Popular crypto app uses single-byte XOR and nowt else, hacker says

Found on The Register on Tuesday, 07 April 2015

The hacker, using the alias NinjaDoge24, analyzed the NQ Vault app, which supposedly encrypts files on smartphones and other gadgets. Ninja claims the software uses only XOR (exclusive or) and a single-byte key to scramble the first 128 bytes of a .PNG test subject.

Independent security bod Wade Alcorn (@WadeAlcorn) says the findings render the app insecure. "The research suggests that the NQ’s Vault software attempts to only encrypt the first 128 bytes leaving the remainder of the file in the clear. If this is the case it should not be considered a mechanism to protect data," Alcorn said.

Even worse, that app received numerous positive reviews from well known websites, what underlines that those reviews are not worth the pixels on your screen. If you review an encryption software, hire someone who can really analyze it, instead of some typewriter monkey who believes anything the company behind the product says.

Browse all articles« Previous « » Next »