Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Black Hat

DEFCON: Researcher Beats Google Android Encryption

A researcher with viaForensics demonstrated how to beat encryption for Android devices at the DEF CON security conference in Las Vegas. 

A researcher with viaForensics demonstrated how to beat encryption for Android devices at the DEF CON security conference in Las Vegas. 

According to Thomas Cannon, director of research and development for viaForensics, the idea was to demonstrate the ways that black hats – or the government – can get access to the data on a user’s phone if it is lost, seized or stolen. Rather than rely on a flaw in the encryption itself, Cannon choose to show how a sophisticated attacker can brute force weak passwords protecting a device.

“I presented on a number of methods for gaining access to user data on Android devices,” he told SecurityWeek after his presentation.

Android Encryption by Researcher“Our initial review is that the encryption is solid and implemented properly,” he continued, “so the only option we have is to brute force the user password and derive the correct encryption key. I showed how the encryption is implemented how to brute force the password and that for PINs we can do it in seconds…We also released a tool which cracks PINs as a proof of concept.”

According to Thomas Cannon, a hacker would have to obtain a copy of the userdata partition and the encrypted master key with salt stored in a footer file. To do this, the attacker would need to obtain access to the device through an unlocked Bootloader, JTAG, chip-off or an exploit in the firmware.

“Once you have those, you can run password guesses through the decryption process and see if it is successful (at a simple level),” he said. “This is automated and can be optimized to try large numbers of guesses very fast. The implications of the attack are that if you have a weak encryption password it will be possible to crack your encrypted key and get at your data in a reasonable time frame. In that sense it is no different from any other system which uses passwords.”

He described the level of sophistication necessary for the attack as high.

“So the presentation was about how your data can be accessed, techniques used, it wasn’t aimed at warning users about a flaw in the encryption,” he said. “If there is a flaw it is that on stock Android devices the encryption password is the same as the lock screen password, meaning that users set passwords that are easy and quick to type, which can be cracked. Advanced users with root access can change their encryption password while keeping their lock screen password simple, but this isn’t an option for regular users. It is a balance between convenience and security, and the users have to decide where to draw that line.”

Advertisement. Scroll to continue reading.

Written By

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.

Register

Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.

Register

Expert Insights

Related Content

Black Hat

Black Hat 2019 recently wrapped in Las Vegas, where somewhere between 15,000 and 20,000 experts descended to experience the latest developments in the world...

Mobile & Wireless

Infonetics Research has shared excerpts from its Mobile Device Security Client Software market size and forecasts report, which tracks enterprise and consumer security client...

Mobile & Wireless

Apple rolled out iOS 16.3 and macOS Ventura 13.2 to cover serious security vulnerabilities.

Mobile & Wireless

Critical security flaws expose Samsung’s Exynos modems to “Internet-to-baseband remote code execution” attacks with no user interaction. Project Zero says an attacker only needs...

Mobile & Wireless

Technical details published for an Arm Mali GPU flaw leading to arbitrary kernel code execution and root on Pixel 6.

Mobile & Wireless

Two vulnerabilities in Samsung’s Galaxy Store that could be exploited to install applications or execute JavaScript code by launching a web page.

Mobile & Wireless

The February 2023 security updates for Android patch 40 vulnerabilities, including multiple high-severity escalation of privilege bugs.

Mobile & Wireless

Apple’s iOS 12.5.7 update patches CVE-2022-42856, an actively exploited vulnerability, in old iPhones and iPads.