Comment by ars
10 days ago
My phone is rooted and passes "Device security checks", even though it's not supposed to.
I don't know how it works technically, but clearly there's a way to fake it.
10 days ago
My phone is rooted and passes "Device security checks", even though it's not supposed to.
I don't know how it works technically, but clearly there's a way to fake it.
AFAIK there are still cracks available, although it's been getting more difficult over time.
This is another one of the reasons why I'm opposed to the current trend of "memory safety" that the megacorps are so enthusiastic about. When insecurity is freedom, and security means securing against the user's control, attacking insecurity will only close off paths to freedom.
> This is another one of the reasons why I'm opposed to the current trend of "memory safety"
So the argument is that those buffer overflows in iMessage used to target people (i.e. https://googleprojectzero.blogspot.com/2021/12/a-deep-dive-i... used to target a Saudi activist) are actually good because a hacker might jailbreak a phone with it?
It's good if all my software on linux crashes with segfaults because it might let someone unlock a locked down linux device one day?
I don't feel particularly free if my device is pwned with ransomware
When the gun is pointed at you, you'd better hope it misfires.
There are two levels, one can be faked, one can not.
The strong integrity can be faked if you have the keys from a trusted phone that has a security flaw that allows key extraction. I think google bans these from time to time.
The list of banned keys for compromised was >500 last time I checked. I think it was 528 this week?