Security Alerts & News
by Tymoteusz A. Góral

History
#1090 Android KeyStore encryption scheme broken, researchers say
The default implementation for KeyStore, the system in Android designed to store user credentials and cryptographic keys, is broken, researchers say.

In a an academic paper published this week, researchers argue that the particular encryption scheme that KeyStore uses fails to protect the integrity of keys and could be exploited to allow an attacker to modify stored keys through a forgery attack.

KeyStore, which performs key-specific actions through the OpenSSL library, allows Android apps to store and generate their own cryptographic keys. By storing keys in a container, KeyStore makes it more difficult to remove them from the device.

Mohamed Sabt and Jacques Traoré, two researchers with the French telecom Orange Labs, claim the scheme associated with the system is “non-provably secure,” and could have “severe consequences."
Read more
#1093 DLink WiFi camera flaw extends to 120 products
#1092 10 million Android phones infected by all-powerful auto-rooting apps
#1091 CryptXXX ransomware updates ransom note, payment site
#1090 Android KeyStore encryption scheme broken, researchers say
#1089 Symantec: Latest Intelligence for June 2016
#1088 New OSX/Keydnap malware is hungry for credentials
#1087 After hiatus, in-the-wild Mac backdoors are suddenly back
#1086 European Union’s first cybersecurity law gets green light
#1085 Criminals winning 'cyber arms race' - UK National Crime Agency
History
2017: 01 02 03 04 05
2016: 01 02 03 04 05 06 07 08 09 10 11 12