On 4/27/20 3:15 PM, Stefan Claas wrote: > maybe interesting for some of you. > > I just noticed that, after installing Golang under Termux > that Termux has also GnuPG already installed. > > https://ibb.co/hyG8q4Y > > Would people recommend using pure GnuPG on a smartphone, > compared to a (compromised?) PC? > > I ask, because I have not read yet what attacks (remotely) > are possible with smartphones, to obtain the secret keys. > > Any pointers to articles would be very welcome! >
Hi! I would not keep the secrets on the mobile, but rather offload the computation to a simple device and communicate via USB/NFC. Reason is that this is a complicated communication device, which has a big attack surface. Here is a fresh remote code exploitation done over Bluetooth for Android 8/9 [1]. Fix was released in February 2020 as far as I see. In the past there were some issues with the WiFi as well AFAIR. [1] https://insinuator.net/2020/04/cve-2020-0022-an-android-8-0-9-0-bluetooth-zero-click-rce-bluefrag/ -- Best regards, Szczepan _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
