ebrke Posted June 28, 2014 Share Posted June 28, 2014 Apparently serious Android crypto key theft vulnerability: http://arstechnica.com/security/2014/06/serious-android-crypto-key-theft-vulnerability-affects-86-of-devices/ Quote Link to comment Share on other sites More sharing options...
Guest LilBambi Posted June 29, 2014 Share Posted June 29, 2014 LOTS of folks do and most do not have KitKat 4.4.x. Quote Link to comment Share on other sites More sharing options...
securitybreach Posted June 29, 2014 Share Posted June 29, 2014 Ebrke, I do but all of my devices are Nexus devices so I have kitkat on them all. Quote Link to comment Share on other sites More sharing options...
lewmur Posted June 29, 2014 Share Posted June 29, 2014 Apparently serious Android crypto key theft vulnerability: http://arstechnica.c...-86-of-devices/ Am I wrong or is this just a problem for those that use the Keystore app? Quote Link to comment Share on other sites More sharing options...
securitybreach Posted June 29, 2014 Share Posted June 29, 2014 Am I wrong or is this just a problem for those that use the Keystore app? Keystore is for developers to sign their applications. Quote Link to comment Share on other sites More sharing options...
ebrke Posted June 29, 2014 Author Share Posted June 29, 2014 From the ArsTechnica article: The vulnerability resides in the Android KeyStore, a highly sensitive region of the Google-made operating system dedicated to storing cryptographic keys and similar credentials, according to an advisory published this week by IBM security researchers . . . the vulnerability is serious because it resides in KeyStore, arguably one of the most sensitive resources in the Android OS. In an e-mail, Dan Wallach, a professor specializing in Android security in the computer science department of Rice University, explained:Generally speaking this is how apps are going to store their authentication credentials, so if you can compromise the KeyStore, you can log in as the phone's user to any service where they've got a corresponding app, or, at least, an app that remembers who you are and lets you log back in without typing a password. This means that most banking apps, which force you to type your password every time, are probably safe against this particular attack. 1 Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.