Category: keys

Auto Added by WPeMatico

Compromising the Secure Boot Process

Posted on By infossl
cryptography, encryption, keys, passwords, Security technology, supply chain, Uncategorized, vulnerabilities

This isn’t good: On Thursday, researchers from security firm Binarly revealed that Secure Boot is completely compromised on more than 200 device models sold by Acer, Dell, Gigabyte, Intel, and Supermicro. The cause: a cryptographic key underpinning Secure Boot on those models that was compromised in 2022. In a public GitHub repository committed in December … Read More “Compromising the Secure Boot Process” »

Recovering Public Keys from Signatures

Posted on By infossl
anonymity, cryptanalysis, keys, Security technology, signatures, Uncategorized

Interesting summary of various ways to derive the public key from digitally signed files. Normally, with a signature scheme, you have the public key and want to know whether a given signature is valid. But what if we instead have a message and a signature, assume the signature is valid, and want to know which … Read More “Recovering Public Keys from Signatures” »

Microsoft Signing Key Stolen by Chinese

Posted on By infossl
authentication, backdoors, china, cybersecurity, hacking, keys, microsoft, Security technology, Uncategorized

A bunch of networks, including US Government networks, have been hacked by the Chinese. The hackers used forged authentication tokens to access user email, using a stolen Microsoft Azure account consumer signing key. Congress wants answers. The phrase “negligent security practices” is being tossed about—and with good reason. Master signing keys are not supposed to … Read More “Microsoft Signing Key Stolen by Chinese” »

Leaked Signing Keys Are Being Used to Sign Malware

Posted on By infossl
android, keys, leaks, malware, Security technology, Uncategorized

A bunch of Android OEM signing keys have been leaked or stolen, and they are actively being used to sign malware. Łukasz Siewierski, a member of Google’s Android Security Team, has a post on the Android Partner Vulnerability Initiative (AVPI) issue tracker detailing leaked platform certificate keys that are actively being used to sign malware. … Read More “Leaked Signing Keys Are Being Used to Sign Malware” »

Hacking Automobile Keyless Entry Systems

Posted on By infossl
cars, hacking, keys, law enforcement, Security technology, theft, Uncategorized

Suspected members of a European car-theft ring have been arrested: The criminals targeted vehicles with keyless entry and start systems, exploiting the technology to get into the car and drive away. As a result of a coordinated action carried out on 10 October in the three countries involved, 31 suspects were arrested. A total of … Read More “Hacking Automobile Keyless Entry Systems” »

Relay Attack against Teslas

Posted on By infossl
cars, hacking, keys, Security technology, Uncategorized, vulnerabilities

Nice work: Radio relay attacks are technically complicated to execute, but conceptually easy to understand: attackers simply extend the range of your existing key using what is essentially a high-tech walkie-talkie. One thief stands near you while you’re in the grocery store, intercepting your key’s transmitted signal with a radio transceiver. Another stands near your … Read More “Relay Attack against Teslas” »

Hyundai Uses Example Keys for Encryption System

Posted on By infossl
aes, cars, encryption, keys, Security technology, Uncategorized

This is a dumb crypto mistake I had not previously encountered: A developer says it was possible to run their own software on the car infotainment hardware after discovering the vehicle’s manufacturer had secured its system using keys that were not only publicly known but had been lifted from programming examples. […] “Turns out the … Read More “Hyundai Uses Example Keys for Encryption System” »