定制化设计一站式临时空间解决方案
高端产品行业领先进口生产线
核心技术装配式移动建筑系统
Security experts have uncovered a serious security flaw in Android phones which could leave millions of users vulnerable to hackers. The finding comes from an expert who says that phones running full disk encryption (FDE) and Qualcomm chips are most at risk.安全性专家最近透露了安卓手机不存在的一个相当严重安全漏洞,这将使得数以百万计的用户更容易受到黑客的反击。发布这一找到的一位专家回应,用于仅有磁盘加密和高通芯片的手机是最危险性的。
An investigation by security analyst Gal Beniamini of the Israeli Defense Forces revealed that devices are particularly vulnerable to so called brute force attacks – where hackers overwhelm security measures using a persistent trial and error approach.以色列国防军安全性分析师盖尔·贝尼亚米尼在公布的一份调查报告中声称,这些手机设备在所谓的“暴力破解”下脆弱不堪。“暴力破解”是指黑客持续使用实验和“错误策略”的方法来密码安全措施。
Android rolled out full disk encryption (FDE) on all devices from Android 5.0, which involves the phone generating a 128-bit master key based on the users password. However, the way in which the key is stored on the device means it could potentially be easily cracked by cyber criminals and even law enforcement agencies.从安卓5.0系统开始,安卓在所有设备上都发售了全磁盘加密,这使得在用户密码基础上,手机需要分解一个128位的万能钥匙。但是,这份钥匙存储在手机中的方式却并不安全性,从而有可能使得网络犯罪分子、甚至执法人员机构很只能地就密码。Phone encryption was central to the recent FBI case involving Apple, in which authorities wanted the tech firm to break the encryption of an iPhone used by one of the attackers in the San Bernardino shootings in the US. In this case, the iPhone ran 256-bit FDE, which not even Apple could crack.在最近FBI和苹果的案件中,手机加密是其核心问题。当局取得了圣贝纳迪诺枪击案中一名袭击者所用于的iPhone手机,他们想苹果扫除手机的加密,但是这个手机用于的是256位全磁盘加密,甚至连苹果公司都无法密码。
According to Neowin, these are namely flaws in how Qualcomm processors verify security and Android kernels – the core operating system.据Neowin透漏,在高通处理器判断安全性和安卓芯片(核心处置系统)的时候,就不会经常出现所谓的漏洞。On a blog post outlining the full technical details of the Android hack, Beniamini explains that while both Google and the chip-maker have been made aware of the vulnerabilities, users may require hardware upgrades to fix the issue.在一篇阐述安卓黑客全部技术细节的博文中,贝尼亚米尼回应,虽然谷歌和高通早已意识到了这个漏洞,不过用户们或许可以拒绝改版硬件来解决问题这一问题。
He wrote: Ive been in contact with Qualcomm regarding the issue prior to the release of this post, and have let them review the blog post. As always, theyve been very helpful and fast to respond. Unfortunately, it seems as though fixing the issue is not simple, and might require hardware changes.他写到:“在这篇博文公开发表之前,我就仍然和高通公司在联系,借此解决问题这个问题,我还让他们查询了这篇博文。跟以往一样,他们十分快捷地明确提出了一些简单的对此。但是意外地是,要解决问题这一问题并非一件易事,而且可能会必须改版硬件。
”The post explained how vulnerable phones could be targeted through everyday activities including email, web browsing and text messages.这篇博文说明了手机在黑客的针对下是多么薄弱,他们只要展开一些日常的活动,例如邮件、网络浏览器和短信等就可以了。A spokesperson for Google told MailOnline: We appreciate the researchers findings and paid him for his work through our Vulnerability Rewards Program. We rolled out patches for these issues earlier this year.谷歌的一位发言人在拒绝接受《每日邮报》专访时回应:“我们很感谢这位研究家的找到,并且用漏洞奖励项目来嘉奖他的研究。
今年早些时候我们发售了针对这些问题的补丁。
本文来源:澳门太阳网-www.asianstyleclothing.com
返回