GnuPG 2.2.20 under Termux (Android) ...
Szczepan Zalega | Nitrokey
szczepan at nitrokey.com
Mon Apr 27 15:55:09 CEST 2020
On 4/27/20 3:15 PM, Stefan Claas wrote:
> maybe interesting for some of you.
>
> I just noticed that, after installing Golang under Termux
> that Termux has also GnuPG already installed.
>
> https://ibb.co/hyG8q4Y
>
> Would people recommend using pure GnuPG on a smartphone,
> compared to a (compromised?) PC?
>
> I ask, because I have not read yet what attacks (remotely)
> are possible with smartphones, to obtain the secret keys.
>
> Any pointers to articles would be very welcome!
>
Hi!
I would not keep the secrets on the mobile, but rather offload the
computation to a simple device and communicate via USB/NFC. Reason is
that this is a complicated communication device, which has a big attack
surface.
Here is a fresh remote code exploitation done over Bluetooth for Android
8/9 [1]. Fix was released in February 2020 as far as I see.
In the past there were some issues with the WiFi as well AFAIR.
[1]
https://insinuator.net/2020/04/cve-2020-0022-an-android-8-0-9-0-bluetooth-zero-click-rce-bluefrag/
--
Best regards,
Szczepan
More information about the Gnupg-users
mailing list