paradroid

What is really indicated by these hardware-level defects is that a security mindset is not a pervasive way of thinking among otherwise very serious engineers. The sheer number of low-level engineers - whether hardware or software level - who overlooked these flaws for so long is simply huge.

When CPUs and the internet were being designed the level of adoption we are seeing was not anticipated. Similar to how nature engineered humans with lots of potential exploits. Now that we are aware of both the possibility and risk of every single person being exploited simultaneously, we must act accordingly and defend ourselves.

In other words, a huge amount of effort must be put into securing basic infrastrucure (including CPUs), somehow.

So long as humanity continues to be at war, we must continue to act as if that is the case. Kudos to Google for figuring this out. But do you really want the "don't be evil" company that profits almost exclusively based on ads to be your only true line of defense? Do you want it to be your government, versus other governments?

What we have just experienced is a precursor to something deeply terrifying. We must, somehow, act to prevent it.

My Bose QC35II headphones are set as a Trusted Device and so automatically unlock my android over bluetooth when I'm in range, and my phone is a trusted device to my Google Chromebook Pixel. Dread Pirate Roberts wouldn't have stood a chance.

To maintain security you really need a backup phone on you at all times that you can use to log out your other devices that isn't part of this chain. You additionally need someone else that you trust who has permission to do this, but that's just yet another attack vector.

Truth is, if someone wants to get at you they can and you can't stop them without being incredibly paranoid. So Bluetooth-based chain of trust, here we go.