GrapheneOS on Nostr: In order to exploit Verizon's demo app not verifying a signature for the downloaded ...
In order to exploit Verizon's demo app not verifying a signature for the downloaded config or even fetching it via HTTPS, it would already need to be set up to use retail demo mode. The contractors Verizon paid to implement it did a bad job, but it's not a Pixel security issue.
Published at
2024-08-16 18:29:30Event JSON
{
"id": "16163b518c49108f026af541f4b019f8408bfbade46bf41f73c5cbcfaf531ae3",
"pubkey": "5468bceeb74ce35cb4173dcc9974bddac9e894a74bf3d44f9ca8b7554605c9ed",
"created_at": 1723832970,
"kind": 1,
"tags": [
[
"e",
"478540c7cdf9355b3379ead49fcf82effcb05461aa42631215e31bf69b62505e",
"wss://relay.mostr.pub",
"reply"
],
[
"proxy",
"https://grapheneos.social/users/GrapheneOS/statuses/112973117567857943",
"activitypub"
]
],
"content": "In order to exploit Verizon's demo app not verifying a signature for the downloaded config or even fetching it via HTTPS, it would already need to be set up to use retail demo mode. The contractors Verizon paid to implement it did a bad job, but it's not a Pixel security issue.",
"sig": "e903bd239f4b8456f02358dab398c72d9359af9ec36b34aa62a382733da8ee105b1ddd7586517870eb93e1573946682f706df4dbe22bbb9210e3ff2c6f23517b"
}
