Regarding the proposed mitigations, I'm very doubtful on whether they would substantially change anything here:
> Use real crypto (AES-128 or lightweight stream) and make the cartridge carry per-title key (or an IV)
> Copying now requires cloning/extracting the original token secrets.
Sounds like a great idea, and fortunately we don't even need to speculate about whether it would work: Nintendo did this with Amiibo.
> If true anti-cloning matters, this requires an authenticated token (DESFire / NTAG 424 DNA class).
And where do you securely store the validation key for a symmetric encryption/authentication scheme? This would require adding a SAM to the projector as well.
The "use non-default NFC keys" suggestion shares the same problem: Where would you securely store these?
nxobject 38 minutes ago [-]
At this point, I think that any good undergrad computer engineering education should include a class on practical security patterns, and design for security. Or, at the very least, training on when you need proactively call on a developer with better chops.
It would save the world so, so much grief and cheap insecure consumer devices. I will flip my lid if I see another kiddy-cam on Shodan.
zihotki 3 minutes ago [-]
Security has certain cost associated to implement it. That makes product more expensive without any additional market value. There must be certain external incentives to motivate spending extra effort
krater23 3 minutes ago [-]
I don't think the the conclusion is right. It's just that the security had cost money, why pay a developer for 5 days when he can do it in 3 without proper security? There is no proper security needed, so don't pay for it. And thats exactly the same that happens with bigger software too. As long as it doesn't creates pain for the seller to sell insecure tools, they will stay insecure.
Rendered at 11:48:36 GMT+0000 (Coordinated Universal Time) with Vercel.
> Use real crypto (AES-128 or lightweight stream) and make the cartridge carry per-title key (or an IV)
> Copying now requires cloning/extracting the original token secrets.
Sounds like a great idea, and fortunately we don't even need to speculate about whether it would work: Nintendo did this with Amiibo.
> If true anti-cloning matters, this requires an authenticated token (DESFire / NTAG 424 DNA class).
And where do you securely store the validation key for a symmetric encryption/authentication scheme? This would require adding a SAM to the projector as well.
The "use non-default NFC keys" suggestion shares the same problem: Where would you securely store these?
It would save the world so, so much grief and cheap insecure consumer devices. I will flip my lid if I see another kiddy-cam on Shodan.