[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: [Cryptography] Android Full Disk Encryption Broken - Extracting Qualcomm's KeyMaster Keys
Jeffrey Schiller <jis@mit.edu> writes:
>If you look at the exploit you will see it is a simple case of failing to
>check array/string bounds.
... which is exactly what was exploited in the 2013 attack, alongside a whole
boatload of other missing defensive features, no DEP, no ASLR, executable
stack, strcpy()s all over the place, it was described at the time as a "hack
like it's 1999" attack. As I said in the previous post, security is more than
just a fancy name and a lot of marketing, you have to actually make an effort
to make it secure.
Oh, and given that this looks like a repeat of the same flaws from three years
ago, patching your insecure code also helps.
Peter.