This is the most suspicious element of the whole affair. The actual security algorithms weren't compromised rather they compromised the whole environment by getting their hands on the Realtek keys.
Personally I doubt that retrieving this key involved required some act of super ninja skills espionage. I suspect somebody high up in the US government simply picked up the phone and called somebody high up in the Taiwanese government. The reality is Taiwan's security at the end of the day is wholly dependent upon US defense. There are no other options, there are no other cards in their hand. They absolutely need the US military to secure the continued existence of their nation.
This is the lesson of Stuxnet: "private" actors aren't. At the end of the day the US government has demonstrated again and again that it can compel cooperation from virtually every technology firm in the "free world." It's not a card to be played lightly but it's absolutely there. Thanks to Snowden we know the NSA regularly compromises Cisco telecom equipment created for export [1][2] and that the US government is working closely with all the major tech firms[3].
And this is why the US does not want China exporting Chinese phones, electronics, telcom kit, chips and social software. There's absolutely no problem when "private companies" in the US, Korea, Japan and Taiwan export this equipment and technology because these companies are squarely under the thumb of the US. Now that China is getting in on the game everybody is freaking the fuck out precisely because they understand perfectly what it means for "private companies" in China to have a significant chunk of the market.
Of course the Chinese also understand exactly what's going on here and this is why they've established the Great Firewall and why they're absolutely determined to homegrow all their technology needs. Right now China imports an absolutely extraordinary amount of chips and it is probably their greatest security weakness [4].
So this is what it comes down to: every large corporation that matters is likely a phone call and/or secret warrant away from literally giving its private keys to some government actor, likely the US or China. Any data stored by these corporate systems should be considered readable and writable by the government. Any service secured by these corporate systems should be considered accessible and ultimately under the control of these governments. These corporations will not risk either their continued existence or the possibility of fat government contracts in order to protect their customers from these governments. Individuals who depend upon these corporations are therefore completely at the mercy of these government actors.
All of this is a long way of saying that security of digital assets cannot be outsourced.
Personally I doubt that retrieving this key involved required some act of super ninja skills espionage. I suspect somebody high up in the US government simply picked up the phone and called somebody high up in the Taiwanese government. The reality is Taiwan's security at the end of the day is wholly dependent upon US defense. There are no other options, there are no other cards in their hand. They absolutely need the US military to secure the continued existence of their nation.
This is the lesson of Stuxnet: "private" actors aren't. At the end of the day the US government has demonstrated again and again that it can compel cooperation from virtually every technology firm in the "free world." It's not a card to be played lightly but it's absolutely there. Thanks to Snowden we know the NSA regularly compromises Cisco telecom equipment created for export [1][2] and that the US government is working closely with all the major tech firms[3].
And this is why the US does not want China exporting Chinese phones, electronics, telcom kit, chips and social software. There's absolutely no problem when "private companies" in the US, Korea, Japan and Taiwan export this equipment and technology because these companies are squarely under the thumb of the US. Now that China is getting in on the game everybody is freaking the fuck out precisely because they understand perfectly what it means for "private companies" in China to have a significant chunk of the market.
Of course the Chinese also understand exactly what's going on here and this is why they've established the Great Firewall and why they're absolutely determined to homegrow all their technology needs. Right now China imports an absolutely extraordinary amount of chips and it is probably their greatest security weakness [4].
So this is what it comes down to: every large corporation that matters is likely a phone call and/or secret warrant away from literally giving its private keys to some government actor, likely the US or China. Any data stored by these corporate systems should be considered readable and writable by the government. Any service secured by these corporate systems should be considered accessible and ultimately under the control of these governments. These corporations will not risk either their continued existence or the possibility of fat government contracts in order to protect their customers from these governments. Individuals who depend upon these corporations are therefore completely at the mercy of these government actors.
All of this is a long way of saying that security of digital assets cannot be outsourced.
[1] https://arstechnica.com/information-technology/2016/08/cisco...
[2] https://arstechnica.com/tech-policy/2014/05/photos-of-an-nsa...
[3] https://en.wikipedia.org/wiki/PRISM_(surveillance_program)
[4] http://nationalinterest.org/feature/how-china-will-benefit-a...