On the Android security bug

Peter Biddle, who helped invent trusted computing when he was at Microsoft, discusses the serious Android security bug that was just reported. It's a good, short read, and most alarming is the news that Google's had information on this critical bug since February: "The entire value of a chain of trust is that you are limiting the surface area of vulnerability to the code-signing and hashing itself. This bug, if it’s as described, destroys the chain."
Discuss

Continue the discussion at bbs.boingboing.net

12 replies