|
|
|
|
|
|
by Jonnax
2981 days ago
|
|
|
"Why disclose this at all? Why not hold onto this in order to increase the number of affected Switch consoles? Unfortunately, this bug affects a significant number of Tegra devices beyond the Switch, and beyond even the X1 included in the Switch. I can tell you, it wasn't fun to find a bug with such a broad impact; it significantly complicated the ethics involved. In the end, given the potential for a lot of bad to be done by any parties who independently discover these vulnerabilities, I thought it best to disclose this immediately and under terms that ensured that the vulnerability reached the public quickly." At the end of the day Tegra is used in a lot of places. Even cars.
If there's a risk that someone could conduct a crime through through a firmware hack then that presents an ethical dilemma. 10 years ago there were few portables that you could run your own code on. Now there's things like the GPD Win. All this homebrew stuff is a bit of fun and games at the end of the day. Calling someone a traitor because they decided to responsibly disclose a vulnerability is just childish. |
|
|
If it was a remote exploit, I'd certainly agree about the ethical dilemma, but everything I've read suggests that this requires physical access.
As for being used in cars... don't get me started on what manufacturers are doing these days to stop repairs and modifications... just search "John Deere tractor hacking" to get a taste of what I mean (some articles and good discussion here on HN too.)
Calling someone a traitor because they decided to responsibly disclose a vulnerability is just childish.
It shows they cannot be trusted, and that they support the actions of companies who want to lock out users from the devices they own.