Qualcomm’s mobile processor chip has a flaw that allows attackers to crack full disk encryption on the device.
The flaw could allow someone with physical access to the phone to bypass the FDE, thus breaking through the levels of trust and privileges that are intended to ensure only legitimate code can access secret material, such as DRM or disk encryption keys. From there, an attacker can access all of the information and material on a device.
Qualcomm’s chip powers about 60% of Android mobile phones, and the issue affects 90% of the chipsets, meaning that half of all Android users are theoretically vulnerable.
According to Duo Labs, a flaw in Android’s mediaserver component must be coupled with the security hole in order for this to be exploited. But that doesn’t reduce the attack surface very much. Duo Labs’ Gal Beniamini said that the patch for the vulnerability (CVE-2016-2431) in mediaserver has yet to make it to most Android aficionados—he estimates that number to be 57%—still leaving potentially half of Android users open.
There is however progress being made. “Compared to 60% of Android phones that were vulnerable to the Android attack in January, the security posture of our dataset has improved slightly, with 57% of Android phones vulnerable to the latest attack,” the company noted. “One of the most popular phone models in our dataset, Galaxy S6, improved significantly from 0% patched (January update) to 75% patched (May update, including all prior updates).”
With 75% of Galaxy S6s up-to-date, Duo Labs puts it up on the same pedestal as the Nexus series, which were also around 75% patched. Improvement in the security posture of the Galaxy S6 has a substantial impact on overall results, as it dominates Duo Labs’ dataset of over 500,000 phones.
Duo recommends that users patch your phones, which is no surprise. “If your manufacturer has not yet made patches available, put some pressure on them to do so,” the researchers said. “As always, we find the only Android devices that we can recommend without major reservations are Nexus and, now, Samsung devices, provided they keep releasing those security updates quickly.”
Photo © Zeynep Demir/Shutterstock.com