Cyber security experts have discovered a serious flaw in Android smartphones and tablets which could leave tens of millions of users vulnerable to cyber criminals.
An investigation carried out by Gal Beniamini a security analyst for the Israeli Defense force found a flaw in Android encryption which means that many devices are vulnerable to what is known as ‘brute force attack’ where hackers overwhelm a device’s security software by continually using a trial and error approach to gain access.
Beniamini says that smartphones and tablets most at risk are those with Qualcomm chips and which are running Android 5.0 Lollipop.
Qualcomm processors are used in some of the most popular and leading flagship Android smartphones including Samsung Galaxy range, Asus Zenfone, Nexus 6P, LG G5, and Sony Xperia.
Google of course rolled out full disk encryption (FD) in Android 5.0. FDE works by generating a 128-bit encryption of the user’s password. By comparison, an iPhone creates a 256-bit FDE, which even Apple was unable to crack, as recently revealed in the recent San Bernardino case.
This recent flaw found in Android encryption is due to issues with how the Qualcomm processor implements security measures on a device.
This means that all that is between your device and a cyber criminal depends on how secure your password is.
Beniamini explained in a blog post that he has been in touch with both Qualcomm and Google who have acknowledged the problem and are working to resolve the problem.
‘I’ve been in contact with Qualcomm regarding the issue prior to the release of this post, and have let them review the blog post.”
Beniamini’s blog post explained about the vulnerability in detail and outlined how phones could be targeted in attacks via email, SMS or web browsing.