Android's Full Disk Encryption Compromised, Affects Millions of Devices

Android's Full Disk Encryption Compromised, Affects Millions of Devices
  • Researcher Gal Beniamini, found a way to compromise Android's FDE
  • The hack leaves millions of Android devices at risk of being vulnerable
  • Google and Qualcomm are aware of the issue and have released patches

It's far from surprising anymore to hear about security glitches in Android but this latest find could potentially compromise the security of hundreds of millions of devices. The flaw has been spotted by Gal Beniamini, a security researcher, who's found a way to use ARM's TrustZone kernel code-execution to essentially break Android's Full Disk Encryption (FDE).

All Android smartphones running on 5.0 Lollipop or later use something called FDE, which makes all the data on your phone unreadable unless you have the unique key needed to decrypt it. This is the similar to the security feature that caused a tussle between the FBI and Apple recently. According to Beniamini's report, an attacker can potentially exploit certain loopholes in Qualcomm's security in order to recover that unique encryption key. He also states that the issue cannot be completely resolved with merely a security patch as it might require hardware changes.

FDE is designed to be uncrackable but clearly it's not as secure as Google hoped. Breaking FDE still requires a brute-force attack but once the attacker has the key, all that's left is figuring out your password. Beniamini's research also found that the key is not hardware bound which means it can be extracted by software. He goes on to state that Android's current FDE is only as strong as the TrustZone kernel. Any vulnerability exploited here could easily compromise the devices encryption and thereby, exposing your private data.

Google says it rolled out patches for this issue earlier this year. Qualcomm says the issue was "identified internally" and fixed, with patches issued to "customers and partners", but if and when these fixes find their way down to consumer devices out there is anyone's guess.

Qualcomm's full statement: "Providing technologies that support robust security and privacy is a priority for Qualcomm Technologies, Inc. (QTI). QTI continues to work proactively both internally as well as with security researchers such as Gal Beniamini to identify and address potential security vulnerabilities. The two security vulnerabilities (CVE-2015-6639 and CVE-2016-2431) discussed in Beniamini's June 30 blog post were also discovered internally and patches were made available to our customers and partners. We have and will continue to work with Google and the Android ecosystem to help address security vulnerabilities and to recommend improvements to the Android ecosystem to enhance security overall."


For the latest tech news and reviews, follow Gadgets 360 on Twitter, Facebook, and Google News. For the latest videos on gadgets and tech, subscribe to our YouTube channel.

Roydon Cerejo
Roydon Cerejo writes about smartphones and laptops for Gadgets 360, out of Mumbai. He is the Deputy Editor (Reviews) at Gadgets 360. He has frequently written about the smartphone and PC industry and also has an interest in photography. With over a decade of experience covering the consumer technology space, he is also an avid sci-fi movie and TV show geek and is always up for good horror flick. Roydon is available at, so please send in your leads and tips. More
Watch: Drone Footage of Apple's 'Spaceship' Campus That's Nearing Completion
Panasonic Eluga Note With 16-Megapixel Camera, VoLTE Support Launched at Rs. 13,290
Share on Facebook Tweet Snapchat Share Reddit Comment google-newsGoogle News


Follow Us


© Copyright Red Pixels Ventures Limited 2022. All rights reserved.