lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <CALdcr8fTupM=ZtFLQh2fnQ26_thTE9b6Zm6-L0S_5Nu_rvBJPQ@mail.gmail.com>
Date: Fri, 16 Oct 2020 13:46:48 -0400
From: Michael Lazin <microlaser@...il.com>
To: Pedro Cunha <pedroagracio@...il.com>
Cc: certbund@....bund.de, "Enrico Weigelt, metux IT consult" <lkml@...ux.net>,
 fulldisclosure@...lists.org
Subject: Re: [FD] Google's Android: remote install backdoor in Google Play
	Services

I do see the point and even though it is not a deliberate back door the end
result is if your google account is compromised and an attacker wants to be
sneaky they could push software to your android device without
your permission.   Given the history of malware found in the play store I
would recommend making a feature request to google to notify you if someone
pushes software from the web from a previously unknown IP.  If you don't
want to do this I would be happy to and would of course credit you for your
find.

On Fri, Oct 16, 2020, 1:21 PM Pedro Cunha <pedroagracio@...il.com> wrote:

> I don't see how this is an "on-purpose backdoor". As far as I know, this
> feature is used so you can install Android apps on your phone via the web
> interface on another device (like a desktop) logged into the same Google
> account, via the Play Store.
>

_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/

Powered by blists - more mailing lists