Friday, 18 November 2016

Google quickly clarifies the security tech in Android Nougat after the Pixel hack


After the Pixel phones were hacked in less than 60 seconds by a team Chinese dudes, Google has rushed to clarify the kind of security the smartphones come with. In its official Keyword blog, Google has outlined the improvements in security in Android Nougat as well as in the Pixel phones, which includes File-based Encryption, Direct Boot and TrustZone security. Google had earlier said that Android is now as secure as iOS. The company now has explained what exactly is going on behind the scenes to secure the devices. 

Android Nougat comes with file-based encryption which basically encrypts different files with different keys which are unlocked independently. This allows the rest of the files to remain uncompromised even when one file has been hacked. Earlier, Android used Full Disk Encryption which didn't do much good to the security. File-based encryption separates the data into device encrypted data and credential encrypted data, keeping the important credentials in a separate container.

Direct boot in Android Nougat uses the file-based encryption to keep the user experience seamless after a device reboots. For instance, applications like alarm clocks, accessibility settings and phone calls are available immediately after boot.

What's more, Anroid Nougat comes with TrustZone security tech that executes system-level codes in a mode that is secure even when the main kernel is compromised. It also stores the disk encryption keys and when it detects the operating system has been modified, it won't decrypt the keys to keep the data inside secure.

To prevent brute force attacks, TrustZone comes with a waiting period that gets longer each time a wrong sequence of the pattern is made. With over 162 valid four-point patterns and the ever growing waiting period, brute force attackers will need four years to hack into an Android Nougat phone.

In addition, the Pixel phones come with an inbuilt hardware encryption engine that provides hardware level encryption all the while maintaining the I/O performance.
This Blog was first published on:- http://www.gizmodo.in/indiamodo/Google-quickly-clarifies-the-security-tech-in-Android-Nougat-after-the-Pixel-hack/articleshow/55494872.cms 

No comments:

Post a Comment