|
|
|
|
|
|
by wyldfire
3597 days ago
|
|
|
> “Aren’t those the people who break into computers?”
>
> “Yes—also phones, cars, airplanes, and human bodies.”
>
> “I thought that stuff was illegal.”
While I think they're truly innovative and inevitable, the advent of "secure CPUs" [1] over the last decade or two will eventually become the norm. And once they do -- lookout, brother. The woman who was having this conversation scoffs at how Def Con can even take place if the subject matter is what she thinks it is. In a short time, the computer attacks which cause embarrassing leaks and expensive losses will add up to legislators deciding something must be done. At that time, the number of us who will still like and prefer to be able to run whatever code on whatever processor we care to will be so small that it won't matter.[1] by "secure CPUs" I'm referring to ones that support signed bootloaders, facilitating good things like more-difficult-to-pwn-by-attackers and bad things like DRM and limiting code to proprietary walled garden app stores. |
|
|
Consider all the phone "OSes" (aka ROMs) you can install on phones with locked boot loaders that just replace a few binaries/files here and there in an existing OS to change how it works/feels. The maker of said ROMs may not have the ability to replace the kernel but any vulnerability in said kernel will allow them to replace everything else which is precisely where userland security lives.
So the hardware may be "secure" from the perspective of the manufacturer but not from the perspective of the user. They can still be pwned.