Home > Uncategorized > Security researchers break encryption on Android phones

Security researchers break encryption on Android phones

If you lose your Android phone, your personal and confidential data could find its way into the wrong hands, even if you have encryption turned on. That’s what hackers have demonstrated at the DefCon.

A pair of security researchers have found an easy way past the encryption on many Android phones.

The good thing is that, the method is not exploiting any flaw in the Linux-based encryption system used in Android devices, but it is rather the passwords that protect the encryption tend to be rather weak. This is because Android uses the same password to decrypt the data on the phone as is used to unlock the device. People tend to use either short PIN numbers, simple patterns or easy-to-remember words. As a result, the encryption is fairly easily broken, through what is known as a brute-force attack.

“The encryption is good but you are able to brute-force it,” said Thomas Cannon, director of research and development for Chicago-based Viaforensics. Cannon highlighted the issue during a presentation at the Defcon hacker conference on Saturday.

Once unlocked, all the information in the user data partition is easily accessible.

An easy fix is – if Android were to incorporate two passwords — a strong one for decrypting a phone at boot-up, and a simpler, easy-to-remember one for unlocking the device, Cannon suggested.

(Source: allthingsd.com)

  1. No comments yet.
  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s