[Cryptography] Android's Secure ADB as a security hole
leichter at lrw.com
Mon Jan 26 12:29:44 EST 2015
On Jan 26, 2015, at 5:25 AM, Peter Gutmann <pgut001 at cs.auckland.ac.nz> wrote:
> When I was looking at this I did some googling to try and figure out what
> controls there were on keys and found somewhere in the ADB docs:
> If needed, the ADB_KEYS_PATH env variable may be set to a :-separated (;
> under Windows) list of private keys, e.g. company-wide or vendor keys.
> The key is a generic OpenSSL PEM file, so all you need to do is point at your company-wide private key in PEM format (conveniently available, and it even comes with a certificate so why not use it?) and your "secure" ADB is a signing oracle for your corporate key.
I'm missing something here. There's some code that will take a private key and sign things with it. This is hazardous - how? If you have access to the private key, there are many ways to use it to sign things. Why is this one special?
More information about the cryptography