Defcon Hackers have revealed a problem with Android’s native encryption service installed on all phones on Android 3.0 and up. The irony, however, is not in the code itself, in fact the hackers say the “encryption is good.” The problem lies within the user. To clarify, the encryption uses the same password that the user creates to unlock the phone, whether that be a pattern, PIN or a password. In addition, users generally pick a very simple pattern, a simple word or an obvious PIN. Because of this, it makes it very easy for hackers to do what is referred to as a “Brute Force.”
Thomas Cannon, director of research and development for Viaforensics, suggests that Android incorporate two passwords: one for unlocking and one for excryption. If this was implemented, it would be significantly more difficult for hackers to “brute force” their way through the encryption.