@Nonentity has replied to this but I’d like to amplify. OK, a corrupt official has leaked the US nuclear codes to North Korea. Somehow, North Korea infiltrates the US’s most secure messaging system. Somehow they persuade the people in the silos to program the missiles to target NY, Frankfurt, London, Seoul and Beijing (without anyone getting suspicious). And somehow they manage to get into a (presumably) very secure PSTN line or the equivalent and convincingly tell the operators to launch.
Some years ago the then British Labour government had a similarly stupid idea for a national identity card system which would somehow protect people’s identities - a centralised database which would be accessible by many people, and they were somehow going to guarantee that none of these thousands of people misused the data. (That was the point at which I realised that both politicians and civil servants are deeply, irremediably stupid.) The police force responded that the present system of identifying people by lots of data held in different locations - driving licences, passports, bank accounts, council records for a start - was much better and more secure because no one entity controlled all the data. I imagine the situation with “nuclear codes” is the same. It isn’t enough to suborn one official. You would have to subvert an entire system.
Of course in theory you could get some of the same benefits by having every make and model of mobile device have a different public key and have many individual security workers in different locations each with only one key, so that corruption of one would have limited effects. The short answer to that is:
- How long before some bureaucrat decided to store all the keys in a central location “for efficiency”?
- How long before some organisation found a way of unlocking a bootloader in some model of phone, flashed an image with their own private key, and started selling uncrackable phones on the black market?
