Hacker News new | ask | show | jobs
by tritium 3029 days ago
Beside the fact that you should be concerned about whether the controlling company goes out of business, or sells your data, here stands yet another reason to never trust devices that require an internet connection to activate in the first place, or phone home periodically to remain active.

This includes phones, cars, self-driving cars, watches, farm equipment, computing devices and anything marketed as an IoT appliance.

One glitch, as minor as an improper system time, and you’re dead in the water.
1 comments
imtringued 3029 days ago
The problem here is that kernel drivers have to be signed and drivers will stop working if the signature expires because the vendor didn't use a time stamp server during the signing process. The drivers were clearly indended to keep working so I assume this happened by accident.

The big question is why on earth can drivers that have been verified and are already installed in your system can suddenly stop working? If this mechanism is intended to protect against malware disguised as drivers then it's already too late. The malware had several years to exploit your system.

Expiration after installation simply doesn't make sense for code signing. The signed executable won't change unlike a website. The driver is always going to have the same file hash, forever.

link
tritium 3029 days ago
Expiration after installation makes sense from the perspective of planned obsolescence, and in anticipation of long-term-support sunsets.

It makes absolutely no sense to the end user, acting as possessor or potentially a reseller of an object, since the very premise implies that an owner should not be provided total control over their device, that it's never really "theirs", and that a vendor should retain the capacity to take a "sold good" away from the owner, under the guise of expected behavior, built as designed, effectively converting a sale into a rental, in time, perhaps after statutes expire.

It's effectively a back door for manufacturers, so that they can count on well-made products not lasting forever, not in museums, not for resale, not for nostalgia.

link