Google Play icon

Android crypto key vulnerability affects only 10 percent handsets: report

Posted July 1, 2014

IBM researchers have called attention to a serious Android crypto key theft vulnerability but the vulnerability affects only version 4.3, which runs on about 10.3 percent of handsets, reports Dan Goodin in Ars Technica, in a June 30 update of his report. IBM researchers had shed light on the vulnerability, which may allow attackers to steal credentials, including cryptographic keys for banking services and virtual private networks, and PINs or patterns to unlock vulnerable devices. Pau Oliva, senior mobile security engineer at viaForensics, said in Ars Technica that a malicious user exploiting this vulnerability would be able to do RSA key generation, signing, and verification on behalf of the smartphone owner. The bug resides in Android KeyStore, said Goodin. This is the sensitive region of the operating system dedicated to storing cryptographic keys and similar credentials, according to the security advisory posted by Roee Hay, who leads the application security research team at IBM.


Read more at:

Featured news from related categories:

Technology Org App
Google Play icon
86,012 science & technology articles

Most Popular Articles

  1. Universe is a Sphere and Not Flat After All According to a New Research (November 7, 2019)
  2. NASA Scientists Confirm Water Vapor on Europa (November 19, 2019)
  3. How Do We Colonize Ceres? (November 21, 2019)
  4. This Artificial Leaf Turns Atmospheric Carbon Dioxide Into Fuel (November 8, 2019)
  5. Scientists created a wireless battery free computer input device (December 1, 2019)

Follow us

Facebook   Twitter   Pinterest   Tumblr   RSS   Newsletter via Email