高通芯片存缺陷 安卓手機爆出重大漏洞!

Security experts have uncovered a serious security flaw in Android phones which could leave millions of users vulnerable to hackers. The finding comes from an expert who says that phones running full disk encryption (FDE) and Qualcomm chips are most at risk.

安全專家最近披露了安卓手機存在的一個嚴重安全漏洞，這將使得數以百萬計的用戶容易受到黑客的攻擊。公佈這一發現的一位專家表示，使用全磁盤加密和高通芯片的手機是最危險的。

An investigation by security analyst Gal Beniamini of the Israeli Defense Forces revealed that devices are particularly vulnerable to so called 'brute force attacks' – where hackers overwhelm security measures using a persistent trial and error approach.

以色列國防軍安全分析師蓋爾·貝尼亞米尼在發佈的一份調查報告中聲稱，這些手機設備在所謂的“暴力破解”下脆弱不堪。“暴力破解”是指黑客持續採用實驗和“錯誤策略”的方法來破解安全措施。

Android rolled out full disk encryption (FDE) on all devices from Android 5.0, which involves the phone generating a 128-bit master key based on the user's password. However, the way in which the key is stored on the device means it could potentially be easily cracked by cyber criminals and even law enforcement agencies.

從安卓5.0系統開始，安卓在所有設備上都推出了全磁盤加密，這使得在用戶密碼基礎上，手機能夠生成一個128位的萬能鑰匙。但是，這份鑰匙存儲在手機中的方式卻並不安全，從而有可能使得網絡犯罪分子、甚至執法機構很輕易地就破解。

Phone encryption was central to the recent FBI case involving Apple, in which authorities wanted the tech firm to break the encryption of an iPhone used by one of the attackers in the San Bernardino shootings in the US. In this case, the iPhone ran 256-bit FDE, which not even Apple could crack.

在最近FBI和蘋果的案件中，手機加密是其核心問題。當局獲得了聖貝納迪諾槍擊案中一名襲擊者所使用的iPhone手機，他們想要蘋果破除手機的加密，但是這個手機使用的是256位全磁盤加密，甚至連蘋果公司都不能破解。

According to Neowin, these are namely flaws in how Qualcomm processors verify security and Android kernels – the core operating system.

據Neowin透露，在高通處理器判別安全和安卓芯片（核心處理系統）的時候，就會出現所謂的漏洞。

On a blog post outlining the full technical details of the Android hack, Beniamini explains that while both Google and the chip-maker have been made aware of the vulnerabilities, users may require hardware upgrades to fix the issue.

在一篇概述安卓黑客全部技術細節的博文中，貝尼亞米尼表示，雖然谷歌和高通已經意識到了這個漏洞，不過用戶們也許可以要求更新硬件來解決這一問題。

He wrote: 'I've been in contact with Qualcomm regarding the issue prior to the release of this post, and have let them review the blog post. As always, they've been very helpful and fast to respond. Unfortunately, it seems as though fixing the issue is not simple, and might require hardware changes.'

他寫道：“在這篇博文發表之前，我就一直和高通公司在聯繫，以求解決這個問題，我還讓他們查閱了這篇博文。跟以往一樣，他們非常快捷地提出了一些有用的迴應。但是不幸地是，要解決這一問題並非一件易事，而且可能會需要更新硬件。”

The post explained how vulnerable phones could be targeted through everyday activities including eMail, web browsing and text messages.

這篇博文解釋了手機在黑客的針對下是多麼脆弱，他們只要進行一些日常的活動，例如郵件、網絡瀏覽器和短信等就可以了。

A spokesperson for Google told MailOnline: 'We appreciate the researcher's findings and paid him for his work through our Vulnerability Rewards Program. We rolled out patches for these issues earlier this year.'

谷歌的一位發言人在接受《每日郵報》採訪時表示：“我們很感激這位研究家的發現，並且用'漏洞獎勵項目'來嘉獎他的研究。今年早些時候我們推出了針對這些問題的補丁。”