[guardian-dev] [Cryptography] Android Full Disk Encryption Broken - Extracting Qualcomm's KeyMaster Keys
Jeffrey Schiller
jis at mit.edu
Sun Jul 3 11:52:57 EDT 2016
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
If you look at the exploit you will see it is a simple case of failing
to check array/string bounds. A fairly standard hazard in C code. This
kind of mistake doesn’t require complex code, though it is more likely
in complex code.
What concerns me more is the prevalence of “hidden” processors showing
up on our systems. From the TrustZone to cell phone base band
processors to Intel’s Enterprise Management Engine. All of these have
complete access to our systems, run unpublished, un-audited code and
in many cases cannot be upgraded! The Ultimate Root Kit you may not be
able to remove without throwing away your hardware *and* waiting an
arbitrary period of time for new hardware to come out with the problem
solved (and new ones provided).
- -Jeff
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iD8DBQFXeTOU8CBzV/QUlSsRAg48AJ0YMmQVDgu3zcYzs6Cxh56WvTy3TwCg5OK7
N72d/OBWIjEVAoNqCvBAfjI=
=GI4y
-----END PGP SIGNATURE-----
--
_______________________________________________________________________
Jeffrey I. Schiller
Information Systems and Technology – MIT App Inventor
Massachusetts Institute of Technology
77 Massachusetts Avenue Room 32-386
Cambridge, MA 02139-4307
617.910.0259 - Voice
jis at mit.edu
http://jis.qyv.name
http://appinventor.mit.edu
_______________________________________________________________________
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.mayfirst.org/pipermail/guardian-dev/attachments/20160703/fcca8daf/attachment.html>
More information about the guardian-dev
mailing list