> how does one defend against an attacker or red-team who controls the CPU voltage rails
The xbox does have defences against this, the talk explicitly mentions rail monitoring defences intended to detect that kind of attack. It had a lot of them, and he had to build around them. The exploit succeeds because he found two glitch points that bypassed the timing randomisation and containment model.
I don't see much motivation for fixing that when I can purchase a nrf52xx Bluetooth Beacon on aliexpress for €4 and flash it with firmware that pretends to be 50 different airtags, rotating every 10 minutes, and therefore bypassing all tracker detections.
It's pretty trivial to just open it up and disconnect the speaker too. I took one apart to make a custom wallet card out of it and broke the speaker in doing so; the rest of it worked perfectly fine (though obviously the warning would still work).
Nike determines what counts as a Nike product; it they are selling it, it is not counterfeit; It may be poorly made or made in ways you didn't expect, but nor counterfeit.
To use your own analogy, surely you must see there is a difference between someone attempting to purchase nike shoes and being tricked vs someone intentionally seeking out counterfeits (e.g. to get a deal)
My comment is wondering to what extent the clients are "tricked" vs to what extent they know (or suspect) its not the real OF model and dont care as long as the fantasy is intact.
Because what Person Y is doing is no more the whole of the job than what Person X is doing, and OF can more easily detect (though its still far from perfect, I've heard) and aggressively cracks down on when the person doing Person X's job is not the person who legally owns the account.
reply