top | item 46760558

(no title)

mrsssnake | 1 month ago

> they have no way to stop an attacker from loading up the broken firmware to exploit your device

You mean the attacker having a physical access to the device plugging in some USB or UART, or the hacker that downgraded the firmware so it can use the exploit in older version to downgrade the firmware to version with the exploit?

discuss

QuiEgo|1 month ago

Sure. Or the supply chain attacker (who is perhaps a state-level actor if you want to think really spicy thoughts) selling you a device on Amazon you think is secure, that they messed with when it passed through their hands on its way to you.

c22|1 month ago

The state level supply chain attacker can just replace the entire chip, or any other part of the product. No amount of technical wizardry can prevent this.

mrsssnake|1 month ago

If this would be the reason, downgrading would wipe the device not brick it permanently.

mschuster91|1 month ago

> You mean the attacker having a physical access to the device plugging in some USB or UART

... which describes US border controls or police in general. Once "law enforcement" becomes part of one's threat model, a lot of trade-offs suddenly have the entire balance changed.

mrsssnake|1 month ago

Example of evil maid attack. On laptops prevented automatically by secure boot or manually by encryption and checking fingerprints, not by bricking whole device.