A flaw in Qualcomm processors allows access to ciphered information
A flaw in Qualcomm mobile processors, used in 60% Android mobiles, allows an attacker to access the ciphered information stored. The ciphering keys are generated using a module called KeyMaster, that depends on Qualcomm Secure Environment Execution (QSEE). A vulnerability in QSEE allows a brute force attack without triggering the wiping mechanism implemented on Android to prevent this kind of attack.
References:
- 05/07/2016 infosecurity-magazine.com Full Encryption Flaw Affects Half of All Android Phones
- 05/07/2016 threatpost.com ENCRYPTION BYPASS VULNERABILITY IMPACTS HALF OF ANDROID DEVICES
- 04/07/2016 csoonline.com Android full disk encryption can be brute-forced on Qualcomm-based devices
- 11/07/2016 elandroidlibre.com Encuentran una vulnerabilidad del cifrado de datos en dispositivos Qualcomm
- 30/06/2016 http://bits-please.blogspot.com.es Extracting Qualcomm's KeyMaster Keys - Breaking Android Full Disk Encryption