【安卓高危漏洞:全磁盘加密让黑客更易得手】

【安卓高危漏洞:全磁盘加密让黑客更易得手】日前,安全专家发现安卓手机存在一个严重的安全漏洞,可能使数百万安卓用户受到黑客攻击。专家称,全磁盘加密和高通处理器的手机面临的风险最大。自安卓5.0以来的所有设备都推出了全磁盘加密,这意味着它可能更容易被网络罪犯甚至是执法机构攻击。

Millions of Android devices could be at risk of cyber attacks: Hacker reveals how easy it is to get around a phone's encryption

Security experts have uncovered a serious security flaw in Android phones which could leave millions of users vulnerable to hackers.

The finding comes from an expert who says that phones running full disk encryption (FDE) and Qualcomm chips are most at risk.

An investigation by security analyst Gal Beniamini of the Israeli Defense Forces revealed that devices are particularly vulnerable to so called 'brute force attacks' – where hackers overwhelm security measures using a persistent trial and error approach.

35F1C34B00000578-3673720-image-a-1_1467640396586

Android rolled out full disk encryption (FDE) on all devices from Android 5.0, which involves the phone generating a 128-bit master key based on the user's password.

However, the way in which the key is stored on the device means it could potentially be easily cracked by cyber criminals and even law enforcement agencies.

Phone encryption was central to the recent FBI case involving Apple, in which authorities wanted the tech firm to break the encryption of an iPhone used by one of the attackers in the San Bernardino shootings in the US. In this case, the iPhone ran 256-bit FDE, which not even Apple could crack.

For Android users, the vulnerabilities are down to a combination of factors.

According to Neowin, these are namely flaws in how Qualcomm processors verify security and Android kernels – the core operating system.

35F1C34F00000578-3673720-image-a-2_1467640400179

On a blog post outlining the full technical details of the Android hack, Beniamini explains that while both Google and the chip-maker have been made aware of the vulnerabilities, users may require hardware upgrades to fix the issue.

He wrote: 'I've been in contact with Qualcomm regarding the issue prior to the release of this post, and have let them review the blog post.

'As always, they've been very helpful and fast to respond. Unfortunately, it seems as though fixing the issue is not simple, and might require hardware changes.'

The post explained how vulnerable phones could be targeted through everyday activities including email, web browsing and text messages.

A spokesperson for Google told MailOnline: 'We appreciate the researcher's findings and paid him for his work through our Vulnerability Rewards Program. We rolled out patches for these issues earlier this year.'

35F1C35B00000578-3673720-image-a-3_1467640408731

http://www.dailymail.co.uk/sciencetech/article-3673720/Millions-Android-devices-risk-cyber-attacks-Hacker-reveals-easy-encryption.html


Comments are closed.



无觅相关文章插件