Remix.run Logo
Remix clone Hacker News
new | show | ask | jobsGithub
rustyhancock a day ago

A bit absurd really, the image of the manufacturer locking this down with robust security signed payloads and bootloaders is truly comical.

Unpopular opinion here: but this article is perfect proof of concept that when trying to take something to market you need a non technical person put the brakes on some technical teams.

zbentley a day ago | parent [-]

> you need a non technical person put the brakes on some technical teams.

Can you expand on that? The general wisdom, true most places I and my peers have worked, is that non-technical business stakeholders are often the ones deprioritizing work that would reduce operational (including security) risk.

rustyhancock a day ago | parent [-]

Technical teams are great at solving technical problems. And will always see more technical problems to solve.

This article is about how you can put jailbreaking this device out of the reach of a skilled reverse engineer, and require a skilled reverse engineer with some fancier technology. Ironically so it could be cracked by the same guy in all likelihood.

....Why?

There is no upside. Only costs.

This is obvious to anyone who's common sense isn't blinded by a mind geared to solving technical issues.

zbentley a day ago | parent [-]

> Why?

Presumably to secure the company selling the device’s revenue stream.

There’s a big difference between “any 10yo with $5 for an SD card can download a one-click app and jailbreak our projector” and “you have to be fairly technical to jailbreak our projector”.

Also, the article is more about drawing parallels to the enterprise software security space (where the “Why?” is large-to-existentially-large financial and regulatory risk to an organization that gets hacked) than explaining why this specific projector should be more tamper-proof.

rustyhancock a day ago | parent [-]

You think a 10 year old is checking the Shannon entropy of some files and deducing that that a single byte xor key is being used? Reversing it and adding more MP4 files then writing NFC cards to play whatever they want?

Surely this is a perfect example of a losing sight of the wider picture.

The articles appeal to well if they do this with a €10 projector they'd do it with a €100,000 is again absolutely comical.

zbentley a day ago | parent [-]

If you use rot13 as your data encryption, then a ten year old can absolutely break it--not by knowing what "rot13" or "data encryption" mean, but by clicking a button in a one-click jailbreak app.

On the other hand, if you use stronger data protection, technical expertise can be required--remember the "kamikaze hack" for breaking hardware DRM on the Xbox 360? https://kotaku.com/one-of-the-wildest-console-hacks-ever-184...