We have recently presented at USENIX WOOT '14 and BlackHat EU '14 an attack against the Linux Pseudo-Random Number Generator (PRNG) on Android.

The research began when we tried to exploit the keystore vulnerability (CVE-2014-3100) we had discovered. Exploiting this issue requires a bypass for the stack canaries protection.

The attack enables the adversary to predict the device's generated random numbers at early boot, This has severe security implications. For example, it allowed us to correctly guess the generated keystore canary in relatively high probability.

The white paper is available here.