• 3 Posts
  • 14 Comments
Joined 1 year ago
cake
Cake day: July 1st, 2023

help-circle


  • I think the issue that they are trying to make is that there are modern ways of protecting the keys with hardware level security, that aren’t being used. As someone who works in AppSec this is all too common. All it takes is one library in an application to be popped (doesn’t have to be signal), and security keys end up leaked. If it isn’t already, I’m sure that signals keys will be included in exfil scripts.

    Tools like TPM and SecureEnclaves (TrustZone,etc) mean that malware, and other nasties have a higher bar that they need to meet.