Android’s Full-disk Encryption Just Got Much Weaker
A blog post published Thursday revealed that in stark contrast to the iPhone’s iOS, Qualcomm-powered Android devices store the disk encryption keys in software. That leaves the keys vulnerable to a variety of attacks that can pull a key off a device. From there, the key can be loaded onto a server cluster, field-programmable gate array, or supercomputer that has been optimized for super-fast password cracking.
[…]
But researchers from two-factor authentication service Duo Security told Ars that an estimated 37 percent of all the Android phones that use the Duo app remain susceptible to the attack because they have yet to receive the patches. The lack of updates is the result of restrictions imposed by manufacturers or carriers that prevent end users from installing updates released by Google.
What’s more, Gal Beniamini, the independent Israeli researcher who authored the blog post and wrote the exploit code, said that many Android devices that were once vulnerable but later patched—including a Nexus 6 he tested—can be rolled back to their earlier, unprotected state. He suspects the reversion is possible if a device has an unlocked, or unlockable, bootloader.
[…]
Beniamini said Android phones have a similar silicon-bound key dubbed SHK that’s used for some cryptographic functions. But rather than using the SHK to directly unlock an encrypted drive, the Qualcomm TrustZone uses the SHK to create a second key that exists as a software variable. It’s this second key that can be extracted through one of the methods outlined above.