I was gonna ask if things like YubiKeys or even security chips inside smartphones were vulnerable to these sort of attacks, but apparently not, thanks for the heads up.
solrize@lemmy.world 1 month ago
Security chips like smart card processors have safeguards against this sort of attack, fwiw. Regular chips are likely more vulnerable.
narc0tic_bird@lemm.ee 1 month ago
solrize@lemmy.world 1 month ago
I don’t think perfect invulnerability is possible: there are just higher and lower amounts of resistance, and of course there can be mistakes including in the protocols. The really high end stuff with tamper reactive packaging (e.g. used in banking) are usually installed in servers in secure data centers, with 24/7 CCTV coverage. So it would be very hard to mess with those things without at least being detected on the camera. The chips inside phones (Apple Secure Enclave, Google Titan) do receive a lot of attention to these issues.
Back around the 1990s there was sort of a technical arms race between set-top box manufactuers (the boxes authenticate to the networks with smart cards) vs cable TV pirates (they were willing to spend lots of money breaking cards, so they could sell illicit pirate cards to people). I think in the end, the card manufacturers “won” (made cards that the pirates couldn’t beat), but I don’t know if they have kept that advantage for all these years since then.
A_A@lemmy.world 1 month ago
i have doubts since, from the article, they were able to be : “bypassing the PIN verification for a cryptocurrency hardware wallet” … so i am waiting and looking for more sources and confirmations.
A_A@lemmy.world 1 month ago
Safeguards against LSi may include :
Sensor-based detection ?
Error detection and correction ?
Redundancy and duplication ?
Shielding // physical + chemical protection ?
Anti-tamper mechanisms ?
Randomization and noise injection ?
solrize@lemmy.world 1 month ago
Chapter from “Security Engineering” (2nd ed) about physical tamper resistance:
www.cl.cam.ac.uk/~rja14/Papers/SEv2-c16.pdf
It’s been ages since I read it so idr how much of it was at chip level. Really high end stuff have the secure chips in a tamper reactive enclosure so it’s difficult to get to them without first erasing the contents. The chapter discusses that ;).
leisesprecher@feddit.org 1 month ago
Why the question marks, the answer is always yes.
A_A@lemmy.world 1 month ago
Because this is not my domain of expertise and I seek comments from other people.