|
|
|
|
|
|
by tpxl
2057 days ago
|
|
|
>That integrity might be checked It might also be broken and they don't care for you and you're screwed. Also, as was shown many a time, the manufacturer will prevent you from doing whatever you please with your own hardware, if you chose to do so. In that case, their integrity is broken by design. |
|
|
That hardware is not "your own". It is deployed to facilitate and protect a transaction between you and someone else.
The certainly exists a possibility that the manufacturer of those devices doesn't care about protecting them, with the result that you the user get over-charged, have your card details stolen etc.
But it's hard to see how making it easy for "anyone" to modify the software on those kinds of devices in an unconstrained way doesn't pose strictly greater risks of the above kind to you the user (being over-charged etc).
Surely you would rather have to trust just a few entities in control of the device, who have some kind of quality control legal obligation through the usual network of contracts and liabilities, than trust the 100s of entities that have had some contact at some point with the device, any of whom could have modified the software on it?
Any ideas on how to solve this problem which don't involve trusted roots?