|
|
|
|
|
|
by jlokier
2056 days ago
|
|
|
That's all true, but the context here is things like payment terminals, ticket machines and energy charging meters, and whether it makes sense for third parties to easily modify the software running on them. That hardware is not "your own". It is deployed to facilitate and protect a transaction between you and someone else. The certainly exists a possibility that the manufacturer of those devices doesn't care about protecting them, with the result that you the user get over-charged, have your card details stolen etc. But it's hard to see how making it easy for "anyone" to modify the software on those kinds of devices in an unconstrained way doesn't pose strictly greater risks of the above kind to you the user (being over-charged etc). Surely you would rather have to trust just a few entities in control of the device, who have some kind of quality control legal obligation through the usual network of contracts and liabilities, than trust the 100s of entities that have had some contact at some point with the device, any of whom could have modified the software on it? Any ideas on how to solve this problem which don't involve trusted roots? |
|
|