Hacker News
new
|
past
|
comments
|
ask
|
show
|
jobs
|
submit
login
sudosysgen
on Sept 22, 2021
|
parent
|
context
|
favorite
| on:
Lithuania says throw away Chinese phones due to ce...
Use Magisk, your banking apps will work fine.
throwaway52170
on Sept 22, 2021
[–]
For now, until hardware backed attestation becomes properly enforced... Isn't security great
sudosysgen
on Sept 22, 2021
|
parent
[–]
It probably will never be. It just takes one OEM to fuck it up and everyone can use their device ID. That's why hardware backed attestation doesn't work, OnePlus fucked it up and now Magisk can pretend to be that phone and get exempted.
alias_neo
on Sept 22, 2021
|
root
|
parent
|
next
[–]
Interesting, I use OnePlus phones, where can I read more about this?
sickmate
on Sept 23, 2021
|
root
|
parent
|
next
[–]
https://www.synopsys.com/blogs/software-security/cve-2020-79...
jsudi
on Sept 22, 2021
|
root
|
parent
|
prev
[–]
If a Chinese oem loses their keys why not just revoke them?
sudosysgen
on Sept 22, 2021
|
root
|
parent
[–]
And cut off the phone from SafetyNet? That would hurt SafetyNet adoption and be bad for Google, which is presumably why they didn't do it for OnePlus.
Guidelines
|
FAQ
|
Lists
|
API
|
Security
|
Legal
|
Apply to YC
|
Contact
Search:
