Jump to content


Anyone Have Android Phone?


  • Please log in to reply
5 replies to this topic

#1 OFFLINE   ebrke

ebrke

    Board Bigwig

  • Forum MVP
  • 2,828 posts

Posted 28 June 2014 - 05:25 PM

Apparently serious Android crypto key theft vulnerability:
http://arstechnica.c...-86-of-devices/
Posted Image

#2 OFFLINE   LilBambi

LilBambi

    Australisches Googler

  • Forum Admins
  • 22,546 posts

Posted 28 June 2014 - 10:18 PM

LOTS of folks do and most do not have KitKat 4.4.x.
Bambi
AKA Fran

Posted Image
My Public Key for Email :: BambisMusings Blog :: Fran's Computer Services Blog :: MyPassionIsBooks Blog :: 5BuckReview :: CNIRadio
"The Net interprets censorship as damage and routes around it." ~John Gilmore (Time Magazine, Dec 6, 1993)

#3 OFFLINE   securitybreach

securitybreach

    CLI Phreak

  • Forum Admins
  • 24,027 posts

Posted 29 June 2014 - 12:06 AM

Ebrke, I do but all of my devices are Nexus devices so I have kitkat on them all.
Posted ImagePosted Image Posted Image
CNI Radio/G+ Profile/Configs/PGP Key/comhack π

"Do you begin to see, then, what kind of world we are creating? It is the exact opposite of the stupid hedonistic Utopias that the old reformers imagined. A world of fear and treachery and torment, a world of trampling and being trampled upon, a world which will grow not less but more merciless as it refines itself. Progress in our world will be progress toward more pain." -George Orwell, 1984

#4 OFFLINE   lewmur

lewmur

    Discussion Deity

  • Members
  • PipPipPipPipPipPipPipPipPipPipPipPip
  • 3,604 posts

Posted 29 June 2014 - 09:07 AM

View Postebrke, on 28 June 2014 - 05:25 PM, said:

Apparently serious Android crypto key theft vulnerability:
http://arstechnica.c...-86-of-devices/
Am I wrong or is this just a problem for those that use the Keystore app?

#5 OFFLINE   securitybreach

securitybreach

    CLI Phreak

  • Forum Admins
  • 24,027 posts

Posted 29 June 2014 - 09:55 AM

View Postlewmur, on 29 June 2014 - 09:07 AM, said:

Am I wrong or is this just a problem for those that use the Keystore app?

Keystore is for developers to sign their applications.
Posted ImagePosted Image Posted Image
CNI Radio/G+ Profile/Configs/PGP Key/comhack π

"Do you begin to see, then, what kind of world we are creating? It is the exact opposite of the stupid hedonistic Utopias that the old reformers imagined. A world of fear and treachery and torment, a world of trampling and being trampled upon, a world which will grow not less but more merciless as it refines itself. Progress in our world will be progress toward more pain." -George Orwell, 1984

#6 OFFLINE   ebrke

ebrke

    Board Bigwig

  • Forum MVP
  • 2,828 posts

Posted 29 June 2014 - 12:08 PM

From the ArsTechnica article:

Quote

The vulnerability resides in the Android KeyStore, a highly sensitive region of the Google-made operating system dedicated to storing cryptographic keys and similar credentials, according to an advisory published this week by IBM security researchers . . . the vulnerability is serious because it resides in KeyStore, arguably one of the most sensitive resources in the Android OS. In an e-mail, Dan Wallach, a professor specializing in Android security in the computer science department of Rice University, explained:
Generally speaking this is how apps are going to store their authentication credentials, so if you can compromise the KeyStore, you can log in as the phone's user to any service where they've got a corresponding app, or, at least, an app that remembers who you are and lets you log back in without typing a password. This means that most banking apps, which force you to type your password every time, are probably safe against this particular attack.

Posted Image




1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users