[HN Gopher] Android platform signing key compromised ___________________________________________________________________ Android platform signing key compromised Author : arkadiyt Score : 98 points Date : 2022-12-01 22:35 UTC (24 minutes ago) (HTM) web link (bugs.chromium.org) (TXT) w3m dump (bugs.chromium.org) | remram wrote: | So this was disclosed November 11 (edit: or maybe May 13 as per | green text?) and became public yesterday November 30. Leaves | little time for Android devices to get the new key no? | themoonisachees wrote: | If may 13 which would make more sense then there have been | several android security patches since. Devices no longer | supported are toast though | Denvercoder9 wrote: | What's the blast radius of this? Are only specific models of | phones affected (if so, which?), or does this impact entire | brands or the whole ecosystem? | arciini wrote: | This thread leaves a lot of unanswered questions: | | 1. This was likely mitigated through a device update. What | version did it roll out with? Which devices are still unpatched? | | 2. How was it compromised? Was it an OEM? An internal leak at | Google? | | 3. What is the attack vector? It sounds like it was likely side- | loading apps used by some attacker, but did any of these make it | onto the Play Store? | gjsman-1000 wrote: | I had speculated for a while that Secure Boot, Widevine, Trusted | Computing, all of it seems like they have some pretty serious | central points of failure. So much so, that it would be a modern | heist of the century if they were stolen. | | If someone (for example) got Apple's iOS signing key and Apple's | HTTPS certificate, Apple could suffer catastrophic damage. If | someone got the PlayStation 5 signing key or the Xbox One signing | key, catastrophic damage there. In a way, it's a beautiful, | super-secure house... built on a single ludicrously powerful | point of failure. Good thing we don't have any corrupt government | agencies who might want to bribe someone for keys... yet... | hopefully... | | This is actually something I would fear for the future. There | have been countless physical heists - most recently in Antwerp, | Belgium, where over $100 million in diamonds were stolen in 2003. | We haven't had a major signing key stolen yet, but there's always | that first day... if you can't keep $100M in diamonds safe, can | you really be sure that you can keep a hardware signing key safe | forever? | bombcar wrote: | And you _know_ nobody actually has their high-value signing key | protected by a series of complex offline vaults and checks and | balances like you 'd see in Ocean's 11 - at best it's on the | other side of a room on an air gapped computer. | RjQoLCOSwiIKfpm wrote: | Is this like Google's central "root key"? Or does each Android OS | distributor, e.g. Samsung, LineageOS, etc., have their own | certificate? | dtx1 wrote: | If I understand this correctly this is an orbital nuke on android | security. | gryf wrote: | I think it's more an orbital dung beetle. | miohtama wrote: | Why this is Chromium issue tracker? | | Or is the same tracker used across all Google projects? ___________________________________________________________________ (page generated 2022-12-01 23:00 UTC)