Beniamini found that an attacker can exploit kernel flaws and vulnerabilities in some of Qualcomm’s security measures to get that encryption key. Once the key is secured – hackers just need to brute force their way to a password and they can crack the phone.

However, this is more a possible attack than a probable one, as it requires additional side hacking – and would more or less require that device manufacturers themselves would have to directly modify the software. That is not likely.

A Qualcomm spokesperson gave Engadget the following comment on the issue:

“Providing technologies that support robust security and privacy is a priority for Qualcomm Technologies, Inc. (QTI). QTI continues to work proactively both internally as well as with security researchers such as Gal Beniamini to identify and address potential security vulnerabilities. The two security vulnerabilities (CVE-2015-6639 and CVE-2016-2431) discussed in Beniamini’s June 30 blog post were also discovered internally and patches were made available to our customers and partners. We have and will continue to work with Google and the Android ecosystem to help address security vulnerabilities and to recommend improvements to the Android ecosystem to enhance security overall.”

A Google spokesperson provided Engadget the following statement:

“We appreciate the researcher’s findings and paid him for his work through our Vulnerability Rewards Program. We rolled out patches for these issues earlier this year.”