Hacker News new | ask | show | jobs
by brookst 299 days ago
Cool. So you run a baking website. You get several hundred thousand legit logins a day, maybe ten million that you block. Maybe a hundred million these days.

Now, you have a bucket of mobile users coming to you with attestation signals saying they’ve come from secure boot, and they are using the right credentials.

And you’ve got another bucket saying they’ve are Android but with no attestation, and also using the right credentials.

You know from past experience (very expensive experience) that fraud can happen from attested devices, but it’s about 10,000 times more common from rooted devices.

Do you treat the logins the same? Real customers HATES intrusive security like captchas?

Are you understanding the tech better now? The entire problem and solution space are different from what you think they are.
2 comments
fruitworks 299 days ago
Who is responsible for fraud? If the user loses their password, that's their problem.
link
niutech 295 days ago
Banks are responsible, that's the point.
link
fruitworks 295 days ago
Perhaps the solution then would be a digital money system in which people are responsible for the security of their own funds, like cash.
link
const_cast 297 days ago
> You know from past experience (very expensive experience) that fraud can happen from attested devices, but it’s about 10,000 times more common from rooted devices.

1. I don't believe this research - measurement is hard. If we just consider using an unattested device as malicious, as we do now with the play integrity API, then you fudge the numbers.

2. Even IF the research is true, relative probability is doing the heavy lifting here.

There's still going to be more malicious attempts from attested devices than those unattested. Why? Because almost everyone is running attested devices. Duh.

Grandma isnt going to load an unsigned binary on her phones. Let's just be fucking for real for one second here.

No, she's gonna take a phone call and write a check, or get an email and go to a sketchy website and enter her login credentials and then open the investable 2FA email and then enter the code she got into the website. Guess what - you don't need a rooted device for that. You just don't.

There are extremely high effort malicious attempts, like trying to remotely rootkit someone's phone, and then low effort ones - like email spam and primitive social engineering.

You guess which ones you actually see in the wild.

Is there a real threat here? Sure. But threat modeling matters. For 99.99% of people, their threat model just does not involve unsigned binaries they manually loaded.

Why are we sacrificing everything to optimize for the 0.01%? When we havent even gotten CLOSE to optimizing the other 99.99%?

Isn't that fucking stupid? Why yes, yes it is.

link