Qualcomm refutes reports that phones can’t securely encrypt

Reports that Qualcomm processors cannot securely encrypt files were incorrect, the tech company said Friday.

The Hill and other news outlets, including ZDnet and The Register, incorrectly reported the information based on a misreading of a researcher’s blog post.

Researcher Gal Beniamini blogged his research on what might happen if an attacker was able to execute a program in an area of Android processors meant to securely hold encryption keys. He found that hackers would be able to force the processor to cough up the encryption keys.

Getting to the so-called “TrustedZone” of the processor is not easy. Beniamini had once discovered a problem in Qualcomm processors that let attackers do just that, so used Qualcomm as an example — even though the company had patched that problem.

Beniamini does not mention that every Android processor is open to attack if a hacker broke through to its secure area. 

And when The Register broke the story about the research and quoted Qualcomm vice president of engineering Alex Gantman, it did so in a way that made it seem like Gantman had agreed the problem was Qualcomm-specific — something Gantman denies.

Gentian said TrustedZone is a tough enough nut to crack that, right now, this is an entirely theoretical problem, adding that that might be hard for the press to follow. 

“Part of what caused the mistake in the press is how much the bar for security keeps getting raised,” said Gantman.

“Now we’ll have to work late on a three-day weekend,” joked Tara Sims, a public relations representative for Qualcomm.

Qualcomm processors power 42 percent of mobile phones sold in 2015 – twice as many as Apple. 

CORRECTION: A previous version of this report misstated the results of Beniamini’s research.