Android will automatically require full disk encryption.

Soon android vendors will need to set disk encryption to be the standard on new devices (provided the device supports it) it seems the only requirement is if the device features a lock screen.

Taken from their new best practices guide:
https://static.googleusercontent.com/media/source.android.com/en//compatibility/android-cdd.pdf 

crpt

This is great news, but Google should focus on securing how the device is encrypted before making it mandatory for all users. Not to mention, its generally human error that gives you away on your phone. Very sobering and appropriate (Gawker User) comment below:

Comment

With mobile platforms more and more commonly being accepted as payment methods I feel this is android push to get their platform secure for a new type of Google Checkout / Paypass. This will increase desire to turn your phone into a larger and larger attack surface for carders.

Bundled with the fact employers are allowing much more BYOD policy’s this can become an issue. But until that happens, here is a hashcat thread on how to capture and brute force the keys if you are doing data forensics on the device. Provided you know how to use hashcat and have spare CUDA cores.

But hey, if your short a few cores Nvidia’s Test Drive has not been abused yet since they are still letting users sign up. I am surprised it has not become an issue yet.

nvidia

*Note I dont recommend the abuse of Nvidia’s free service to crack android or other passwords. But I am surprised they don’t put in more hurdles to prevent someone from doing this / using them as a seedbox.

 

Leave a Reply

Your email address will not be published. Required fields are marked *