top | item 28402910

(no title)

Cryptographic keys embedded in hardware worked really well for the DRM industry. Eventually someone will work out how to extract the key, then create malware to spread around android devices to send back millions of valid keys. What do you do then? Blacklist millions of real peoples cameras and prevent them from using the internet?

discuss

sigmoid10|4 years ago

You only need a method of key invalidation and renewal, that's all. Ssl certificates have been facing this problem for years. The threat model is equal to someone infecting millions of devices and then sending back banking data, so it's not like people aren't working on mitigating that stuff.

sebzim4500|4 years ago

>Ssl certificates have been facing this problem for years.

That's an entirely different, and much easier problem. In the case of SSL you are not worried about an attacker obtaining a certificate for any host, just the ones you care about. E.g. an attacker getting a certificate for facebook.com would be catastrophic, but an attacker getting a certificate for a website that no one uses would be a non-issue.

For the case of avoiding deepfakes, you need to avoid the attacker extracting a key from any of the millions of cameras that are sold every year.