The Dangers of Microsoft Pluton

(gabrielsieben.tech)

733 points gjsman-1000 | 1 comments | 26 Jul 22 03:46 UTC | HN request time: 0.206s | source

Show context

tuetuopay ◴[26 Jul 22 16:41 UTC] No.32240632[source]▶

The thing I fear the most with this is "proof that secure boot has never been disabled". This is just a way to brick your device from accessing services.

What if you government's tax service requires such proof? Or bank? I cannot count how many machines I booted on Linux to rescue a hard drive, or image it, or wipe it, or just to install linux on them. All those devices, boom, paperweight for regular personal use.

I hate it so much that Microsoft is alone in this. It's not because it's M$, it's because they're alone on it.

replies(2): >>32243105 #>>32245060 #

tadfisher ◴[26 Jul 22 19:53 UTC] No.32243105[source]▶

>>32240632 #

This is already a problem with SafetyNet hardware attestation on Android. Because it's so easy to implement on the app side, everything from banking apps to games is verifying the device is running a blessed system image with a locked bootloader and no root access (read: no access to general-purpose computing).

As a developer of a banking app, I do my best to avoid implementing this user-hostile crap, but not all developers are empowered to say "no" to this requirement and not all care. There is zero benefit to the user to block them from using your services, and I would argue the net benefit is negative to the service. Users aren't hacked via privilege escalation exploits, they are hacked by phishing, and they can be phished on a SafetyNet-compliant device just fine.

replies(2): >>32249879 #>>32253468 #

1. toastal ◴[27 Jul 22 12:59 UTC] No.32249879[source]▶

>>32243105 #

I really appreciate knowing some devs are out there defending us from the banking app madness. I'd encourage you, given your position, to write a blog post about why device ownership is important and your experiences on how others should consider operating.

↑