> if an attacker has unencumbered access to one’s device, all security goes flying out the window
This is rapidly starting to become less true - full disk encryption is everywhere, backed by hardware TPMs; the Lockdown LSM prevents root from owing the boot chain; devices with soldered RAM are functionally immune to cold boot attacks.
There are still things an attacker can do - put a hardware keylogger on the keyboard wires, a skimmer on the fingerprint reader - but that requires future input from the victim. It is feasible today to defend against a physical attacker if you have the right hardware upfront and don't use it after the attack.
TPMs don't impede your ability to repair anything. Soldered ram is a hassle, but it's not any more malicious than soldered CPUs. It's a design choice, and tradeoffs had to be made.
It's suggested that many such devices might be stolen. But there will also be devices where the user forgot to wipe their data (or didn't know how); or devices that are only just damaged enough that you can't wipe the user data.
Probably an official Apple store can refurbish them somehow, but that is the NOBUS / EARN IT argument.
This kind of stuff shouldn't really theoretically have to affect repairability, but Apple seems to go out of their way to make sure that as much as possible gets bricked when you replace things.
Full disk encryption is still be broken, given a decade or 3. You might care about that risk or not, but the fact is still there.
The point still is that if the attacker has unencumbered access to your device then indeed _further_ use of the device is unrecommended to say the least. It doesn't matter if you had or did not have full disk encryption. It does not matter if you had or did not have Thunderbolt.
An extremely low tech solution would be to place a smallish and tactically hidden camera on the chassis, you don't even need the screwdriver for that. And it just happens all the time on ATMs and I'd bet that like on ATMs it would fool a shitton of people.
And this story is precisely about the type of attack that "requires further user input" -- what would be the point of requiring Thunderbolt at all in the first place if you already have the system in pieces?
> Full disk encryption is still be broken, given a decade or 3.
What? FDE is all symmetric crypto, long since 256-bit, and I think all AES. AES is extremely well understood, and the threat scenario for FDE is also purely cold attacks so even any side channels are irrelevant. I've never seen any feasible attack suggested even in principle, so I'm curious what you have in mind in 10-30 years. If you're thinking "quantum computers", you've gotten confused. Against symmetric keys those only provide at best square root(n) speed up via Grover's Algorithm, essentially halving the key size space. But 128-bit is still infeasible to search, and it'd be trivial to counter anyway by doubling the key length. It's only against current asymmetric cryptosystems that Shor's Algorithm can apply in principle (if if Big-If an actual scalable general purpose QC can actually be built).
I simply measured the time it took from the introduction of DES to when it was no longer "recommended" and substracted the years since AES was standarized, then added a decade of margin of error.
It does not sound to me far fetched to think that AES will be similarly "unrecommended" in such amount of time even if there is absolutely no evidence right now.
Seriously? Are you saying you expect something encrypted with AES _today_ to remain inaccessible _for the next 3 decades_? I'd have a hard time finding anyone even remotely claiming that. How many crypto recommendations from 30 years ago are still not entirely 'questionable' today? 50 years? AES as a recommendation is not even half that old. The algorithm may survive with changes; but the actual encrypted data, I would not bet on it.
If you have anything that claims that AES is different enough to warrant this extra optimism, I would love to have a look.
As another commenter pointed out, public charging or borrowed chargers are an issue. Think airport charging kiosks/counters. Maybe power over data connectors isn’t the best idea (I enjoy single cable docking, but an extra, magnetic power cable wasn’t that much more work).
Borrowed chargers aren't the threat model here; these attacks involve an attacker opening up your machine and reading the contents of the TB3 controller's SPI flash.
That isn't entirely accurate. The ability to clone a given device state gives access to any system which has authorized that cloned device. A borrowed thunderbolt device which is not the target machine may also be used to bypass security levels as a result. No need to open the laptop in that case. See section 3.1.1 and 3.1.3 in the report.
This is rapidly starting to become less true - full disk encryption is everywhere, backed by hardware TPMs; the Lockdown LSM prevents root from owing the boot chain; devices with soldered RAM are functionally immune to cold boot attacks.
There are still things an attacker can do - put a hardware keylogger on the keyboard wires, a skimmer on the fingerprint reader - but that requires future input from the victim. It is feasible today to defend against a physical attacker if you have the right hardware upfront and don't use it after the attack.