masterkey
Latest
TSA inadvertently shows the dangers of master baggage keys
Security researchers have long warned of the dangers of using master-keyed locks -- if thieves get their hands on just one key, they compromise all of the compatible locks at the same time. And unfortunately, the US' Transportation Security Administration is learning this lesson the hard way. It briefly let the Washington Post show a photo (we've blurred the details) of the master baggage keys it uses for approved locks, giving crooks a crude guide to making duplicates. And you can't just switch to a non-standard lock to get around this, since TSA agents will rip it off if they catch it during an inspection.
First real world 'master key' exploit discovered sneaking malware into Android apps
Two apps have been discovered on unofficial marketplaces in China that might just be the first in-the-wild exploits of the massive bug found by Bluebox two weeks ago. The so-called "master key" vulnerability, or a least an extremely close relative of it, was the point of entry for malware in these two apps, which now carry code that allows an attacker to remotely hijack a device, harvest sensitive data and even disable a number of mobile security suites. The concern here, is that this particular security hole allowed these alterations to be made without invalidating the apps' digital signatures. So, the malware was able to sneak through filters, hidden as a Trojan Horse inside pieces of legitimate software. Google has already patched the vulnerability, preventing compromised apps from slipping in to the official Play store. Additional updates addressing the flaw have been issued to carriers and manufacturers, but we all know it could be quite sometime before everyone applies the patches to their products.
Confirmed: Intel says HDCP 'master key' crack is real
It's been just a few days since we broke news of the HDCP master key crack -- a rogue unlocking of the code that keeps HD content under strict control. Now Intel has independently confirmed to both Fox News and CNET that the code is indeed the genuine article. According to company spokesman Tom Waldrop, "It does appear to be a master key," adding that "What we have confirmed through testing is that you can derive keys for devices from this published material that do work with the keys produced by our security technology... this circumvention does appear to work." Coming from the company that developed and propagated the protocol, that's about as clear as you can get. If Intel is worried about the potential damage to copyrighted material and a new flood of super high-quality pirated material, however, the company certainly isn't showing it. "For someone to use this information to unlock anything, they would have to implement it in silicon -- make a computer chip," Waldrop told Fox News, and that chip would have to live on a dedicated piece of hardware -- something Intel doesn't think is likely to happen in any substantial way. Of course, like any major corporation, Intel seems prepared to duke things out in the legal arena should any super-rich hackers decide to do the unthinkable. So, to the Batcave then?
HDCP 'master key' supposedly released, unlocks HDTV copy protection permanently
(function() { var s = document.createElement('SCRIPT'), s1 = document.getElementsByTagName('SCRIPT')[0]; s.type = 'text/javascript'; s.async = true; s.src = 'http://widgets.digg.com/buttons.js'; s1.parentNode.insertBefore(s, s1); })(); Digg Just as the MPAA is preparing to offer movies to customers at home while they're still in theaters by limiting playback to DRM-protected digital outputs only, the HDCP protocol they rely on may have been cracked wide open. All devices that support HDCP, like Blu-ray players, set-top boxes and displays with HDMI inputs, have their own set of keys to encrypt and decrypt protected data and if keys for a particular device are compromised, they can be revoked by content released in the future which will then refuse to play. Now, posts have been floating around on Twitter about a supposed "master key" which renders that protection unusable since it allows anyone to create their own source and sink keys. Who discovered this and by what technique isn't immediately clear, but as early as 2001 security researcher Niels Ferguson proposed that it could be easily revealed by knowing the keys of less than 50 different devices. Hardware HDCP rippers like the HDfury2 and DVIMAGIC have been around for a while and various AACS cracks easily allow rips of Blu-ray discs but if this information is what it claims to be, then the DRM genie could be permanently out of the bag allowing perfect high definition copies of anything as long as the current connector standards are around. While it's unlikely your average user would flash their capture device with a brand new key and get to copying uncompressed HD audio and video, keeping those early releases off of the torrents in bit perfect quality could go from difficult to impossible.
