[Cryptography] Statement from Attorney General William P. Barr on Introduction of Lawful Access Bill in Senate
Peter Gutmann
pgut001 at cs.auckland.ac.nz
Wed Jul 8 06:20:22 EDT 2020
Sid Spry <sid at aeam.us> writes:
>However in the Asian markets you can find chipsets doing things they were
>never advertised to do, implying some local companies have the signing keys
>and are reprogramming the chipsets.
Or they're using one of the neverending catalogue of vulns in the security
systems of the chipsets or the vendors' implementation to bypass any security
on them. For example are you using any NXP (i.MX) ARM SoC manufactured before
mid-to-late 2017? It's vulnerable to remote compromise via its secure boot
capability, see "ERR010973 ROM: Secure boot vulnerability when authenticating
a certificate". And since it's a boot ROM problem there's no fix for it.
Yup, the "security" feature on the device is what makes it vulnerable to an
OTA compromise.
Peter.
More information about the cryptography
mailing list