That would be one way, sure. I mean, an attacker could get themselves the firmware blob the FBI wanted by only compromising infrastructure that exists today.
I was thinking of the San Bernardino case, physical access to device, need to defeat FDE. I think it's a good argument that infra to handle escrow is difficult and error prone... but it's a good counter that similar infra already exists, so not a *huge* increase in attack surface
-
-
Disagree. It’s massive difference in attack surface.
-
Yep, I guess we do disagree on this. I don't see a significant difference in attack surface to build and package signing infra, which already regularly gets popped and that's good enough to defeat FDE today. Where do you see the difference?
- 24 more replies
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.