[HN Gopher] Android platform signing key compromised
       ___________________________________________________________________
        
       Android platform signing key compromised
        
       Author : arkadiyt
       Score  : 98 points
       Date   : 2022-12-01 22:35 UTC (24 minutes ago)
        
 (HTM) web link (bugs.chromium.org)
 (TXT) w3m dump (bugs.chromium.org)
        
       | remram wrote:
       | So this was disclosed November 11 (edit: or maybe May 13 as per
       | green text?) and became public yesterday November 30. Leaves
       | little time for Android devices to get the new key no?
        
         | themoonisachees wrote:
         | If may 13 which would make more sense then there have been
         | several android security patches since. Devices no longer
         | supported are toast though
        
       | Denvercoder9 wrote:
       | What's the blast radius of this? Are only specific models of
       | phones affected (if so, which?), or does this impact entire
       | brands or the whole ecosystem?
        
       | arciini wrote:
       | This thread leaves a lot of unanswered questions:
       | 
       | 1. This was likely mitigated through a device update. What
       | version did it roll out with? Which devices are still unpatched?
       | 
       | 2. How was it compromised? Was it an OEM? An internal leak at
       | Google?
       | 
       | 3. What is the attack vector? It sounds like it was likely side-
       | loading apps used by some attacker, but did any of these make it
       | onto the Play Store?
        
       | gjsman-1000 wrote:
       | I had speculated for a while that Secure Boot, Widevine, Trusted
       | Computing, all of it seems like they have some pretty serious
       | central points of failure. So much so, that it would be a modern
       | heist of the century if they were stolen.
       | 
       | If someone (for example) got Apple's iOS signing key and Apple's
       | HTTPS certificate, Apple could suffer catastrophic damage. If
       | someone got the PlayStation 5 signing key or the Xbox One signing
       | key, catastrophic damage there. In a way, it's a beautiful,
       | super-secure house... built on a single ludicrously powerful
       | point of failure. Good thing we don't have any corrupt government
       | agencies who might want to bribe someone for keys... yet...
       | hopefully...
       | 
       | This is actually something I would fear for the future. There
       | have been countless physical heists - most recently in Antwerp,
       | Belgium, where over $100 million in diamonds were stolen in 2003.
       | We haven't had a major signing key stolen yet, but there's always
       | that first day... if you can't keep $100M in diamonds safe, can
       | you really be sure that you can keep a hardware signing key safe
       | forever?
        
         | bombcar wrote:
         | And you _know_ nobody actually has their high-value signing key
         | protected by a series of complex offline vaults and checks and
         | balances like you 'd see in Ocean's 11 - at best it's on the
         | other side of a room on an air gapped computer.
        
       | RjQoLCOSwiIKfpm wrote:
       | Is this like Google's central "root key"? Or does each Android OS
       | distributor, e.g. Samsung, LineageOS, etc., have their own
       | certificate?
        
       | dtx1 wrote:
       | If I understand this correctly this is an orbital nuke on android
       | security.
        
         | gryf wrote:
         | I think it's more an orbital dung beetle.
        
       | miohtama wrote:
       | Why this is Chromium issue tracker?
       | 
       | Or is the same tracker used across all Google projects?
        
       ___________________________________________________________________
       (page generated 2022-12-01 23:00 UTC)