RV_ Posted July 7, 2016 Report Share Posted July 7, 2016 THis time it is a hardware vulnerability for any phones with a Qualcomm processor. Excerpt: "A flaw in chipmaker Qualcomm’s mobile processor, used in 60 percent of Android mobiles, allows attackers to crack full disk encryption on the device. Only 10 percent of Android devices running Qualcomm processors are not vulnerable to this type of attack. Researchers at Duo Labs said the vulnerability is tied to Android’s problem-plagued mediaserver component coupled with a security hole in Qualcomm’s Secure Execution Environment (QSEE). Together, these vulnerabilities could allow someone with physical access to the phone to bypass the full disk encryption (FDE). The vulnerability, discovered by Gal Beniamini last week, builds off of earlier research by Beniamini and Duo Labs published in May. That’s when both highlighted a previously unpatched vulnerability (CVE-2016-2431) in Google’s mediaserver component. Google has since patched that vulnerability, but a large percentage of Android phones have yet to receive that update. Duo Labs estimates 57 percent of Android phones are still vulnerable to related mediaserver attacks. “Compared to 60 percent of Android phones that were vulnerable to the Android attack in January, the security posture of our dataset has improved slightly, with 57 percent of Android phones vulnerable to the latest attack,” according to a Duo Labs blog post. The vulnerability, which requires the pre-existing unpatched mediaserver vulnerabilities to be present, essentially allows attackers to perform brute force password attacks against FDE. Android phones, similar to iPhones, limit the frequency and number of times a user can attempt to input a password into a device to unlock it." More here: https://threatpost.com/encryption-bypass-vulnerability-impacts-half-of-android-devices/119039/ RV/Derekhttp://www.rvroadie.com Email on the bottom of my website page.Retired AF 1971-1998 When you see a worthy man, endeavor to emulate him. When you see an unworthy man, look inside yourself. - Confucius “Those who can make you believe absurdities, can make you commit atrocities.” ... Voltaire Link to comment Share on other sites More sharing options...
justRich Posted July 7, 2016 Report Share Posted July 7, 2016 What does that mean? Can someone simply call my phone and start hacking it? ~Rich Link to comment Share on other sites More sharing options...
Max Signal Posted July 7, 2016 Report Share Posted July 7, 2016 THis time it is a hardware vulnerability for any phones with a Qualcomm processor. Excerpt: "A flaw in chipmaker Qualcomm’s mobile processor, used in 60 percent of Android mobiles, allows attackers to crack full disk encryption on the device. Only 10 percent of Android devices running Qualcomm processors are not vulnerable to this type of attack. Researchers at Duo Labs said the vulnerability is tied to Android’s problem-plagued mediaserver component coupled with a security hole in Qualcomm’s Secure Execution Environment (QSEE). Together, these vulnerabilities could allow someone with physical access to the phone to bypass the full disk encryption (FDE). The vulnerability, discovered by Gal Beniamini last week, builds off of earlier research by Beniamini and Duo Labs published in May. That’s when both highlighted a previously unpatched vulnerability (CVE-2016-2431) in Google’s mediaserver component. Google has since patched that vulnerability, but a large percentage of Android phones have yet to receive that update. Duo Labs estimates 57 percent of Android phones are still vulnerable to related mediaserver attacks. “Compared to 60 percent of Android phones that were vulnerable to the Android attack in January, the security posture of our dataset has improved slightly, with 57 percent of Android phones vulnerable to the latest attack,” according to a Duo Labs blog post. The vulnerability, which requires the pre-existing unpatched mediaserver vulnerabilities to be present, essentially allows attackers to perform brute force password attacks against FDE. Android phones, similar to iPhones, limit the frequency and number of times a user can attempt to input a password into a device to unlock it." More here: https://threatpost.com/encryption-bypass-vulnerability-impacts-half-of-android-devices/119039/ What is my vulnerability like if I am running Malware Bytes and a good anti virus programs on my devices? Keeping You ConnectedProud Commercial Member #129 http://www.maximumsignal.net/ Link to comment Share on other sites More sharing options...
RV_ Posted July 7, 2016 Author Report Share Posted July 7, 2016 I gathered that it is a hands on the device vulnerabvility which essentially says that if they are able to get their hands on your phone they can decrypt anything on it, making them insecure if stolen? I just did an edit and made the pertinent info bolded in red. RV/Derekhttp://www.rvroadie.com Email on the bottom of my website page.Retired AF 1971-1998 When you see a worthy man, endeavor to emulate him. When you see an unworthy man, look inside yourself. - Confucius “Those who can make you believe absurdities, can make you commit atrocities.” ... Voltaire Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.