[pjc50]

Everyone's quickly jumping in to post "physical access is not secure", while over there Apple have iPhones that appear to be almost completely secure against all but the most dedicated state-level attacks (and of course compromised accounts). We can do better, and should. Without compromising the freedom to change operating system.

Mind you we also need to keep pressing on security for the desktop, against ransomware and malicious installs. Again without compromising freedom of choice.

[kilo_bravo_3]

>Without compromising the freedom to change operating system.

Privacy, freedom, and security advocates seem to have opposing and wholly incompatible goals when it comes to technology.

This attack is possible because the NVRAM is overwriteable.

In order to mitigate this attack, you a manufacturer would need to make NVRAM non-NV or add an security device like Apple's T2 chip. Or encrypt the NVRAM and (to prevent a key management nightmare brought about by having millions of users) keep the keys private, in which case all of the haxxors would be crying "they're locking us out of our own hardware!"

But adding a security device attacks "freedom".

    10 PRINT "Having the vulnerability is bad."
    20 PRINT "But adding security attacks freedom."
    30 GOTO 10

If all of these raging against the machine Zer0cools were highly paid security consultants in 1981 looking to stir up business by raging against some machines, they would have pilloried IBM for implementing their (pre) ISA bus and Commodore for allowing users to PEEK and POKE into random memory addresses. The former created the entire personal computing marketplace as we know it today, and the latter enabled millions of programmers to understand their machines and make them do things the designers never could have imagined.

There was a HN article a while ago about how manufacturers were dumb and we were all going to die because of Thunderbolt and PCIe security flaws where attackers could sniff traffic on the bus.

I was just like "no shit, you've been able to do that forever, that's the point of busses and locking them down will just speed the Applefication of computing".

Back in "THE GOOD OLD DAYS" when men were men and computers were free and open they had god damned card-edge connectors sticking out of the back of the case which gave anyone within arms reach of the machine direct and unrestricted access to the CPU lines.

You cannot have closed openness.

[snaky]

It depends. For example, there is nothing that technically prevents adding 'add my own key' functionality to the Android phone bootloaders - that would allow user to unlock bootloader, install AOSP or any Android build of their choice, and then lock bootloader again. The fact we have no such function in bootloader is not rooted in some technical tradeoff between free and secure.

[simias]

There are so many easier way to compromise the computers of 99% of the population that this particular flaw, while interesting, doesn't really appear all that critical to me. How many people (or even companies) bother to encrypt their hard drives these days? Not many in my experience. And for those who do how hard will it be to phish the credentials using basic social engineering?

If you're carrying nuclear codes then yeah, you should be worried about these attacks. If you're security officer for a small company then you probably have a long list of things to worry about before you have to consider cold boot vulnerabilities.

Furthermore if you're worried about an attacker having physical access to your computer what about simply installing a keylogger or a device that broadcasts your display for instance? That seems massively easier and faster to pull off than the attacks described here.

[pjc50]

> If you're security officer for a small company then you probably have a long list of things to worry about before you have to consider cold boot vulnerabilities.

Do you have laptops? Do you keep any personal data on them? Are you subject to GDPR? Then you do need to worry at least somewhat: https://www.databreachtoday.com/data-breach-another-stolen-l...

[jarfil]

These attacks can be made into a pendrive you just need to plug in. On laptops that's easier than hiding some extra hardware.

[hannasanarion]

IPhones are probably vulnerable to cold boot too. It's just that cold boot attacks are absurdly difficult to execute. They only work if you already have physical access to an unlocked device before it powers down. If you shut off your machine and wait two seconds before walking away, you can never be cold-booted

[hyperpape]

Are you sure/can you provide sources? Given the substantial efforts law enforcement has been taking to get access to suspects' iPhones, this doesn't seem right.

[hannasanarion]

I think you misread me. IPhones are almost certainly vulnerable to some kind of cold-boot attack, yes. That doesn't mean that it's easy to break into them. Cold-boot attacks are highly circumstantial.

If the San Bernadino terrorists shut down their phones before their murderous rampage, or if they ran out of battery before the FBI got into their house, sorry, no cold boot for you.

Cold boot only works if you have physical access to the unlocked, powered-on, in-use device. The "data ghost" in memory that cold boot attacks take advantage of is only there for seconds.

[albntomat0]

The commenter above specifically says powered on, unlocked. If the phone is locked or powered off, things are much harder.

[hyperpape]

I guess I was confused by "If you shut off your machine", which is not the same thing as locking it.

If cold boot attacks only work against unlocked devices, that makes a lot of sense. But if they work against locked but powered devices, that would be quite possible for LE to exploit in most cases (just carry a battery pack).

[rasz]

kinda hard when your ram is soldered on top of BGA cpu

[snaky]

> We can do better, and should

It depends. Regular user in most of the world is pretty happy with $50-100 MTK-based chinaphone with 5.5" screen and 2GB of RAM - even with factory preinstalled trojans.