Buchanan walks through his process of experimenting with low-cost fault-injection attacks as an alternative when typical software bugs aren’t available to exploit.

  • cmnybo
    link
    fedilink
    English
    arrow-up
    21
    arrow-down
    2
    ·
    1 month ago

    If you have physical access, then you have total access.

    • BrikoX@lemmy.zipOPM
      link
      fedilink
      English
      arrow-up
      21
      ·
      1 month ago

      Not if the storage is encrypted. That’s why vulnerabilities in operating systems/kernel are so impactful, as they can bypass that encryption.

      • Possibly linux@lemmy.zip
        link
        fedilink
        English
        arrow-up
        2
        ·
        1 month ago

        Well no, if the device is powered off you need to brute force the encryption which will take a very long time.

        However, if the device is booted you can just read from ram.

      • LunchMoneyThief@links.hackliberty.org
        link
        fedilink
        English
        arrow-up
        1
        ·
        1 month ago

        It’s a bit more nuanced even.

        If you have one-time physical access, then you have total access, permitting the storage is not encrypted.

        If you have recurring, undetected physical access, then you have total access.

        Ex: Dropping a script into someone’s unencrypted /boot partition that captures the decryption credential, then coming back later to collect the credential and maybe also remove the evidence.