If your attack relies on soldering wires to a flash chip and/or getting root access to the computer, you are hereby banned from the news media.
Show this thread
If you open your computer's case, it is already vulnerable to hacking, because no consumer x86 computer is secure under that threat model. Yes, this is another bullshit hyped attack with minimal practical consequence because under their threat model you are already pwned.https://twitter.com/WIRED/status/1259669698494509056 …
-
-
-
Since the authors are getting nitpicky: If your attack relies on disassembling your computer, or one of your already trusted devices, and hooking up wires to it without technically soldering, you are still banned from the news media.
Show this thread
End of conversation
New conversation -
-
-
"Ruytenberg's technique, shown in the video below, requires unscrewing the bottom panel of a laptop to gain access to the Thunderbolt controller, then attaching an SPI programmer device with an SOP8 clip," ...lol.
-
At that point, it's already a lost cause. I can understand being worried about something like Inception originally (i.e. just plug in to an unattended machine and lets go!). However, there's a certain level of evasiveness that just equals game over no matter what.
- Show replies
New conversation -
-
-
I always assume: if physical access is gained, all is lost. My travel laptop (Linux with encrypted drive) included.
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
If your machine with sensitive information is in a place where someone could open it up without anyone noticing, that is your security flaw.
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
So, you are telling me that complex computer systems are compromised when bad actors have access to their internals? Who knew!?
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
All their “attacks” are also applicable to the BIOS SPI which arguably causes more damage but is known and can’t be marketed as easily.
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
Next paper will be about DOSing the machine with a sledge hammer. The attack only takes 15 seconds, and doesn’t even require you to open the laptop...
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
Opening the computer's case is only possible method. The second just requires getting access to a victim device and cloning its identity. Can be done in under 5 mins; no unscrewing of the victim's laptop required. See 3.1.1 and 3.1.3 in the report. https://thunderspy.io/assets/reports/breaking-thunderbolt-security-bjorn-ruytenberg-20200417.pdf …
-
How exactly is "we can clone the identity of a trusted device by disassembling it and then do what the device was trusted to do" news again? Yes, if my friend has a copy of my keys and you break into his house, steal them, make a copy, you can come into my house. Duh?
- Show replies
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.