Forums
Main Category
General (Technical,...
Android DDMS Vulner...
 
Notifications
Clear all

Android DDMS Vulnerability

 
General (Technical, Procedural, Software, Hardware etc.)
Last Post by trewmte 12 years ago
2 Posts
1 Users
0 Reactions
584 Views
RSS
 trewmte
(@trewmte)
Noble Member
Joined: 19 years ago
Posts: 1877
Topic starter 19/07/2013 11:06 am  

The article states "The flaw is located in an Android component known as the Dalvik Debug Monitor Service (or DDMS), the virtual machine that runs software on Android devices. The vulnerability affects almost all Android devices in use, could allow a malicious actor to modify a legitimate, signed Android application without affecting the application’s cryptographic signature. That would prevent Android from noticing the changes when the application is installed."

http//trewmte.blogspot.co.uk/2013/07/android-ddms-vulnerability.html


   
Quote
 trewmte
(@trewmte)
Noble Member
Joined: 19 years ago
Posts: 1877
Topic starter 23/07/2013 12:07 pm  

On the 19th July I posted http//trewmte.blogspot.co.uk/2013/07/android-ddms-vulnerability.html about knowing exploits on and understanding originality and genuineness of a handset and (U)SIM Card.

Karsten Nohl on the 22nd July released details of an exploit for older type (no specifics as yet) SIM Cards using DES security. The exploit revealed a returned 'error code that contained the device's cryptographic signature, a 56-bit private key. It was then possible to decrypt the key using common cracking techniques.' http//www.theinquirer.net/inquirer/news/2283935/sim-card-encryption-exploit-leaves-mobile-phone-users-vulnerable-to-hacking

Importantly, the article goes on to identify possible exploits that can be caused when in possession of a decrypted key.

More on this - New SIM Card Exploit http//trewmte.blogspot.co.uk/2013/07/new-sim-card-exploit.html


   
ReplyQuote
Forum Jump:
  Previous Topic
Next Topic  
Share: