Conversation

Lance R. Vick ( @lrvick@mastodon.social )

@lrvick

·

Sep 11, 2020

@DanielMicay

dropping CCs at request Anyway, all said I agree with you. But the concerns you mention here are also true of Android devices. I would rather have physically replaceable radio modules and then work on reveng or memory isolating the drivers. https://twitter.com/DanielMicay/status/1304466320487047174?s=20…

This Tweet is unavailable.

1

1

Daniel Micay

@DanielMicay

Replying to

@lrvick

Big difference between a device with components that are strongly hardened, highly audited and have good ongoing security support vs. the complete opposite. Also, portraying it backwards by misinterpreting how DMA / IOMMUs work is just wrong.

5:16 PM · Sep 11, 2020·Twitter Web App

Lance R. Vick ( @lrvick@mastodon.social )

@lrvick

·

Sep 11, 2020

Replying to

@DanielMicay

You can't claim hardware is secure you can't see the firmware for. Tomorrow's update could be hostile. You present a fair argument though. We either design to distrust the radios, or we might as well blindly trust their updates. I am convinced here.

2

2

Daniel Micay

@DanielMicay

·

Sep 11, 2020

Replying to

@lrvick

Devices you're talking about have entirely closed source hardware and firmware. If you choose components that are known to be insecure and also don't apply fixes to known security vulnerabilities, backdoors are a non-issue, because you have the front door wide open to attackers.

2

Show replies