Hacker shows how a cigarette lighter can grant you root access

Submitted ⁨⁨3⁩ ⁨weeks⁩ ago⁩ by ⁨BrikoX@lemmy.zip⁩ to ⁨technology@lemmy.zip⁩

https://www.techspot.com/news/105078-hacker-shows-how-cigarette-lighter-can-grant-you.html

Buchanan walks through his process of experimenting with low-cost fault-injection attacks as an alternative when typical software bugs aren’t available to exploit.

source

Comments

Sort:hotnew top

cmnybo@discuss.tchncs.de ⁨3⁩ ⁨weeks⁩ ago
If you have physical access, then you have total access.

source
- BrikoX@lemmy.zip ⁨3⁩ ⁨weeks⁩ ago
  Not if the storage is encrypted. That’s why vulnerabilities in operating systems/kernel are so impactful, as they can bypass that encryption.
  
  source
  - possiblylinux127@lemmy.zip ⁨3⁩ ⁨weeks⁩ ago
    Well no, if the device is powered off you need to brute force the encryption which will take a very long time.
    
    However, if the device is booted you can just read from ram.
    
    source
chaosCruiser@futurology.today ⁨3⁩ ⁨weeks⁩ ago
That is impressive. However, if you have physical access to the RAM, you can probably also just pop in a live USB, chroot into the system and do whatever you want. Regardless, this injection was interesting and impressive. Hats off to a clever hacker like that.

source
- BrikoX@lemmy.zip ⁨3⁩ ⁨weeks⁩ ago
  Yeah, it’s wild to me that desktop operating systems doesn’t encrypt storage by default. Both iOS and Android do.
  
  source
  - CosmicTurtle0@lemmy.dbzer0.com ⁨3⁩ ⁨weeks⁩ ago
    The threat profile for a desktop is different than a phone.
    
    You carry your phone with you everywhere.
    
    Desktops typically stay in one location that likely has locks.
    
    If you’re truly paranoid, you’ll encrypt your drive regardless. For regular joes like me, it’s not enough for me to enable it and enter a password at boot up.
    
    source
  - AceSLS@ani.social ⁨3⁩ ⁨weeks⁩ ago
    I’d guess it’s because encryption adds overhead and slows things down. It’s also overkill for most people’s needs, since the chance to get their PC stolen isn’t worth the performance impact
    
    source
    -> View More Comments
  - Spiralvortexisalie@lemmy.world ⁨3⁩ ⁨weeks⁩ ago
    Windows 11’s behavior has changed so Bitlocker is generally enabled at install/upgrade provided you use a Microsoft account vs local account. Source
    
    source
  - JackGreenEarth@lemm.ee ⁨3⁩ ⁨weeks⁩ ago
    I chose to not encrypt my SSDs as I don’t want to forget the password and lose all my data. But now I have an external backup I’m fine encrypting them.
    
    source
    -> View More Comments
yournamehere@lemm.ee ⁨3⁩ ⁨weeks⁩ ago
ah i remember glitching phonebooths that way…good ol’ times

source
WorkingClassCorpse@hexbear.net ⁨3⁩ ⁨weeks⁩ ago
The modder in the article mentioned that the method could be used to break copyright protections on game consoles, can someone explain that?

I assume this doesn’t apply to consoles or harware that verify keys over the network, since the decryption key isn’t stored on the device itself? This is more for things like Blu-ray players or consoles that read physical media, right?

I’m a hobbyist so sorry if that’s a dumb question

source