92
this post was submitted on 05 Oct 2025
92 points (98.9% liked)
Hardware
4076 readers
51 users here now
All things related to technology hardware, with a focus on computing hardware.
Rules (Click to Expand):
-
Follow the Lemmy.world Rules - https://mastodon.world/about
-
Be kind. No bullying, harassment, racism, sexism etc. against other users.
-
No Spam, illegal content, or NSFW content.
-
Please stay on topic, adjacent topics (e.g. software) are fine if they are strongly relevant to technology hardware. Another example would be business news for hardware-focused companies.
-
Please try and post original sources when possible (as opposed to summaries).
-
If posting an archived version of the article, please include a URL link to the original article in the body of the post.
Some other hardware communities across Lemmy:
- Augmented Reality - !augmented_reality@lemmy.world
- Gaming Laptops - !gaminglaptops@lemmy.world
- Laptops - !laptops@lemmy.world
- Linux Hardware - !linuxhardware@programming.dev
- Mechanical Keyboards - !mechanical_keyboards@programming.dev
- Microcontrollers - !microcontrollers@lemux.minnix.dev
- Monitors - !monitors@piefed.social
- Raspberry Pi - !raspberry_pi@programming.dev
- Retro Computing - !retrocomputing@lemmy.sdf.org
- Single Board Computers - !sbcs@lemux.minnix.dev
- Virtual Reality - !virtualreality@lemmy.world
Icon by "icon lauk" under CC BY 3.0
founded 2 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
I always love these absolutely worthless hacks. And I mean that. My favorite was the one that broke encryption by using power draw on the CPU.
This really isn't worthless.
The chances someone may use it against you may be low but a committed attacker against a secure target will rely on stuff like this.
It's more in the realm of espionage than stealing your credit card number but this shit happens.
How many times you think a state government uses this vs the thousands of cameras, warrants, a well placed USB stick on the desk, and monitoring the war thunder forums?
I get what you're saying, but in the grand scene of things, even at the state level, these are not how state agencies are spying on you in practical terms.
The effort to just get this executable running undetected in the background for such a low value attack just doesn't make sense to spend resources on.
I'd agree with the broad thrust of your comment that this isn't exactly screaming "panic now, the end is nigh".
Being aware of vulnerabilities like this is important nonetheless.
The nature of side channel attacks like this are that they're incredibly difficult to spot and mitigate. This one does seem rather elaborate in that it requires software running on a pc but the attack you mentioned with the processor is decidedly stealthier. Just like timing attacks with fans, tempest style attacks - this stuff happens, and from a consumer pov if someone can interdict a package you order from Amazon and alter it then you'd never even know anything was even happening.
Is this happening a lot? Probably exceedingly rarely. Is it a risk most people have to worry about? No. Is it a risk nonetheless? Yes.
All I'm saying is that it's important to be aware of the risks if you care about security.
I said I love them didn't I?
But I think you forget most people have limited attention spans and don't care about this. They don't need to know. It's the equivalent of Windows UAC. Folks get a headline each week, Google is selling your info, malware this, Alexa it's listening! And they have just tuned it all out. It's counter productive unless you're interested in the topic.
The privacy and security security could use a good lesson in messaging. They've largely made themselves irrelevant to the general public.
No arguments.
I would add that people's unwillingness to understand or care about security risks does nothing to alter the importance of being aware of them, but I'm well aware that expecting anyone to give a shit about cybersecurity is pissing into the wind.