You can add location information to your Tweets, such as your city or precise location, from the web and via third-party applications. You always have the option to delete your Tweet location history. Learn more
Yep, I do know what a threat model is! And described exactly what's necessary to carry out the attack in the piece, so users can judge for themselves if they should be scared. If there are 24 other previously known unpatchable ways to do this attack, that is actually news to me.
If you want to own a computer by opening the case, all you need to do is flash the BIOS chip. Or the firmware chip of any device with DMA access. Or any internal device with no DMA access but a buggy driver (i.e. most). Or just hijack a bus like LPC. The list goes on.
I take your point...that's more ways than I was aware of. :) But even if this was previously possible by other methods (we mention that in the story too) I disagree it's misleading to tell readers exactly what can happen in an evil maid scenario, which we've done pretty clearly.
Also your thread starts by citing a tweet that doesn't mention that this is a physical access attack...and yes, it should have.
Wouldn't it be simpler to just stuff a rogue PCIe card in, if you've already opened the case? A lot of laptops have the WWAN slot free (and many newer ones have multiple NVMe slots)…
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.
