Search the Community
Showing results for tags 'android'.
The Register reports on a weakness with the Device Encryption Key (DEK) used on Android. The DEK is encrypted using the owner’s PIN or password and an encrypted block of data called the KeyMaster Key Blob. The blob is located in the protected TrustZone. However Gal Beniamini has discovered bugs in the management app running the TrustZone that create a privilege-escalation vulnerability. Once the blob has been acquired it only requires brute force on the PIN or password to obtain decrypted access. Unfortunately the patching process depends on the hardware vendor, so it may be some time before the known bugs are patched. Even though Google has already patched the Nexus it will only remain secure until further privilege-escalation bugs are identified, and more are only to be expected. Ultimately it is the methodology that allows this weakness to prevail.