SoylentNews is people
SoylentNews
from the phsyical-access-==-you-lose,-eventually dept.
Thunderspy, as its creator Björn Ruytenberg has named the attack, in most cases requires the attacker to remove the screws from the computer casing. From there, the attacker locates the Thunderbolt chip and connects a clip, which in turn is connected to a series of commodity components—priced about $600—which is connected to an attacker laptop. These devices analyze the current Thunderbolt firmware and then reflash it with a version that's largely the same except that it disables any of the Intel-developed security features that are turned on.
[...] "There are seriously tons and tons of things you can do to a PC once you open the case," says Hector Martin, an independent security researcher with extensive experience in hacking or reverse-engineering the Nintendo Wii, several generations of the Sony PlayStation, and other devices with strong defenses against physical attacks. "The evil maid threat model is interesting when you restrict it to plugging things into ports, because that can be done very quickly when e.g. the target is just looking away."
[...] Readers who are left wondering how big a threat Thunderspy poses should remember that the high bar of this attack makes it highly unlikely it will ever be actively used in real-world settings, except, perhaps, for the highest-value targets coveted by secretive spy agencies. Whichever camp has a better case, nothing will change that reality.
Previously: https://soylentnews.org/article.pl?sid=20/05/11/1721247
(Score: 2) by Freeman on Friday May 15 2020, @01:19PM
#1 Don't forget/lose your password/key.
#2 Unless it's convenient to do so.
#3 Don't doom everyone to insecure and easily hacked devices/communication, because you can't remember your password.
Joshua 1:9 "Be strong and of a good courage; be not afraid, neither be thou dismayed: for the Lord thy God is with thee"