The issue itself is fairly easy to describe, Meta found that of 14 reputable brands seven had releases where one or more preinstalled APEX modules (privileged OS code) were signed using only the test keys that are publicly available in the Android Open Source Project (AOSP) repository.
This is a great crypto issue that I think anyone could hunt for, it has to do with seeding of random number generators.Generally speaking in many systems if you know the seed you can break/predict the values that will come from the random number generator...
Just a somewhat common and vulnerable use a cryptography.The `signature` of a firmware was not truly a signature but a hash of the content + a secret key, as the binary code that verifies the firmware is present on the device the "secret" key used is not kept secret and one could create their own firmware that would pass the signature check but contain arbitrary content...
Not making encrypted blobs tamper-proof is a pretty classic crypto issue that lead to an arbitrary file-upload and code execution vulnerability in ShareFile. The file upload functionality of ShareFile took a few natural arguments: a `filename`, an `uploadid` and a `parentid`...
Some malformed hashes will "validate" with any value compared using `password_verify`. This is due to an old hack in PHP's Blowfish implementation where a malformed hash with a `$` character in the salt segment result in an early `break` and bad following logic.