[Cryptography] Android's Secure ADB as a security hole

Alfonso De Gregorio alfonso.degregorio at gmail.com
Mon Jan 26 13:42:45 EST 2015

> I'm missing something here.  There's some code that will take a private key and sign things with it.  This is hazardous - how?  If you have access to the private key, there are many ways to use it to sign things.  Why is this one special?

Sure, there are many ways to exploit access to private keys. Still,
not all exploits are born equal when it comes to susceptibility to
detection. Peter is concerned about a signing oracle that sends you
back the desired signatures through an authorized protocol.

-- alfonso

More information about the cryptography mailing list