Newsletters
News & Information for Technology Purchasers NewsFactor Sites:       NewsFactor.com     Enterprise Security Today     CRM Daily     Business Report     Sci-Tech Today  
   
Home Enterprise I.T. Cloud Computing Applications Hardware More Topics...
GET RECOGNIZED.
Let an ISACA® certification
elevate your career.

Register today and save
Best of the Best: Tech Blog Roundup
Tame your scariest paperwork. Find Out How
Home > Tech Blogs  Flag for objectionable content? Flag for Objectionable Content?
Average Rating:
Rate this article:  
Ars Technica: Serious Android crypto key theft vulnerability affects 86% of devices
2014-06-28 11:16am -07:00T Visit Ars Technica


Outtake:

Researchers have warned of a vulnerability present on an estimated 86 percent of Android phones that may allow attackers to obtain highly sensitive credentials, including cryptographic keys for some banking services and virtual private networks, and PINs or patterns used to unlock vulnerable devices.

The vulnerability resides in the Android KeyStore, a highly sensitive region of the Google-made operating system dedicated to storing cryptographic keys and similar credentials, according to an advisory published this week by IBM security researchers. By exploiting the bug, attackers can execute malicious code that leaks keys used by banking and other sensitive apps, virtual private network services, and the PIN or finger patterns used to unlock handsets. The advisory said Google has patched the stack-based buffer overflow only in version 4.4, aka KitKat, of Android. The remaining versions, which according to Google figures run 86.4 percent of devices, have no such fix.

There are several technical hurdles an attacker must overcome to successfully exploit the vulnerability. Android is fortified with modern software protections, including data execution prevention and address space layout randomization, both of which are intended to make...

Read More on Ars Technica...


  © Copyright 2014 Ars Technica. All rights reserved. If you've enjoyed this content, please visit Ars Technica to show your appreciation.

Information for Bloggers
 

Latest Blog Entries from Ars Technica:
Russia publicly joins war on Tor privacy with $111,000 bounty
Doom co-creator John Romero skeptical of virtual reality “fad”
Photos of the Moto X+1 leak, show wooden back
US Navy looks to Norway for answer to under-armed Littoral Combat Ship
Outlook grim for orbiting Russian zero-G sex geckos
Latest Tech Blogs from around the Blogosphere:
Site Rubix: Watch This Dad and Daughter Dance to Ariana Grande’s “Problem”
Digital Trends: PlayStation Optimus Prime to ‘roll out’ for Japan in 2015
Digital Trends: Absolutely insane looking McLaren P1 GTR set to intimidate Ferrari owners at Pebble Beach
Techdirt: Latest Abuse: Feds Reading Emails Between Prisoners And Their Lawyers
Slashdot: Wikipedia Blocks 'Disruptive' Edits From US Congress
Product Information and Resources for Technology You Can Use To Boost Your Business

Network Security Spotlight
Researchers Working To Fix Tor Security Exploit
Developers for the Tor privacy browser are scrambling to fix a bug revealed Monday that researchers say could allow hackers, or government surveillance agencies, to track users online.
 
Wall Street Journal Hacked Again
Hacked again. That’s the story at the Wall Street Journal this week as the newspaper reports that the computer systems housing some of its news graphics were breached. Customers not affected -- yet.
 
Dropbox for Business Beefs Up Security
Dropbox is upping its game for business users. The cloud-based storage and sharing company has rolled out new security, search and other features to boost its appeal for businesses.
 

Enterprise Hardware Spotlight
Microsoft Makes Design Central to Its Future
Over the last four years, Microsoft has doubled the number of designers it employs, putting a priority on fashioning devices that work around people's lives -- and that are attractive and cool.
 
Contrary to Report, Lenovo's Staying in Small Windows Tablets
Device maker Lenovo has clarified a report that indicated it is getting out of the small Windows tablet business -- as in the ThinkPad 8 and the 8-inch Miix 2. But the firm said it is not exiting that market.
 
Seagate Unveils Networked Drives for Small Businesses
Seagate is out with five new networked attached storage products aimed at small businesses. The drives are for companies with up to 50 workers, and range in capacity from two to 20 terabytes.
 

Navigation
NewsFactor Network
Home/Top News | Enterprise I.T. | Cloud Computing | Applications | Hardware | Mobile Tech | Big Data | Communications
World Wide Web | Network Security | Data Storage | CRM Systems | Microsoft/Windows | Apple/Mac | Linux/Open Source | Personal Tech
Press Releases
NewsFactor Network Enterprise I.T. Sites
NewsFactor Technology News | Enterprise Security Today | CRM Daily

NewsFactor Business and Innovation Sites
Sci-Tech Today | NewsFactor Business Report

NewsFactor Services
FreeNewsFeed | Free Newsletters

About NewsFactor Network | How To Contact Us | Article Reprints | Careers @ NewsFactor | Services for PR Pros | Top Tech Wire | How To Advertise

Privacy Policy | Terms of Service
© Copyright 2000-2014 NewsFactor Network. All rights reserved. Article rating technology by Blogowogo. Member of Accuserve Ad Network.