EvilZone

Hacking and Security => Mobile Hacking => Android => : Stackprotector July 04, 2013, 09:58:03 AM

: The signature master key ? :)
: Stackprotector July 04, 2013, 09:58:03 AM

http://bluebox.com/corporate-blog/bluebox-uncovers-android-master-key/ (http://bluebox.com/corporate-blog/bluebox-uncovers-android-master-key/)


We will have to wait for blackhat usa, or will we find it our self?

: Re: The signature master key ? :)
: Axon July 04, 2013, 12:01:05 PM

This shit is scary, I wonder what kind of vulnerability that could compromise approximately 900 millions devices?

: Re: The signature master key ? :)
: jonneburger July 04, 2013, 12:04:07 PM

Well, now i am happy that i bought new computer and stop using android as my primary internet-device

: Re: The signature master key ? :)
: Stackprotector July 04, 2013, 01:00:59 PM

Though, you should never install software from unknown sources on your personal phone :D

: Re: The signature master key ? :)
: Stackprotector July 31, 2013, 11:31:46 AM

Some explaination i think :)

part 1:
http://nelenkov.blogspot.nl/2013/04/android-code-signing.html
part 2:
http://nelenkov.blogspot.nl/2013/05/code-signing-in-androids-security-model.html

: Re: The signature master key ? :)
: Axon August 19, 2013, 12:52:37 PM

Bluebox CTO, Jeff Forristal’s presentation slide package entitled “Android: One Root to Own Them All” about his research that uncovered the Android Master Key is now available.

http://bluebox.com/wp-content/uploads/2013/08/Forristal_Blackhat-US2013__final.pdf