Buchanan walks through his process of experimenting with low-cost fault-injection attacks as an alternative when typical software bugs aren’t available to exploit.

  • cmnybo
    link
    fedilink
    English
    arrow-up
    21
    arrow-down
    2
    ·
    1 month ago

    If you have physical access, then you have total access.

    • BrikoX@lemmy.zipOPM
      link
      fedilink
      English
      arrow-up
      21
      ·
      1 month ago

      Not if the storage is encrypted. That’s why vulnerabilities in operating systems/kernel are so impactful, as they can bypass that encryption.

      • Possibly linux@lemmy.zip
        link
        fedilink
        English
        arrow-up
        2
        ·
        1 month ago

        Well no, if the device is powered off you need to brute force the encryption which will take a very long time.

        However, if the device is booted you can just read from ram.

      • LunchMoneyThief@links.hackliberty.org
        link
        fedilink
        English
        arrow-up
        1
        ·
        1 month ago

        It’s a bit more nuanced even.

        If you have one-time physical access, then you have total access, permitting the storage is not encrypted.

        If you have recurring, undetected physical access, then you have total access.

        Ex: Dropping a script into someone’s unencrypted /boot partition that captures the decryption credential, then coming back later to collect the credential and maybe also remove the evidence.

  • chaosCruiser@futurology.today
    link
    fedilink
    English
    arrow-up
    16
    ·
    1 month ago

    That is impressive. However, if you have physical access to the RAM, you can probably also just pop in a live USB, chroot into the system and do whatever you want. Regardless, this injection was interesting and impressive. Hats off to a clever hacker like that.

    • BrikoX@lemmy.zipOPM
      link
      fedilink
      English
      arrow-up
      15
      ·
      edit-2
      1 month ago

      Yeah, it’s wild to me that desktop operating systems don’t encrypt storage by default. Both iOS and Android do.

      • CosmicTurtle0@lemmy.dbzer0.com
        link
        fedilink
        English
        arrow-up
        7
        ·
        1 month ago

        The threat profile for a desktop is different than a phone.

        You carry your phone with you everywhere.

        Desktops typically stay in one location that likely has locks.

        If you’re truly paranoid, you’ll encrypt your drive regardless. For regular joes like me, it’s not enough for me to enable it and enter a password at boot up.

      • Ace! _SL/S@ani.social
        link
        fedilink
        English
        arrow-up
        6
        ·
        edit-2
        1 month ago

        I’d guess it’s because encryption adds overhead and slows things down. It’s also overkill for most people’s needs, since the chance to get their PC stolen isn’t worth the performance impact

        Should definitely be default on Laptops though

        • kautau@lemmy.world
          link
          fedilink
          English
          arrow-up
          2
          ·
          1 month ago

          For Apple computers with a T2 chip encryption actually is on by default and is always enabled at the hardware level. However, enabling filevault adds additional security around the master encryption key.

          Perhaps a future TPM standard will support dedicated encryption throughput in the future instead of just RNG and key generation, but until that happens I can’t see computer manufacturers turning encryption on by default (especially because the bitlocker user experience for non-power users is still pretty awful)

          On that note, being able to use TPM / UEFI features is getting more difficult for open source users, so actually taking advantage of the security hardware on your machine requires more work: https://github.com/Foxboron/sbctl/issues/85

        • Anivia@feddit.org
          link
          fedilink
          English
          arrow-up
          2
          ·
          1 month ago

          The overhead is negligible since modern desktop CPUs have included AES hardware acceleration for a long time by now

      • JackGreenEarth@lemm.ee
        link
        fedilink
        English
        arrow-up
        4
        ·
        1 month ago

        I chose to not encrypt my SSDs as I don’t want to forget the password and lose all my data. But now I have an external backup I’m fine encrypting them.

        • 8Bitz0
          link
          fedilink
          English
          arrow-up
          3
          ·
          1 month ago

          I would love to see something like macOS’s FileVault encryption. It completely blends in with the login screen and your decryption password is your user password.

        • BrikoX@lemmy.zipOPM
          link
          fedilink
          English
          arrow-up
          2
          arrow-down
          2
          ·
          1 month ago

          Use a password manager. And create a passphrase type password for it so it’s easier to remember. Then you will have a unique password for everything, while only needing to remember one of them. And since you will use it daily, it’s impossible to forget.

          • JackGreenEarth@lemm.ee
            link
            fedilink
            English
            arrow-up
            4
            arrow-down
            1
            ·
            1 month ago

            I do use a password manager, but I can’t use it for signing into a machine, just signing into other things once I’m already logged in. I usually do remember my password, but there was an incident when I changed my password because I thought someone had guessed it, and then forgot what I had changed it to and was only able to recover my data because my SSDs were not encrypted

      • Spiralvortexisalie@lemmy.world
        link
        fedilink
        English
        arrow-up
        3
        arrow-down
        1
        ·
        1 month ago

        Windows 11’s behavior has changed so Bitlocker is generally enabled at install/upgrade provided you use a Microsoft account vs local account. Source

  • The modder in the article mentioned that the method could be used to break copyright protections on game consoles, can someone explain that?

    I assume this doesn’t apply to consoles or harware that verify keys over the network, since the decryption key isn’t stored on the device itself? This is more for things like Blu-ray players or consoles that read physical media, right?

    I’m a hobbyist so sorry if that’s a dumb question