Such a system would require *all* devices to be secure against key extraction. O...

kfuwbi2640 · on March 31, 2020

Apologies for a late response here (by HN standards where conversations last only a number of hours). I agree that an attacker could compromise weaker devices and sign their deep fakes with them. But then hopefully those keys Or that manufacturer would be blacklisted. In my mind, a company like Hauwei could implement this, but I as a consumer of media wouldn’t necessarily trust photos from their devices. But photos signed by an iPhone where Apple has a better privacy record, I could trust more.

Thanks for replying though, this does help me understand the challenges in a system like this.

zrm · on April 1, 2020

It's not really a matter of privacy record. In general manufacturers don't do it on purpose.

For example, it was discovered that it's possible to extract keys from Intel SGX enclaves using certain speculative execution vulnerabilities. Intel SGX predates Spectre. It isn't a category of vulnerability they knew existed when they were designing it.

Vulnerabilities are regularly discovered in almost everything, iPhones included. Diligent vendors are quick to patch them, but an attacker only needs to wait until the next vulnerability is discovered and then extract the signing keys from a device that hasn't been patched yet.

You also have no way of knowing which keys they are -- if a million devices of a particular model have a known vulnerability then any attacker could extract the keys from any of them, and even blacklisting all of them (which would tend to dissatisfy their innocent owners) still wouldn't save you from an attacker using an unpublished vulnerability against a device you don't even know is vulnerable.

To put this another way, this is basically the same class of technology that Hollywood uses for DRM. Now, how many Hollywood movies can you say have not been pirated by anyone?