Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

You need source access to verify this. Much of the Pixel firmware is not available to users.


That’s a slightly different issue. Right now, Google could push a customized malicious firmware just to you. No one else would have a copy, and no one would be able to reverse engineer it to detect that it’s malicious.

With a fully functioning binary transparency system, Google would have to publish the fingerprint of the malicious firmware. An even stronger system would require that they publish the entire image as well. Then the attack could be detected.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: