Submitted via IRC for boru.
https://www.infoq.com/news/2020/07/nRF52-debug-resurrect/:
A recent hardware attack on the Nordic nRF52 chip uses local access to gain chip-level debugging capabilities that persist in silicon, unpatchable in software. Nordic has confirmed the issue and encouraged device manufacturers to detect openings of the enclosure, as the chip is not hardened against fault injection.
This chip is used in so many bluetooth products. Might be fun to go wardriving and find some and see if any have accessible SWD pins.
(Score: 4, Touché) by Immerman on Friday July 17 2020, @02:18PM (14 children)
Am I missing something? How is wardriving going to carry out a hardware attack?
(Score: 1, Informative) by Anonymous Coward on Friday July 17 2020, @03:11PM (3 children)
(Score: 2) by DannyB on Friday July 17 2020, @03:38PM (2 children)
I don't have any direct experience with this, but I would presume that it would be more effective to take cash, drugs and weapons instead of taking people's gadgets.
People today are educated enough to repeat what they are taught but not to question what they are taught.
(Score: 2) by Snotnose on Friday July 17 2020, @03:45PM (1 child)
Sigh. The drugs I take nowdays don't do you any good unless you have high blood pressure or cholesterol.
Why shouldn't we judge a book by it's cover? It's got the author, title, and a summary of what the book's about.
(Score: 2) by DannyB on Friday July 17 2020, @03:50PM
Prescription narcotic pain killers might be appealing to a thief.
Thieves of all ages can enjoy boner drugs.
Who says boomers might not have good drugs in their house?
People today are educated enough to repeat what they are taught but not to question what they are taught.
(Score: 4, Funny) by Anonymous Coward on Friday July 17 2020, @03:19PM (3 children)
Millenial wardriving: it's where you borrow Mom's car, take a photo of yourself linking in a Ruby gem called "nRF52_Crack" while driving, then you realize the library's infected with Russian malware and while trying to remove it swerve into a boomer's front lawn where (with luck) you burst into flames and die an agonizing death.
(Score: 3, Insightful) by The Vocal Minority on Saturday July 18 2020, @06:18AM (2 children)
Why are we upmodding this annoying boomer/millenial troll hate bullshit?
(Score: 1, Interesting) by Anonymous Coward on Saturday July 18 2020, @08:00AM (1 child)
its a hard and rather useless question, but i'll try.
People are a species of chimp.
And these things enjoy discord and meaningless suffering of others.
They need a reason to hate maim kill mutilate, because it brings them pleasure.
Its entertaining.
On the internet, is the almost only place where chimps can be chimps. If they try doing what brings them pleasure irl, they will get hurt.
Especially in the land of the prison, home of the jail.
Chimps are incredibly risk averse.
So they create a possible identity that can exist "a troll", and a whole world of text-based depravity "anywhere where comments can be posted", because real depravity is not available to them, and text is real enough.
That way its internally legitimate.
What you see is a product of a/b testing for soon 30 years, if not more.
"Why are we" - there is no we. And never has been.
In all seriousness, go read about chimpanzee and bonobo group dynamics.
Then realise and weep, if you that much into pretending to being non-chimp, lol.
(Score: 2) by The Vocal Minority on Saturday July 18 2020, @11:40AM
Obviously these "chimps" also have trouble identifying rhetorical questions.
It's always school holidays somewhere I guess...
(Score: 2) by ilsa on Friday July 17 2020, @07:35PM
Nope. They're using completely incorrect terminology.
(Score: 3, Insightful) by sjames on Friday July 17 2020, @09:34PM (2 children)
That's why I take vulnerability reports with a few pounds of salt.
Background for people who don't do a lot of embedded device work:
Many devices, including the nrf52 series include a hardware debugging interface (also used for initial firmware loading at the factory). Often those are exposed on the board as small conductive test points rather than having a socket. They're visible on many devices. To access them, the board is placed in a jig with spring loaded pogo pins (contact pins with an action very much like the bottom of a pogo stick). Sometimes they are disabled after the factory firmware load to make reverse engineering harder.
Any hack involving the debugging interface is necessarily hands-on and involves opening the case. There will be no drive by hacking of devices through the debugging interface.
On the nrf52 series, the hardware debugging can be disabled by setting a register on the device. The vulnerability is that given enough tries, it is possible to use well timed power glitching to make the device fail to disable the debug interface as it powers up, allowing you to read out the firmware and data.
Other devices with debugging interfaces have fuses you can blow after factory load to disable debugging, but a sufficiently determined attacker with resources can probably de-cap the chip and read the firmware out anyway. So it's more a matter of how hard is it rather than is it possible.
(Score: 3, Insightful) by Immerman on Friday July 17 2020, @11:50PM (1 child)
Yeah, it strikes me as very bizarre that hardware controlled access to debugging and other features is considered by anyone to be a security flaw.
I mean, sure, if you're talking owner-hostile security such as keeping secret the Blueray decryption keys in a drive, debug modes are a potential weakness. Maybe too if you're talking high-security electronic locks, or medical equipment that might be tampered with to insert a literal "kill switch".
But for consumer hardware? Access to debug modes, etc. is a wonderful boon to tinkerers, and reinforces that it's *your* hardware, not just hardware you've purchased the right to use.
(Score: 2) by sjames on Saturday July 18 2020, @07:26AM
There are a few legitimate cases where the BLE device holds access tokens to the owner's devices, but I agree that locking the owner out is less than honorable.
The nrf isn't so bad about that, you can restore debugging to the device itself if you do a full chip erase (that function works even when debugging is disabled), but of course then it's on you to provide new firmware.
(Score: 2) by c0lo on Friday July 17 2020, @11:08PM
At amateur level, wardriving can't get much hardwarer than using an AK47.
https://www.youtube.com/watch?v=aoFiw2jMy-0 https://soylentnews.org/~MichaelDavidCrawford
(Score: 0) by Anonymous Coward on Saturday July 18 2020, @06:55PM
I believe it was a joke. Wardriving for SWD (software defined) pins.