1. Download our Official Android App: Forums for Android!

General Android-Qualcomm encryption exploit

Discussion in 'Android Lounge' started by svim, Jul 1, 2016.

  1. electricpete

    electricpete Android Expert
    Rank:
     #68
    Points:
    393
    Posts:
    2,072
    Joined:
    Jan 7, 2012

    Jan 7, 2012
    2,072
    1,028
    393
    Male
    Electrical Engineer
    The first hyperlink (arstechnica) actually leads to neowin if you click it, but I can get the arstechnica article but copying the displayed address into my browser.

    Some things to put it in perspective

    Since it applies to encryption, it only applies when someone gets physical access to the device (of course). phone lost, phone sneakily borrowed, phone stolen, or phone seized by law enforcement.

    The vulnerability allows access to some internal key but that's not all they need. They still need your PIN (the pin and internal key are supposed to work together in encryption so that you need both*). They can get that by brute force attack (guessing) and in this scenario where the internal key is available apparently the progressively increasing forced delays for PIN guessing for Nexus/AOSP are not enforced (so it can be done quickly with a computer). You can make that harder by using a longer PIN (and if you have smartwatch with smartlock then why not... you rarely have to enter your pin anyway... I use an 8 digit PIN).

    To me it seems safe to say this level of sophistication (break in to steal the internal key and then brute force guess the PIN) would be in the realm of government/law enforcement and not thieves. So, imo it should not overly concern law-abiding citizens (not intending to get into any philosophical debate about privacy).

    By the way it was patched for nexus devices. For Nexus 6p I recall the patch was effective. Somewhere they mentioned for Nexus 6 with "unlockable" bootloader that someone could flash back to an earlier version of software (a version before the patch) in order to bypass the patch. I think what they're saying is this can occur if the user has "allow OEM unlocking" checked in settings. I'd venture to say most average users who upgrade by OTA do not have that checked. On the other hand most people who routinely flash do have it checked (myself included). Weighing the risk of government seeing my private data if they should seize my phone for some reason (low likelihood, low consequences) vs potentially not being able to recover from a brick (higher likelihood, big consequences), I'm going to leave it checked.

    At least that's the way I see it. I'm no expert and welcome corrections.

    * By the way, (at least on Nexus 6 devices), someone can get to your data much easier without your PIN and without any fancy computer programs if you don't have the option for "require pin to start device" set whenever you set or reset your pin. If you select "no thanks" it warns you are missing some "enhanced security" and even though you are asked for a pin before getting to android system during normal boot, you are not at all protected for access in recovery. More details here
    http://androidforums.com/threads/gu...ory-image-manually.706533/page-8#post-7274101
    Actually this may have been patched since then, I don't know.
     
    #2 electricpete, Jul 4, 2016
    Last edited: Jul 4, 2016
    svim likes this.
  2. svim

    svim Android Expert
    Thread Starter
    Rank:
     #45
    Points:
    608
    Posts:
    3,751
    Joined:
    Dec 19, 2013

    Dec 19, 2013
    3,751
    2,792
    608
    Illinois
    Tried twice to correct this and both times it would refer to the neowin article. Putting the arstechnica link on the bottom worked. ?????
     
    electricpete likes this.

Share This Page

Loading...