Conversation

Headphone software made by Sennheiser has been installing a root certificate, plus the private key, onto people's computers: secorvo.de/publikationen/ Like Superfish, anyone can use this key, which is the same on all installations, to forge certificates and impersonate websites.

2,298

2,256

Replying to

and

Is the use case similar to Google‘s ADB driver installer: news.ycombinator.com/item?id=156145 They solve the driver signing problem by generating a key pair, installing the pubkic part, signing the driver and deleting the private key.

Replying to

and

Clarification: that's not Google's driver installer. It's a third party: github.com/koush/Universa.

github.com

GitHub - koush/UniversalAdbDriver: One size fits all Windows Drivers for Android Debug Bridge.

One size fits all Windows Drivers for Android Debug Bridge. - GitHub - koush/UniversalAdbDriver: One size fits all Windows Drivers for Android Debug Bridge.

1:17 PM · Nov 28, 2018Twitter Web Client

Likes