Description: With Android 5.0, Google announced to enable full-disk encryption with every device out-of-the-box. Along with other smartphone manufacturers announcing similar efforts, this lead to criticism by law enforcement officials. Interested in how "dark" we are actually going, we have analysed the security of Android's full-disk encryption. The assessment revealed that the previously known Offline Attack indeed was resolved by Google. However, by changing a small aspect in the attack prerequisites, we have discovered that a similar attack is still possible. We named this attack the Semi-Offline Attack, pinpointing that the device is required during the attack. Though, the computationally intensive calculations of key derivation functions is still leveraged to a different and more powerful host. While increasing the attack time and complexity, the difference between the Offline and Semi-Offline Attack are not huge.
Biography: Oliver Kunz
Oliver Kunz is an information security consultant. Working in the field of information security since 2010, he has assisted his clients to resolve incidents, perform risk assessments, and analyse the security of applications. His current main field of research is mobile related security, in particular of Android systems and applications.
For More Information Please Visit:- http://area41.io/
Tags:
Disclaimer: We are a infosec video aggregator and this video is linked from an external website. The original author may be different from the user re-posting/linking it here. Please do not assume the authors to be same without verifying.