Conversation

This especially affects used phones. How does a non-technical buyer know whether it is pre-rooted/jailbroken or not?

Quote Tweet

Jan 24, 2019

The 'returned product attack' here - buy, replace the firmware, return and hope someone else buys it - is a real-world evil maid attack, and speaks very much to why we need secure boot on IoT systems. Supply chain security is more complex that 'just' up to FOB delivery. twitter.com/CANcrypt/statu…

Replying to

Thought about doing this as a research project many many years ago, but decided it didn't have research value and would likely be a lot of trouble to actually do. This was after buying heaps of used Android phones on eBay and finding all kinds of things on them.

Replying to

and

attestation.app/about is able to check for that kind of tampering. If it's a sophisticated attack, they could have a verified boot bypass via an exploit triggered during the verification process on boot, but attestation can detect the device isn't updated if it's only OS level.

2:26 PM · Jan 24, 2019Twitter Web Client

Replying to

and

If they break verified boot at the firmware level before the OS, it won't be able to catch anything. It's also designed around pairing and an initial verification is a lot easier to bypass due to relying on a chain of trust to a trusted root. Not really what it's meant to handle.

Replying to

and

Nice new domain for this (or at least, new to me)! Would be great to see some iOS support for this kind of thing also.

Replying to

and

The ideal case would be for sending a phone through the mail, where the person sending it sets up pairing with the person receiving it before sending it. That gives it the full strength it's meant to have and something similar could be done for iOS with hardware-backed keys.

Show replies