Conversation

Daniel Micay
@DanielMicay
Replying to
@lrvick
Big difference between a device with components that are strongly hardened, highly audited and have good ongoing security support vs. the complete opposite. Also, portraying it backwards by misinterpreting how DMA / IOMMUs work is just wrong.
1
Daniel Micay
@DanielMicay
Replying to
@lrvick
Devices you're talking about have entirely closed source hardware and firmware. If you choose components that are known to be insecure and also don't apply fixes to known security vulnerabilities, backdoors are a non-issue, because you have the front door wide open to attackers.
Twitter Web App
Daniel Micay
@DanielMicay
Replying to
@DanielMicay
and
@lrvick
You're also once again misrepresenting closed source software as a black box. It isn't, and in fact, if you're looking for malicious, hidden backdoors, I do not really see how you're any better off trying to find them hidden in source code vs. from the final assembly code.
2
Daniel Micay
@DanielMicay
Replying to
@DanielMicay
and
@lrvick
There is a whole compilation pipeline leading to that assembly code and all of the fancy language / compiler features, etc. are tools for the attacker to hide / generate their backdoor. Also, really, when it's full of unintentional vulnerabilities, how is any of this relevant?
1
Show replies
Daniel Micay
@DanielMicay
Replying to
@lrvick
So how does it help to use an SoC platform with far worse security and isolation, and then ship it in a way that's not set up in a proper way for production and is a massive step backwards from the mainstream status quo? I don't get it.
1
Show replies