Comment by JoachimS
12 hours ago
That is how I understand it yes. I can create a new FW and sign it with the vendors key I cracked and it will be trusted to come from the vendor. But generating a malicious FW that has the same signature is still a hash collision problem.
No comments yet
Contribute on Hacker News ↗