Security experts have uncovered a serious security flaw in Android phones which could leave millions of users vulnerable to hackers. The finding comes from an expert who says that phones running full disk encryption (FDE) and Qualcomm chips are most at risk.
安全专家最近披露了安卓手机存在的一个严重安全漏洞,这将使得数以百万计的用户容易受到黑客的攻击。公布这一发现的一位专家表示,使用全磁盘加密和高通芯片的手机是最危险的。
An investigation by security analyst Gal Beniamini of the Israeli Defense Forces revealed that devices are particularly vulnerable to so called 'brute force attacks' – where hackers overwhelm security measures using a persistent trial and error approach.
以色列国防军安全分析师盖尔·贝尼亚米尼在发布的一份调查报告中声称,这些手机设备在所谓的“暴力破解”下脆弱不堪。“暴力破解”是指黑客持续采用实验和“错误策略”的方法来破解安全措施。
Android rolled out full disk encryption (FDE) on all devices from Android 5.0, which involves the phone generating a 128-bit master key based on the user's password. However, the way in which the key is stored on the device means it could potentially be easily cracked by cyber criminals and even law enforcement agencies.
从安卓5.0系统开始,安卓在所有设备上都推出了全磁盘加密,这使得在用户密码基础上,手机能够生成一个128位的万能钥匙。但是,这份钥匙存储在手机中的方式却并不安全,从而有可能使得网络犯罪分子、甚至执法机构很轻易地就破解。
Phone encryption was central to the recent FBI case involving Apple, in which authorities wanted the tech firm to break the encryption of an iPhone used by one of the attackers in the San Bernardino shootings in the US. In this case, the iPhone ran 256-bit FDE, which not even Apple could crack.
在最近FBI和苹果的案件中,手机加密是其核心问题。当局获得了圣贝纳迪诺枪击案中一名袭击者所使用的iPhone手机,他们想要苹果破除手机的加密,但是这个手机使用的是256位全磁盘加密,甚至连苹果公司都不能破解。
According to Neowin, these are namely flaws in how Qualcomm processors verify security and Android kernels – the core operating system.
据Neowin透露,在高通处理器判别安全和安卓芯片(核心处理系统)的时候,就会出现所谓的漏洞。
On a blog post outlining the full technical details of the Android hack, Beniamini explains that while both Google and the chip-maker have been made aware of the vulnerabilities, users may require hardware upgrades to fix the issue.
在一篇概述安卓黑客全部技术细节的博文中,贝尼亚米尼表示,虽然谷歌和高通已经意识到了这个漏洞,不过用户们也许可以要求更新硬件来解决这一问题。
He wrote: 'I've been in contact with Qualcomm regarding the issue prior to the release of this post, and have let them review the blog post. As always, they've been very helpful and fast to respond. Unfortunately, it seems as though fixing the issue is not simple, and might require hardware changes.'
他写道:“在这篇博文发表之前,我就一直和高通公司在联系,以求解决这个问题,我还让他们查阅了这篇博文。跟以往一样,他们非常快捷地提出了一些有用的回应。但是不幸地是,要解决这一问题并非一件易事,而且可能会需要更新硬件。”
The post explained how vulnerable phones could be targeted through everyday activities including email, web browsing and text messages.
这篇博文解释了手机在黑客的针对下是多么脆弱,他们只要进行一些日常的活动,例如邮件、网络浏览器和短信等就可以了。
A spokesperson for Google told MailOnline: 'We appreciate the researcher's findings and paid him for his work through our Vulnerability Rewards Program. We rolled out patches for these issues earlier this year.'
谷歌的一位发言人在接受《每日邮报》采访时表示:“我们很感激这位研究家的发现,并且用'漏洞奖励项目'来嘉奖他的研究。今年早些时候我们推出了针对这些问题的补丁。”