* Security researchers have discovered new Bluetooth security flaws that allow
hackers to impersonate devices and perform man-in-the-middle attacks. * The
vulnerabilities impact all devices with Bluetooth 4.2 through Bluetooth 5.4,
including laptops, PCs, smartphones, tablets, and others. * Users can do nothing
at the moment to fix the vulnerabilities, and the solution requires device
manufacturers to make changes to the security mechanisms used by the technology.
Research paper: https://dl.acm.org/doi/pdf/10.1145/3576915.3623066
[https://dl.acm.org/doi/pdf/10.1145/3576915.3623066] Github:
https://github.com/francozappa/bluffs [https://github.com/francozappa/bluffs]
CVE: https://nvd.nist.gov/vuln/detail/CVE-2023-24023
[https://nvd.nist.gov/vuln/detail/CVE-2023-24023]
Yes. If you turn off a computer it can’t be compromised.
But I think the interesting question is if its possible have a system that does something useful, while at the same time be 100% secure.
The answer is probably yes, especially small systems that have been designed for a single purpose, but it would be incredibly difficult to prove it. Just because it hasn’t been compromised yet doesn’t mean it won’t in the future.
Even doing a formal proof only proves things within the abstract model the proof works with.
I disagree, a computer that is turned off can absolutely be compromised, thought not remotely.
An attacker who gains access to a computer could take the hard drive (generic name for the boot drive or storage drive), then infect it with malware giving the attacker remote access later, then reassemble the machine.
By definition all systems can be hacked, the more complex the system, the more ways it can be hacked.
The one time pad system, is as far as I know the only encryption system that is unbreakable, if used properly, that is because it is so simple in theory, but during actual use in critical times, the system was misused by technicians, enabling some messages to be read.
To be fair, the PXE boot would not affext a powered off device, it would only be an issue if the device was powered on.
But this is just splitting hairs, you have a good point in that few people would expect a PXE boot attack, not to mention that it could interact with wake on lan, which would turn on a powered down computer.
Yes. If you turn off a computer it can’t be compromised.
But I think the interesting question is if its possible have a system that does something useful, while at the same time be 100% secure.
The answer is probably yes, especially small systems that have been designed for a single purpose, but it would be incredibly difficult to prove it. Just because it hasn’t been compromised yet doesn’t mean it won’t in the future.
Even doing a formal proof only proves things within the abstract model the proof works with.
I disagree, a computer that is turned off can absolutely be compromised, thought not remotely.
An attacker who gains access to a computer could take the hard drive (generic name for the boot drive or storage drive), then infect it with malware giving the attacker remote access later, then reassemble the machine.
By definition all systems can be hacked, the more complex the system, the more ways it can be hacked.
The one time pad system, is as far as I know the only encryption system that is unbreakable, if used properly, that is because it is so simple in theory, but during actual use in critical times, the system was misused by technicians, enabling some messages to be read.
Network booting with PXE, technically, can be a form of remote boot if its still hard wired to the network , so not even off is safe
To be fair, the PXE boot would not affext a powered off device, it would only be an issue if the device was powered on.
But this is just splitting hairs, you have a good point in that few people would expect a PXE boot attack, not to mention that it could interact with wake on lan, which would turn on a powered down computer.
If a magic packet is accepted, off isn’t off. 😉
That’s fair.
It totally is splitting hairs and I was just being super technical lol
One time pad system is only unbreakable if you ignore nearly everything about it.
It requires key exchange, storage, cordination, and disposal. In other words, the usual targets.
Yep, that is why I noted “if used peoperly” (: