Android Full Disk Encryption flaw could affect millions of phones

Android phones on Qualcomm processors might might be at a serious risk thanks to flaws in the Full Disk Encryption (FDE).

Google, Google Qualcomm, Android phone, Android FDE flaw, Android privacy fault, Android encryption, Android vs Apple encryption, Android full encryption, Android privacy flaw, technology, technology news

Google’s Android smartphones are at risk thanks to a flaw in the Full Disk Encryption feature. (Stock image from Reuters)

Android smartphones might be at risk thanks to flaws in the Full Disk Encryption (FDE) feature, especially those running Qualcomm processors. A new blogpost by Israeli security researcher Gal Beniamini has revealed these flaws.

According to reports, both Google and Qualcomm are working with Beniamini to create a patchwork to fix these issues. Beniamini posted about the flaw on his blog ‘bit-please.blogspot.in’, and has showcased how Android’s FDE is flawed at the root level.

His blog post also highlights how in Apple’s case it is nearly impossible to apply brute force to crack this disk level encryption. The Israeli researcher has explained how it is possible to extract the security crypto keys for the Qualcomm Android devices, thus compromising their security.

[related-post]

The privacy flaw has also caught the attention of Qualcomm which issued a statement in this regard stating, they are working with “Gal Beniamini to identify and address potential security vulnerabilities,” and they had discovered the patches internally as well. Google said it has rolled out updates for some of the flaws mentioned in the blogpost.

According to Beniamini’s post, while Apple binds the encryption key to device’s hardware making it impossible for brute-force attackers to break the FDE, in Android devices the cryptographic keys are run in a separate module called Trusted Execution Environment (TEE).

The post describes that in any Android 5.0 or later device using the full disk encryption is vulnerable to kernel flaws and Qualcomm’s security measures, which can enable a hacker to get the encryption key.

Top Stories

Amid trade talks, PM speaks to Trump, says will work together for global peace, prosperity

Dilip Kumar's sisters created 'hostile environment' for wife Saira; 'orchestrated' his second marriage to drive her away

‘Civic sense is a rare luxury in India’: Couple cooks meal on highway; viral video sparks fierce debate on road safety

Quinton de Kock dismantles Indian bowling combination with silent savagery

Imran’s fall, Munir’s rise and the dangers of a dysfunctional Pakistan

Imran Khan’s fall, Asim Munir’s rise -- and the dangers for India from a dysfunctional Pakistan

Live Blog

Loading Taboola...