The good news is that if you own a Nexus or Samsung device, you’re probably safe. For everyone else, full disk encryption on Android can be cracked.
That’s the verdict from Israeli security expert Gal Beniamini, and the subject of two features by Ars Technica and Digit over the weekend. The cause of the vulnerability has to do with how FDE works on Android, but the reason why so many devices are vulnerable is ultimately the lack of security updates available for them.
From Ars, here’s a brief summary of how FDE on Android can be exploited:
In stark contrast to the iPhone’s iOS, Qualcomm-powered Android devices store the disk encryption keys in software. That leaves the keys vulnerable to a variety of attacks that can pull a key off a device. From there, the key can be loaded onto a server cluster, field-programmable gate array, or supercomputer that has been optimized for super-fast password cracking.
The vulnerabilities that make this possible, CVE-2015-6639 and CVE-2016-2431, have since been patched by Google. But unless you use a Nexus or Samsung phone there’s no guarantee that your OEM and/or carrier have pushed those particular patches to your device.
Apple fans can gloat about their hardware encryption keys… to a point. Remember that an Israeli security firm was famously able to crack them, too.