>Edit to add: given Mediatek certs appear here, and given all the vendors linked... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		ShredKazoo on Dec 2, 2022 \| parent \| context \| favorite \| on: Platform certificates used to sign malware >Edit to add: given Mediatek certs appear here, and given all the vendors linked to this have shipped low-end phones based on Mediatek SoCs, it wouldn't surprise me if it turns out Mediatek were the source. This implies that all the affected vendors shared their private keys with Mediatek. Why would they need to do this? (Genuine question, I don't know much about firmware. But it doesn't seem like it should be necessary at first glance.)

arsome on Dec 2, 2022 [–]

It's possible Mediatek (or an unrelated contractor) did the firmware work for them all so they're the ones holding the keys in the end.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact