|
|
|
|
|
|
by xw30992
860 days ago
|
|
|
In general: One needs to get code on the device for this attack to work. But, in many demonstrated cases, one doesn't need to get privileged code on the device, which is an important distinction. And in other cases this type of monitoring was done without direct access to the machine, for example by examining the intensity of LEDs with a camera. Admittedly that's within eyeshot, but it's not direct access either. For this ESP32 attack in particular, it's not clear how it would work without full control of the device. |
|
|