I hereby claim:
- I am FlatL1neAPT on github.
- I am underground (https://keybase.io/underground) on keybase.
- I have a public key whose fingerprint is 0875 D092 F495 5239 6070 0D70 148E 43C4 C8E4 8E2E
To claim this, I am signing this object:
> [Description] | |
> ** DISPUTED ** An issue was discovered in the org.telegram.messenger | |
> application 4.8.11 for Android. The FingerprintManager class for | |
> Biometric validation allows authentication bypass through the callback | |
> method from onAuthenticationFailed to onAuthenticationSucceeded with | |
> null, because the fingerprint API in conjunction with the | |
> Android keyGenerator class is not implemented. In other words, an | |
> attacker could authenticate with an arbitrary fingerprint. NOTE: the | |
> vendor indicates that this is not an attack of interest within the | |
> context of their threat model, which excludes Android devices on which |
I hereby claim:
To claim this, I am signing this object: