> Google has attempted to patch Pixnapping by limiting the number of activities an app can invoke blur on. However, we discovered a workaround to make Pixnapping work despite this patch. The workaround is still under embargo.
Great, google's security policy ending up being a zeroday. Exactly as denied and exactly as predicted by the community.
I'm confused. They're saying that the original patch was incomplete and that they believe they've re-broken it, but that they aren't publishing the updated attack because the report is embargoed (presumably to update the fix).
What is the security policy you'd like to see here? If the researchers were to publish the updated attack before mitigation then that WOULD be a zero day!
The embargo refers to Google's update policy since a couple months ago, which means that for three months, updates are on-hold and only shared with "selected vendors" and not the public.
Essentially the dumping strategy of open source that Apple has been doing for years.
Read the LineageOS blog article for more details on why stripping history and publishing only a tarball might be seen as the most stupid development practice ever.
Yeah, that's not the sense of "embargo" used in the text you quoted. I think you're arguing about something else. AOSP not getting prompt security patches is indeed a problem, but it's not relevant here. Per the article there is no fix for the updated attack.
> Yeah, that's not the sense of "embargo" used in the text you quoted. I think you're arguing about something else. AOSP not getting prompt security patches is indeed a problem, but it's not relevant here. Per the article there is no fix for the updated attack.
I'm not sure you are aware that the embargo references an NDA that you have to sign in order to get the updated sources/patches before the 3-months delay until it is released to the public.
Then guess what an NDA has to do with the condition of "being allowed" or "not being allowed" to publicly disclose a security bug that you've found.
This really needs to be the link. The article is phrased as if this was a zero day exploiting some kind of 2FA bug, but the actual meat is that it's a novel and really interesting new kind of attack vector (albeit not a particularly practical one) that no one had thought about before.
Yes, but "side channel attack" isn't much of a description, is it? You can't just declare "I make a side channel attack!"[1], you need to invent one.
In this case it turns out that the hardware rendering of the zoom animation in the blur effect of stacked activities on the screen left crumbs that can be detected in the alien context. I certainly didn't know that. Did you know that? I don't think anyone knew that! It's "novel".
