• fubarx
    link
    fedilink
    arrow-up
    3
    ·
    9 个月前

    The RP2040 solution was pretty clever. And that’s just for line sniffing. He can still add clock or crowbar glitching into the toolkit to work around more advanced defenses. This is something that car ECU hackers figured out a long time ago. There’s no software solution to work around that bit of nightmare. FWIW, ChipWhisperer can do all of these, including the synchronous sampling method used to fake a clock signal right out of the box.

    As the piece mentions, setting a PIN can help, but all it does is annoy the user (who will likely choose something obvious and easy to remember) and transfer the problem to a simple dictionary attack.

    The minute you put the security component in a separate module, you’ve opened yourself up to line-sniffing and MITM. And as soon as someone has physical access to a device, all bets are off.