Good point, will hold off on talking about pinning to in-order efficiency cores as a potential mitigation until there's a diverse set of approaches to exploiting the issues to test against the in-order execution cores. May or may not pan out as useful.https://twitter.com/d0k/status/949311943675924481 …
I'd love that. I care about remote vectors, dragnet, etc. not targeted physical attacks.
-
-
Verified boot is really primarily a mitigation against privileged persistence. The encryption on Pixels protects inactive user profiles against an attacker with root access because it's per-profile encryption so it has some use for non-physical threat models too depending on use.
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
The price for devices with strong physical defenses actually makes them unsuitable for that purpose IMO - they're too expensive to throw away when potentially compromised.
-
Unfortunately, there are very few cheap devices with proper security updates and reasonable firmware security. Android One is almost providing what the Nexus line used to provide but it's just not quite there.
-
In theory, it's supposed to be a more diverse Nexus line with even cheaper options. In reality, they're not providing the same level of security / support and they're not making it as easy to make proper production builds by making available everything that they use for theirs.
-
For example, it SEEMS like the Android One kernels are in AOSP, but it's likely there are device-specific modifications and configuration and it's not clear where that would be along with factory images for the devices and whatever else is needed to do proper builds for them.
-
Not interested in hacking together support. It needs to be on par with their production releases, which is hard enough for Nexus / Pixel phones... Hoping that Android One is both going to expand and improve because there's little other hope for mobile security for the masses.
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.