Researchers Explain How Locked Android, iOS Phone Encryption Gets Bypassed

Must read

How to disable and delete Samsung Pay from your Galaxy phone

When it comes to paying conveniently, Samsung Pay makes using your phone as a bank card an easy process; however, there may come...

Best Cheap Wi-Fi 6 Router in 2020

Source: TP-Link Best Cheap Wi-Fi 6 Router Android Central 2020 The next generation of Wi-Fi, known as Wi-Fi 6, is making its way to a lot of new...

How to Hack the Hidden Google Chrome Dinosaur Game

Most of us have seen the dreaded “No Internet” error message on Google Chrome. You can actually turn this screen into a fun,...
Bhawani Singh
I am a blogger who believes in delivering latest tech news from around the world to my viewers.

Researchers at Johns Hopkins University have come out with a report that highlights all the vulnerabilities that Android and iOS phone encryption have, and how law enforcement agencies can exploit these to access even locked smartphones. This research comes at a time when governments in various countries are pressuring for backdoors in encryption for accessing data on smartphones when the national security is at stake. However, this new research claims that methods are already available for law enforcement to access locked smartphones of they have the right knowledge and tools, thanks to current security loopholes in the Android and iOS ecosystems.

This new research was reported by Wired, and it has been conducted by Maximilian Zinkus, Tushar Jois, and Matthew Green, of Johns Hopkins University. In their analysis, it is found that Apple does have a powerful and compelling set of security and privacy controls, backed by strong encryption. However, critical lack in coverage due to under-utilisation of these tools allows for law enforcement and other hackers to access the phones if they desire. “We observed that a surprising amount of sensitive data maintained by built-in apps is protected using a weak “available after first unlock” (AFU) protection class, which does not evict decryption keys from memory when the phone is locked. The impact is that the vast majority of sensitive user data from Apple’s built-in apps can be accessed from a phone that is captured and logically exploited while it is in a powered-on (but locked) state.”

The researchers also spoke about weakness in cloud backup and services as they found ‘several counter-intuitive features of iCloud that increase the vulnerability of this system.’ They also highlight the blurred nature of Apple documentation when it comes to “end-to-end encrypted” cloud services in tandem with iCloud backup service.

The researchers said that while Android also has strong protections, especially on the latest flagship phones, the fragmented and inconsistent nature of security and privacy controls across devices, makes it more vulnerable. The report also blames the deeply lagging rate of Android updates reaching devices, and various software architectural considerations as big reasons for high breach rate. “Android provides no equivalent of Apple’s Complete Protection (CP) encryption class, which evicts decryption keys from memory shortly after the phone is locked. As a consequence, Android decryption keys remain in memory at all times after “first unlock,” and user data is potentially vulnerable to forensic capture,” the researchers detail in their post.

Further, it faults de-prioritisation and limited use of end-to-end encryption. Researchers also pointed to the deep integration with Google services, such as Drive, Gmail, and Photos. These apps offer rich user data that can be infiltrated either by knowledgeable criminals or by law enforcement.

Johns Hopkins cryptographer Matthew Green told Wired, “It just really shocked me, because I came into this project thinking that these phones are really protecting user data well. Now I’ve come out of the project thinking almost nothing is protected as much as it could be. So why do we need a backdoor for law enforcement when the protections that these phones actually offer are so bad?”

What will be the most exciting tech launch of 2021? We discussed this on Orbital, our weekly technology podcast, which you can subscribe to via Apple Podcasts, Google Podcasts, or RSS, download the episode, or just hit the play button below.

Source link

More articles

Leave a Reply

Subscribe to our newsletter

To be updated with all the latest news, offers and special announcements.

- Advertisement -

Latest article

Realme GT 5G Price Teased Ahead of March 4 Launch, Teaser Video Shows Leather Edition

Realme GT 5G price has been teased on Weibo just days ahead of its official launch in China. The flagship Realme phone will...

Galaxy Buds Live update adds hearing enhancement feature

A new update is rolling out for the Samsung Galaxy Buds Live that brings the hearing enhancement feature plus a few other minor...

Kiranmayi Indraganti’s Telugu film ‘Rallalo Neeru’ is an adaptation of Henrik Ibsen’s play, ‘A Doll’s House’

Kiranmayi Indraganti’s feature film ‘Rallalo Neeru’ is an indie-spirited Telugu adaptation of Henrik Ibsen’s play, ‘A Doll’s House’ Norwegian playwright Henrik Ibsen’s three-act...

How 30,000 elephant 'selfies' will help in conservation

Researchers are developing new technology to help reduce human-elephant conflicts. Source link

Apple looks to rid App Store of ‘rip-off’ scam apps that trick users into paying large sums

App Store developers that charge exorbitant prices for their apps or in-app purchases better have a good reason to justify it. Apple is looking...
- Advertisement -