A newly revealed vulnerability on Android phones is able to bypass the full disk encryption on over half of devices, demonstrated by Israeli security researcher Gal Beniamini.
The attack can allow an attacker to break through the levels of trust and privileges that are intended to ensure only legitimate code can access secret material, such as DRM keys or disk encryption keys.
Although the attack was patched in the May security update, but only 43 percent of Android devices are patched and safe from this type of attack, leaving 57 percent still at risk.
From Android 5.0 (Lollipop) onwards the OS automatically protects all of the user’s information by enabling full disk encryption based on a Linux Kernel subsystem. It uses a key derived from the user’s unlock credentials and bound to the hardware using Android’s KeyMaster key store.
On devices with Qualcomm processors though — and Qualcomm is one of the biggest suppliers to the Android market — Beniamini’s research shows it’s possible to get KeyMaster to execute hijacked system calls and send keys to a shared buffer from which they can be read.