Hacker News new | past | comments | ask | show | jobs | submit login

Why aren't these things somehow cryptographically signed like a lot of software? Seems like it would fix the problem. You could always do what Windows/OsX does when a USB device isn't signed and prompt the user with something like "warning, this USB device is not from a trusted manufacturer, continue?"



Technical implementation of this idea is difficult to impossible, because the device controls what it sends to the host. This means the device could, as an extreme example, contain two firmware areas and a management controller / hypervisor. It could allow the valid firmware to enumerate with a valid signature and then swap over to malicious code undetected - a similar problem to Microsoft's flawed Xbox360 copy protection where the host trusts the DVD drive to authenticate discs.

Anyway, even provided someone could conceive a real implementation, there are still the same issues we've seen with signed OSes (Trusted Boot) and signed device drivers in Windows:

Who gets to be a root CA for peripheral software? How do small/homebrew manufacturers get approved? How does the CA verify the legitimacy of the people they're issuing certs to? How do compromised certs get revoked? What happens when the cert for a legitimate device gets stolen? What if nobody wants to pay for a cert for their crappy fly-by-night flash drives, and users learn to "just click Install?"


That's a really cool idea but I suspect that this would be down to the inevitable problem of "cost". Getting the equivalent of an EV cert for some backwater country's crap mouse with a major brand stuck on the case would add cost to the device and shoot the margins for the distributor, the manufacturer and the retailer.


Couple of things.

1) Getting a (legitimate) USB vendor ID is already a big barrier to entry for smaller players in the hardware business. The USB Forum is basically a cartel of people who aren't interested in selling you a product ID unless you want to buy 65,536 of them at once for thousands of dollars. Then there's the expensive kernel-mode code signing certificate that you'll have to buy in order to deploy your Windows driver. The world needs fewer crypto-cartels, not more.

2) It's always been accepted as a truism that once an attacker has physical access to your computer, the security game is over. Why is everyone rushing to discard this axiom all of a sudden? Don't people understand that this will lead to a world where your computer relies on third-party gatekeepers to treat you as a security threat?


It's not that the device is signed, but the driver.




Consider applying for YC's Spring batch! Applications are open till Feb 11.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: