[Cryptography] Android Full Disk Encryption Broken - Extracting Qualcomm's KeyMaster Keys
Peter Gutmann
pgut001 at cs.auckland.ac.nz
Mon Jul 4 06:13:40 EDT 2016
Jeffrey Schiller <jis at mit.edu> writes:
>If you look at the exploit you will see it is a simple case of failing to
>check array/string bounds.
... which is exactly what was exploited in the 2013 attack, alongside a whole
boatload of other missing defensive features, no DEP, no ASLR, executable
stack, strcpy()s all over the place, it was described at the time as a "hack
like it's 1999" attack. As I said in the previous post, security is more than
just a fancy name and a lot of marketing, you have to actually make an effort
to make it secure.
Oh, and given that this looks like a repeat of the same flaws from three years
ago, patching your insecure code also helps.
Peter.
More information about the cryptography
mailing list