Google’s recently released Android Nougat-powered Pixel smartphones offer a whole new level of data protection because of their built in encryption capabilities, the company said this week. In a blog post Google senior software engineers Paul Crowley and Paul Lawrence said the new data security capabilities made Pixel and Pixel XL better, faster and stronger than the company’s previous smartphone models. As one example, the two engineers pointed to the new file based encryption (FBE) support available on Pixel phones. Unlike full-disk encryption, FBE enables different files to be encrypted with different keys so each file can be opened independently of the others. File level encryption also enables data to be separated into a device-encrypted group and a credential-encrypted group, Crowley and Lawrence said.
In addition, FBE enables a so-called Direct Boot capability in Android 7.0 Nougat that allows an encrypted phone to boot directly to the lock-screen, according to a Google description of the technology.
“For users, this means that applications like alarm clocks, accessibility settings, and phone calls are available immediately after boot,” the two engineers said. In contrast, with full disk encryption the user would need to first authenticate to the device before any data and anything but the most basic functions can be accessed. Also new with Android 7.0 and Pixel is a feature called TrustZone for encrypting and storing all disk encryption keys. TrustZone enforces two key security functions on Pixel phones. One of them is a feature that prevents disk encryption keys from being decrypted if there is any sign of the operating system being compromised or modified. The other is a feature designed to discourage brute force password guessing attacks by lengthening waiting periods between wrong password guesses.
The manner in which TrustZone enforces the waiting period ensures that it will take more than four years for an attacker to try all possible combinations, the Google engineers said. This ensures better security especially for those with a short or easily guessed password, PIN or pattern. Google has also implemented the encryption on Pixel devices in such a manner as to take advantage of what Crowley and Lawrence described as an inline hardware encryption engine. The feature gives Pixel phones the ability to write encrypted data at line speed, they said. Google’s move to release details on the encryption support in Pixel comes just days after a white hat hacking team at Chinese security firm Qihoo 360 demonstrated a proof of concept exploit in which they were able to break into a Pixel phone in less than 60 seconds. For the demonstration, the hackers exploited a zero-day flaw to gain access to a Pixel device and execute code on it remotely.
The hackers demonstrated the exploit at a hacking event at the POC2016 security conference organized by Power of Community a Korean group. The Qihoo 360 team provided details of the exploit to Google, which rewarded them with a $120,000 bounty for finding and reporting it.