DEFCON: Researcher Beats Google Android Encryption

A researcher with viaForensics demonstrated how to beat encryption for Android devices at the DEF CON security conference in Las Vegas. 

According to Thomas Cannon, director of research and development for viaForensics, the idea was to demonstrate the ways that black hats – or the government – can get access to the data on a user’s phone if it is lost, seized or stolen. Rather than rely on a flaw in the encryption itself, Cannon choose to show how a sophisticated attacker can brute force weak passwords protecting a device.

“I presented on a number of methods for gaining access to user data on Android devices,” he told SecurityWeek after his presentation.

“Our initial review is that the encryption is solid and implemented properly,” he continued, “so the only option we have is to brute force the user password and derive the correct encryption key. I showed how the encryption is implemented how to brute force the password and that for PINs we can do it in seconds…We also released a tool which cracks PINs as a proof of concept.”

According to Thomas Cannon, a hacker would have to obtain a copy of the userdata partition and the encrypted master key with salt stored in a footer file. To do this, the attacker would need to obtain access to the device through an unlocked Bootloader, JTAG, chip-off or an exploit in the firmware.

“Once you have those, you can run password guesses through the decryption process and see if it is successful (at a simple level),” he said. “This is automated and can be optimized to try large numbers of guesses very fast. The implications of the attack are that if you have a weak encryption password it will be possible to crack your encrypted key and get at your data in a reasonable time frame. In that sense it is no different from any other system which uses passwords.”

He described the level of sophistication necessary for the attack as high.

“So the presentation was about how your data can be accessed, techniques used, it wasn’t aimed at warning users about a flaw in the encryption,” he said. “If there is a flaw it is that on stock Android devices the encryption password is the same as the lock screen password, meaning that users set passwords that are easy and quick to type, which can be cracked. Advanced users with root access can change their encryption password while keeping their lock screen password simple, but this isn’t an option for regular users. It is a balance between convenience and security, and the users have to decide where to draw that line.”