Apple recently launched its latest software update iOS 17 promising easier contact-sharing prowess, new stickers, Siri command updates along other enticing features. The update…
Encryption usually makes infiltrating a device a more difficult affair, but not all encryption methods are made equal. This revelation was made by indie researcher laginimaineb.
According to the findings, Android devices powered by ARM-based Qualcomm chips store encryption keys not in hardware, but software. This effectively makes it easier for attackers to gain access to these keys, and your information. The issue lies in ARM’s TrustZone system used to store the keys.
This is a stark contrast to Apple‘s system:
“Binding the encryption key to the device’s hardware allows Apple to make the job much harder for would-be attackers. It essentially forces attackers to use the device for each cracking attempt. This, in turn, allows Apple to introduce a whole array of defences that would make cracking attempts on the device unattractive,” laginimaineb explains.
While obtaining these keys on an Android device remains too much trouble for the common crook, it’s clear that encryption isn’t quite perfect. It should also be noted that Android full-disk encryption is enabled by default from Android 5.o Lollipop and later.
According to Engadget’s comment from Qualcomm, the security flaws were “were also discovered internally and patches were made available to our customers and partners,” while Google also explained that it issued patches to its systems “earlier this year.”