this post was submitted on 16 Feb 2024
21 points (88.9% liked)

Technology

34816 readers
321 users here now

This is the official technology community of Lemmy.ml for all news related to creation and use of technology, and to facilitate civil, meaningful discussion around it.


Ask in DM before posting product reviews or ads. All such posts otherwise are subject to removal.


Rules:

1: All Lemmy rules apply

2: Do not post low effort posts

3: NEVER post naziped*gore stuff

4: Always post article URLs or their archived version URLs as sources, NOT screenshots. Help the blind users.

5: personal rants of Big Tech CEOs like Elon Musk are unwelcome (does not include posts about their companies affecting wide range of people)

6: no advertisement posts unless verified as legitimate and non-exploitative/non-consumerist

7: crypto related posts, unless essential, are disallowed

founded 5 years ago
MODERATORS
all 2 comments
sorted by: hot top controversial new old
[–] fubarx@lemmy.ml 3 points 8 months ago

The RP2040 solution was pretty clever. And that's just for line sniffing. He can still add clock or crowbar glitching into the toolkit to work around more advanced defenses. This is something that car ECU hackers figured out a long time ago. There's no software solution to work around that bit of nightmare. FWIW, ChipWhisperer can do all of these, including the synchronous sampling method used to fake a clock signal right out of the box.

As the piece mentions, setting a PIN can help, but all it does is annoy the user (who will likely choose something obvious and easy to remember) and transfer the problem to a simple dictionary attack.

The minute you put the security component in a separate module, you've opened yourself up to line-sniffing and MITM. And as soon as someone has physical access to a device, all bets are off.