Either through a white hat or black hat hack, encrypted data on Android devices with Qualcomm chips can be accessible via brute-force hack. The would-be hacker can get the encryption keys protecting your encrypted data as long as a Qualcomm chipset powers the device.
This brute-force hack was demonstrated by a security researcher Gal Beniamini. He used vulnerabilities patched this year on Qualcomm’s implementation of the ARM CPU TrustZone. A hardware security module running its own kernel and Trusted Execution Environment, which is independent of the device’s main OS.
On Qualcomm processors, this Trusted Execution Environment is referred to as Qualcomm Secure Execution Environment (QSEE). When you set a full-disk encryption on your Android device, the system randomly generates a decryption key known as the Device Encryption Key (DEK). Another security layer is added, where the DEK is further encrypted using an additional key obtained from your device’s PIN, Swipe Pattern, or Password.
Both Android and iOS attempts to bar would-be hackers from extracting the DEK, which would allow them to execute some brute-force hack and possibly guess the decryption password. In cases where there is an …read more