Both Android and iOS use full disk encryption to all data is fully encrypted on a smartphone or tablet. The Android encryption proves far from foolproof. That discovered security researcher Gal Beniamini.
The so-called master key that is to decrypt all data can be retrieved on Android devices in different ways. That’s because this particular software is protected
TrustZone vs. Secure Enclave
Android devices use a TrustZone to store encryption keys. This is a series of security measures in chips, among others Qualcomm. An application called KeyMaster communicates with the TrustZone and regulates the management of the keys. By combining two software vulnerabilities (CVE-2015-6639 and CVE-2016-2431), received a security researcher access to TrustZone and was able to read the master key.
Apple’s approach is very different. The keys of iOS devices are based on a hardware key, as the name suggests, does not depend on software. The key is calculated in hardware by stock and again encrypted with a private key that is dependent on a hardware identifier (which is injected during manufacture into the phone) and the PIN code of the user.
Diagram of the security of iOS
Google says in a reaction against it. Ars Technica that the vulnerabilities have been fixed up in January and May. However, 37% of Android devices are vulnerable because they are not updated. Moreover, it is possible that there could be exploited even more bugs to identify the master key. Dan Guido, a specialist in the field of mobile security, describes it as follows:
Google HAS always leg behind on full disk encryption on Android. They have never been as good as the techniques That Apple and iOS have used. They’ve put all Their cards in this method based on TrustZone and based on the Keymaster, and now it’s come out that’s how risky. It exposes a larger amount of attack surface. It Involves a third party in the full disk encryption, and all this extra softwarethat handles this key could have Potentially That bugs allow an attacker to read it back out.
No comments:
Post a Comment