If the problem is an expired device certificate then this was a very quick turnaround.
All shipped chromecast receiver devices have the device cert private key safely locked behind a TPM. Sending new certificates across the network without carefully planning things gives us a chance to intercept them & use them in our own receiver software which could e.g. download streams from Netflix/ Disney etc.
So you’re saying, that a private key within the TEE expired… So they probably had to write a custom TEE program in-order to rotate it? Along with actually securely delivering it.
So… Did we (someone) manage to capture it? Ultimately though each device is going to have to request a new key, so even with a jailbroken TEE you’re still only going to be capturing the key for that specific device. The key would be how they implemented the verification that an expired device was allowed to get a new key and that verification… Idk not an expert in widevine keys and such but I assume that cert chain expired.
Edit: sounds like it wasn’t the factory key that expired, just a system level intermediate CA but updating it was still a PITA because of all the cert expiration checks by all the apps. I.e. Google home. Feel free to correct me if I’m incorrectly summarizing.
(https://www.reddit.com/r/Chromecast/comments/1j8wtxa/heres_why_a_fix_is_taking_so_long/)
Obligatory 🖕 reddit.
I actually can’t believe how long this took them to fix.
If the problem is an expired device certificate then this was a very quick turnaround.
All shipped chromecast receiver devices have the device cert private key safely locked behind a TPM. Sending new certificates across the network without carefully planning things gives us a chance to intercept them & use them in our own receiver software which could e.g. download streams from Netflix/ Disney etc.
So you’re saying, that a private key within the TEE expired… So they probably had to write a custom TEE program in-order to rotate it? Along with actually securely delivering it.
So… Did we (someone) manage to capture it? Ultimately though each device is going to have to request a new key, so even with a jailbroken TEE you’re still only going to be capturing the key for that specific device. The key would be how they implemented the verification that an expired device was allowed to get a new key and that verification… Idk not an expert in widevine keys and such but I assume that cert chain expired.
Edit: sounds like it wasn’t the factory key that expired, just a system level intermediate CA but updating it was still a PITA because of all the cert expiration checks by all the apps. I.e. Google home. Feel free to correct me if I’m incorrectly summarizing. (https://www.reddit.com/r/Chromecast/comments/1j8wtxa/heres_why_a_fix_is_taking_so_long/) Obligatory 🖕 reddit.