Results 1 to 5 of 5

Thread: With physical access a Linux PC can be hacked

  1. #1
    Join Date
    Jan 2011
    Location
    Linux heaven
    Beans
    1,086
    Distro
    Ubuntu 18.04 Bionic Beaver

    With physical access a Linux PC can be hacked

    Here's a recent article that's interesting. It applies if the PC is a 2019 or older model:

    https://www.wired.com/story/thunders...-maid-hacking/
    Don't touch the Linux hat!
    Linux user #572109


  2. #2
    Join Date
    Sep 2014
    Location
    United States
    Beans
    254
    Distro
    Ubuntu 18.04 Bionic Beaver

    Re: With physical access a Linux PC can be hacked

    Good article. It certainly makes laptops seem less desirable, as they are easier to lose.

  3. #3
    Join Date
    Oct 2009
    Beans
    473

    Re: With physical access a Linux PC can be hacked

    Physical access has always been the weak link in security. This seems to make it faster to copy info. Did not read, maybe not noticed, if encrypted drive defeats it as it would if you used a Linux ISO instead to copy info. Read over again, so I was blowing smoke. Guess best advice is to lock computer to your body with chain.

  4. #4
    Join Date
    Sep 2014
    Location
    United States
    Beans
    254
    Distro
    Ubuntu 18.04 Bionic Beaver

    Re: With physical access a Linux PC can be hacked

    Full disk can be bypassed.

    On Thunderbolt-enabled Windows or Linux PCs manufactured before 2019, his technique can bypass the login screen of a sleeping or locked computer—and even its hard disk encryption—to gain full access to the computer's data.
    But only when the computer is on.

    Ruytenberg points out that the flaws he found extend to Intel's hardware and can't be fixed with a mere software update. "Basically they will have to do a silicon redesign," he says. Nor can users change the security settings of their Thunderbolt port in their operating system to prevent the attack, given that Ruytenberg discovered how to turn those settings off. Instead, he says that paranoid users may want to disable their Thunderbolt port altogether in their computer's BIOS, though the process of doing so will be different for every affected PC. On top of disabling Thunderbolt in BIOS, users will also need to enable hard disk encryption and turn their computers off entirely when they leave them unattended, in order to be fully protected.

  5. #5
    Join Date
    Mar 2010
    Location
    Squidbilly-Land
    Beans
    19,867
    Distro
    Ubuntu Mate 16.04 Xenial Xerus

    Re: With physical access a Linux PC can be hacked

    There are mitigations for the evil-maid attack. Whole disk encryption with 2FA and a separate boot device that never leaves your person are part of it. Do not use standby or hibernation if you don't maintain physical control of the computer. The only way for the system to be safe is to have to completely at rest, unmounted storage when not in use.

    That physical access is a security problem has been known since at least the early 1990s. Nothing new. The fact that direct memory access through external ports is a security problem has been known at least since the first PCMCiA and Firewire implementations. There are always people who seem surprised, but that is their own ignorance. We are all ignorant about lots of stuff. Just too much to know in the world.

    USB devices are dangerous too, BTW.

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •