Johns Hopkins University is a private research university based in the US. Founded in 1876, it is America’s first research university. Recently, the university has come out with a report that tells you about the hole or weaknesses that Android and iOS phone encryption consist of.
The report also tells how law enforcement agencies can use these weaknesses to access even locked smartphones. Nowadays, almost every smartphone is secured via a password by a user. Thus, this research can be very handy for these agencies.
The University’s study also speaks about weakness in cloud backup and services. It spoke that they discovered ‘several counter-intuitive features of iCloud that increase the vulnerability of this system.’ They were also vocal about the increased security and strong protection in the latest flagship phones but the vulnerability comes in with the fragmented privacy controls across devices.
There is a big lagging rate of Android updates when it has to reach different smartphones and this might lead to a high breach rate. The researchers state “Android provides no equivalent of Apple’s Complete Protection (CP) encryption class, which evicts decryption keys from memory shortly after the phone is locked. As a consequence, Android decryption keys remain in memory at all times after “first unlock,” and user data is potentially vulnerable to forensic capture.” Talking about the deep integration with Google services (Gmail, Meet, Photos, Drive and more) rich data of users can get into the hands of law enforcement agencies or some criminals. The built-in apps also consist of a huge amount of data which is itself protected by a fragile “available after first unlock” (AFU) protection.
Matthew Green, Johns Hopkins cryptographer, said “It just really shocked me, because I came into this project thinking that these phones are really protecting user data well. Now I’ve come out of the project thinking almost nothing is protected as much as it could be. So why do we need a backdoor for law enforcement when the protections that these phones actually offer are so bad?”