, regardless if this person has good or bad intentions.

However, our phones carry tons of personal information that is just as private as messages, if not more.  Fortunately, the primary operating systems use disk encryption to keep hackers away.

The disk encryption security measure is available on both Android and IOS. Once the feature is activated, it can rescue you from many situations, for example if you forget your phone somewhere and someone finds it, if it’s robbed, or if an attacker physically accesses the phone’s terminal. In all of these examples, the disk’s content is encrypted, making it impossible for anyone to stick their nose in your business… or at least it should.

Unfortunately, the truth is that this “disk encryption” security measure is at stake on Google operating systems. The investigator Gal Beniamini proved that it is relatively easy to slip through this security barrier on millions of Android devices (in specific, those with Qualcomm processors) by using a brute force attack.

An attacker can break the encryption measure by taking advantage of the cybersecurity errors from the phone’s manufactured chips and the operating system. All the attacker has to do is try different passwords at high speed until they get the correct one.

A brute force attack could easily break the disk encryption on millions of Android devices.

Both Qualcomm and Google have corrected some of these vulnerabilities, but the updating process for Android is pretty slow (because each and every manufacturer has to send updates to their phones) and not all updates reach the users. These security faults have left mobile phone users unprotected, exposing their personal data, even while using an encrypted disk. Looking ahead, this will continue to be problematic.

Exit mobile version