Hacker News new | comments | show | ask | jobs | submit login

Plausible deniability is an important difference. Factory-implanted backdoors ruin a commercial relationship -- and could be discovered before deployment.

On the other hand, subverting Google's own official 'kill-switch' at a later date could be the work of a lone vandal or disgruntled employee, and reflects more negatively on Google than manufacturers.

(BTW, I have nothing against Chinese hackers specifically; they're just a usefully vivid example from recent events. The same observation goes for any person or entity that gets momentary control of the official platform-wide revocation mechanism. Its mere existence, for either the iOS or Android ecosystems, makes it a super-juicy target for evildoers.)




> Factory-implanted backdoors ruin a commercial relationship -- and could be discovered before deployment

Only if they are discovered.

You can hide the firmware in ways not even the "official" firmware can access and only a mask inspection would show you have a small amount of ROM where none was supposed to be (or twice as much as you state in the chip specs). If I were paranoid, I would be seriously investigating whether such a plan could be actually conducted - how many processes would have to be compromised and how many people would have to be involved to introduce a feature like this in, say, a popular cellphone radio controller. Can we vouch for the integrity of the hardware/software stack in the towers themselves for not having any backdoor/sleeper code or logic?

Again, I don't imagine this as being the work of gangs, but of governments. It's like having your communications blocked as soon as tanks cross the borders and planes start dropping bombs. It's a very nasty scenario.




Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | DMCA | Apply to YC | Contact

Search: