this post was submitted on 04 Aug 2024
160 points (99.4% liked)
Technology
59874 readers
4858 users here now
This is a most excellent place for technology news and articles.
Our Rules
- Follow the lemmy.world rules.
- Only tech related content.
- Be excellent to each another!
- Mod approved content bots can post up to 10 articles per day.
- Threads asking for personal tech support may be deleted.
- Politics threads may be removed.
- No memes allowed as posts, OK to post as comments.
- Only approved bots from the list below, to ask if your bot can be added please contact us.
- Check for duplicates before posting, duplicates may be removed
Approved Bots
founded 2 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
I was gonna ask if things like YubiKeys or even security chips inside smartphones were vulnerable to these sort of attacks, but apparently not, thanks for the heads up.
I don't think perfect invulnerability is possible: there are just higher and lower amounts of resistance, and of course there can be mistakes including in the protocols. The really high end stuff with tamper reactive packaging (e.g. used in banking) are usually installed in servers in secure data centers, with 24/7 CCTV coverage. So it would be very hard to mess with those things without at least being detected on the camera. The chips inside phones (Apple Secure Enclave, Google Titan) do receive a lot of attention to these issues.
Back around the 1990s there was sort of a technical arms race between set-top box manufactuers (the boxes authenticate to the networks with smart cards) vs cable TV pirates (they were willing to spend lots of money breaking cards, so they could sell illicit pirate cards to people). I think in the end, the card manufacturers "won" (made cards that the pirates couldn't beat), but I don't know if they have kept that advantage for all these years since then.
i have doubts since, from the article, they were able to be : "bypassing the PIN verification for a cryptocurrency hardware wallet" ... so i am waiting and looking for more sources and confirmations.