This means I can file a CVE for every single iOS and Android device now, right? "Secure boot can be bypassed with a FIB workstation to gain full root access" People applying for dumb meaningless CVEs outside reasonable threat models just make the security industry look bad.https://twitter.com/erincandescent/status/1251872738270220290 …
-
There was this article the other day about data exfiltration using PC fans. Clickbaited as "stealing data from airgapped computers". Same team had like 3 dozen other papers with various vectors. Without reading it, I came up with most of the ideas in a Reddit comment.
Like apparently there's this team of researchers whose entire output is variations on "we can write malware that blinks the HDD led and sends information that way".
-
-
Heh. While there are some valid variations on that (like that things where some switches used to actually blink packets out, which isn't something you'd find immediately obvious) I feel like the next big things is going to be hammering realistic threat models back into people.
-
One of their attacks (which I also had in my list of random ideas before reading it) was using heat, between adjacent PCs. At like 2 bits per hour or something. Like, yes, if your airgap is 10cm and your threat model includes malware on the secure side, you're doing it wrong.
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.