• chevron_right

      Samsung Encryption Flaw

      Bruce Schneier · news.movim.eu / Schneier · Wednesday, 2 March, 2022 - 20:45 · 1 minute

    Researchers have found a major encryption flaw in 100 million Samsung Galaxy phones.

    From the abstract:

    In this work, we expose the cryptographic design and implementation of Android’s Hardware-Backed Keystore in Samsung’s Galaxy S8, S9, S10, S20, and S21 flagship devices. We reversed-engineered and provide a detailed description of the cryptographic design and code structure, and we unveil severe design flaws. We present an IV reuse attack on AES-GCM that allows an attacker to extract hardware-protected key material, and a downgrade attack that makes even the latest Samsung devices vulnerable to the IV reuse attack. We demonstrate working key extraction attacks on the latest devices. We also show the implications of our attacks on two higher-level cryptographic protocols between the TrustZone and a remote server: we demonstrate a working FIDO2 WebAuthn login bypass and a compromise of Google’s Secure Key Import.

    Here are the details:

    As we discussed in Section 3, the wrapping key used to encrypt the key blobs (HDK) is derived using a salt value computed by the Keymaster TA. In v15 and v20-s9 blobs, the salt is a deterministic function that depends only on the application ID and application data (and constant strings), which the Normal World client fully controls. This means that for a given application, all key blobs will be encrypted using the same key. As the blobs are encrypted in AES-GCM mode-of-operation, the security of the resulting encryption scheme depends on its IV values never being reused.

    Gadzooks. That’s a really embarrassing mistake. GSM needs a new nonce for every encryption. Samsung took a secure cipher mode and implemented it insecurely.

    News article .

    • chevron_right

      Mathias Poujol-Rost ✅ · Saturday, 4 December, 2021 - 14:16

      Contact publication

    Dans les smartphones des collégiens

    • Dans les smartphones des collégiens

      Scènes de torture, débats enflammés sur le blasphème, obsession pour la répression de la minorité ouïghoure en Chine : en passant presque trois mois avec des collégiens français, je ne pensais pas découvrir de telles choses dans leurs smartphones sur leurs pratiques informationnelles. Et être si loin d’eux.

    • chevron_right

      Mathias Poujol-Rost ✅ · Thursday, 18 November, 2021 - 10:25 edit

      Contact publication

    FairTEC (@fairtecEU@mastodon.social)

    • FairTEC (@fairtecEU@mastodon.social)

      Who are the different organisations that make FairTEC? The fact is, the longer you keep your smartphone, the smaller it's environmental footprint. Fairphone is challenging the industry by creating smartphones that are sustainable, ethical and built to last. Fairphone is a proud FairTEC member. Find their offering at www.fairtec.io #partofFairTEC Discover more: https://bit.ly/2LrI82r

    • chevron_right

      Google Pixel 6 leak shows off distinctive new design

      Ron Amadeo · news.movim.eu / ArsTechnica · Friday, 14 May, 2021 - 16:37

    • Renders of the Pixel 6. Get a load of that camera bar. [credit: Jon Prosser ]

    The Pixel 6 promises to be a landmark device for Google, as it is expected to mark the debut of the Google-developed "Whitechapel" SoC , instead of the Qualcomm chips the search giant has shipped in all of its previous devices. To go along with the revamped insides, it appears the outside is seeing some major design changes, too—if the newest leak is to be believed.

    This first look at the Pixel 6 design comes to us from YouTuber Jon Prosser. Prosser claims he was sent live, hands-on images of the device, and while he isn't sharing the actual images, he teamed up with a render artist to depict the device based on those images.

    Prosser's track record when it comes to Google leaks is not the greatest. Just last month he claimed the Pixel 5a was " canceled ," but that assertion was publicly shot down by Google. This leak has a bit more believability to it, as it was also backed up by Android Police's Max Weinbach, though he says the colors aren't accurate.

    Read 3 remaining paragraphs | Comments

    index?i=zEsybd4cukU:xQmyz7AeXIQ:V_sGLiPBpWUindex?i=zEsybd4cukU:xQmyz7AeXIQ:F7zBnMyn0Loindex?d=qj6IDK7rITsindex?d=yIl2AUoC8zA
    • chevron_right

      Apple invests $45 million more in Gorilla Glass-maker Corning

      Samuel Axon · news.movim.eu / ArsTechnica · Monday, 10 May, 2021 - 21:19

    • Corning's glass products, close up. [credit: Apple ]

    Apple has invested an additional $45 million in US-based Corning Incorporated, the maker of Gorilla Glass, the companies announced today.

    A news release from Apple says the investment will help "expand Corning's manufacturing capacity in the US" and "drive research and development into innovative new technologies that support durability and long-lasting product life."

    The investment will come out of Apple's $5 billion Advanced Manufacturing Fund, which was established in 2017 to invest in manufacturing jobs and infrastructure in the United States related to Apple's products like the iPhone.

    Read 6 remaining paragraphs | Comments

    index?i=AoRCZN_nXGU:MeqZKpGddvk:V_sGLiPBpWUindex?i=AoRCZN_nXGU:MeqZKpGddvk:F7zBnMyn0Loindex?d=qj6IDK7rITsindex?d=yIl2AUoC8zA