RE: [Cryptography] Android Full Disk Encryption Broken - Extracting Qualcomm's KeyMaster Keys
4 Jul
2016
4 Jul
'16
10:13 a.m.
Jeffrey Schiller <jis@mit.edu> writes:
If you look at the exploit you will see it is a simple case of failing to check array/string bounds.
... which is exactly what was exploited in the 2013 attack, alongside a whole boatload of other missing defensive features, no DEP, no ASLR, executable stack, strcpy()s all over the place, it was described at the time as a "hack like it's 1999" attack. As I said in the previous post, security is more than just a fancy name and a lot of marketing, you have to actually make an effort to make it secure. Oh, and given that this looks like a repeat of the same flaws from three years ago, patching your insecure code also helps. Peter.
3094
Age (days ago)
3094
Last active (days ago)
0 comments
1 participants
participants (1)
-
Peter Gutmann