"The flaw affects MediaTek-powered Android phones at a level below the apps and operating system most users think about. That gives the bug unusually high stakes, exposing how quickly a stolen device could become far less secure than it appears."
"With the phone in hand and a USB connection, an attacker could extract the cryptographic keys tied to full-disk encryption, then decrypt storage offline and brute-force the PIN in seconds. The phone can still appear locked even as the damage begins below the surface."
"What makes this especially unsettling is where the weakness lives: deep in the secure boot process that helps a phone verify itself and protect encrypted data before Android fully loads. In practical terms, that puts a locked device at risk at a lower level than most users would expect."
A critical vulnerability discovered in MediaTek chipsets affects roughly one in four Android smartphones, exposing approximately 875 million devices to potential unauthorized access. The flaw exists in the secure boot chain at a level below the operating system, allowing attackers with physical access to extract cryptographic keys and decrypt storage offline within 60 seconds, before Android fully loads. This vulnerability is particularly dangerous because it operates at the chip level, bypassing standard security protections. The affected devices span mid-range and budget Android phones, making this a widespread security concern affecting a significant portion of the Android market.
Read at TechRepublic
Unable to calculate read time
Collection
[
|
...
]