Comment on Google has a fix for all of the broken Chromecasts
MrTolkinghoen@lemmy.zip 1 week agoSo you’re saying, that a private key within the TEE expired… So they probably had to write a custom TEE program in-order to rotate it? Along with actually securely delivering it.
So… Did we (someone) manage to capture it? Ultimately though each device is going to have to request a new key, so even with a jailbroken TEE you’re still only going to be capturing the key for that specific device. The key would be how they implemented the verification that an expired device was allowed to get a new key and that verification… Idk not an expert in widevine keys and such but I assume that cert chain expired.
ms264556@beehaw.org 1 week ago
Yeah, reading the followup to that post, I think they just created a new intermediate with the same key as the old one & pushed this to chromecasts. I didn’t know this was a thing you could do. Learn something new every day 😁.
I’ve seen enterprise network equipment with this same issue, but the manufacturer instead forced owners to manually renew device certificates. Their device authentication is now broken because the certificate private keys were poorly protected in transit.
I’m wondering now why they didn’t just use this key rewrap trick