I don't think this comment is an accurate assessment of what makes or breaks security.
To address specific points:
> Cellphones -all of them- use binary closed blobs to manage device drivers ... not completely free of closed blobs, hence not secure.
Closed source software can be secure. Whether there are binary blobs or not is not really relevant.
> So what's the problem with (closed) device drivers? Well, they run all the time, they run at maximum privileges (higher than root) and they cannot be audited ...
Modern phones have baseband/AP separation; closed source components are often running more like a peripheral on good phones.
For any of those components to exfiltrate the data it would have to somehow get access to the network, persistently store it, or use some other side-channel... Yeah, I'm sure those tiny bluetooth chips can do all that over the limited peripheral interface they use to communicate with the kernel.
> So, how did the police decrypt that traffic? I can only speculate that they confiscated one of these devices, then built a bugged driver for some vital devices within it, then got to the manufacturer and forced them to inject that tampered driver as an online update for that given model of phone, possibly installing only if some conditions were verified to be sure it was one of the targets.
Absolutely ridiculous. Why would you spend the work to create a malicious driver when you could just update the app code itself if you can push updates to the phones?
There's no reason anyone would use malicious drivers when they could use malicious application code; the latter is a darn sight easier to manage.
The most likely scenario, however, is that there was a bug in the cryptography that assumed the servers to be trusted or assumed some specific key had authority to mint new keys (e.g. a trusted CA that the police got the private key to).
Your post is a rant against closed-source driver blobs, when the reality is they're a difficult to exploit vector, at best.
I would like to direct you to tptacek's comment on the Librem5 [0] where he indicates that he, a security professional, believes the iPhone to be the most secure because of the level of auditing and security work they've put into it.
> ... there is not a single piece of computer hardware in the world one can safely assume to be secure ...
Thanks are not either 'secure or not'. They are secure against something.
Security is a continuum. An iPhone (with secure enclave, good disk encryption) is more secure than my laptop, which in turn is probably more secure than the average wordpress server.
I fully believe that my iPhone will withstand even motivated attackers with physical access. I don't think my laptop will. I don't know how it would fare against a nation-state specifically targetting me, but I don't really have to worry about that.
[0]: https://news.ycombinator.com/item?id=17913148
from Hacker News - New Comments: "WordPress" https://ift.tt/2Oy06fo
via IFTTT
No comments:
Post a Comment