Android 5.0 data better protected with new crypto system
There's been a lot of hoopla in recent weeks over claims from Google that user content, stored in the latest iterations of the Android operating system, is encrypted in such a way that Google does not have the capacity to decrypt the locally stored information.
According to Nikolay Elenkov of Android Explorations, Android users have had the option to deploy full disk encryption (FDE) since Android 3.0, also known as Honeycomb. Android's FDE offering then remained largely unchanged until Google fortified it in Android 4.4. They will strengthen that cryptographic system yet again in Android L, but more importantly, they are also turning FDE on by default for the first time in Android 5.0.
In Android version 4.4, Google moved towards a stronger crypto-system. Despite this, it is still based on a PIN or password. So it is still possible to perform an attack and ultimately brute-force weak PINs and passwords, though in Android 4.4 it took a matter of minutes rather than seconds.
Such attacks will not work for Android L. The exact reason for that is unclear, because there is not yet any available source-code for the operating system. Elenkov's analysis led him to conclude that decryption key derivation is no longer based purely on a user's passphrase, PIN or lock-screen password. Instead, it seems decryption in future varieties of Android will be based only in part on the user's lock-screen PIN or password.
Thus, brute-forcing a password may still be possible, but it won't decrypt encrypted disk space.
Comments