When we hear about flash drives in the context of cybersecurity, we tend to think of them more as threats than as targets. When you’re using flash drives to store encryption keys, however, it makes…
Wait, desoldering a chip and dumping contents makes an attacker “resourceful”? A sub-$50 hot air rework station (or $330-ish if you don’t want one that’ll burn your house down) and a $50 programming cable is … not a lot of resources.
I can’t tell if I communicated badly or I’m really just off the mark. But we already encrypt storage at rest, when we have valuable or sensitive data, because of the risk that thieves might read stolen data.
So take that a step farther. A thief can “know a guy” who spent a few hundred on soldering equipment and watched some tutorials on YouTube. We don’t consider sensitive data to be unavailable to thieves just because it isn’t readable via plug and play.
The opportunity to take you usb drive and copying its content real quick while you are distracted momentarily is eliminated. I can then decrypt it by calling the guy I know.
But I can’t call the guy I know with the $50 setup that can extract the data for me in that time. It’s not 100% unbreakable, but that doesn’t have to be the criteria…
well, isn’t security kind of about setting the “filter” for potential attackers? You can break a padlock with hammer, but it will keep out random people from wandering in. Having to rewire and program stuff to access this would keep many types of away. The kind of attacker who would want to go through all that trouble wouldn’t be kept away even with more secure methods most likely. Though I guess you could just take the drive and pay someone to deal with it, but still it would need at least some knowledge to even know what should be done with it.
Wait, desoldering a chip and dumping contents makes an attacker “resourceful”? A sub-$50 hot air rework station (or $330-ish if you don’t want one that’ll burn your house down) and a $50 programming cable is … not a lot of resources.
Bro most people can barely heat up pizza rolls in the oven.
But I like how squishy and soft they are from the microwave…
I can’t tell if I communicated badly or I’m really just off the mark. But we already encrypt storage at rest, when we have valuable or sensitive data, because of the risk that thieves might read stolen data.
So take that a step farther. A thief can “know a guy” who spent a few hundred on soldering equipment and watched some tutorials on YouTube. We don’t consider sensitive data to be unavailable to thieves just because it isn’t readable via plug and play.
The opportunity to take you usb drive and copying its content real quick while you are distracted momentarily is eliminated. I can then decrypt it by calling the guy I know.
But I can’t call the guy I know with the $50 setup that can extract the data for me in that time. It’s not 100% unbreakable, but that doesn’t have to be the criteria…
What does any of that have to do with our pedantic argument about the use of the word “resourceful”?
well, isn’t security kind of about setting the “filter” for potential attackers? You can break a padlock with hammer, but it will keep out random people from wandering in. Having to rewire and program stuff to access this would keep many types of away. The kind of attacker who would want to go through all that trouble wouldn’t be kept away even with more secure methods most likely. Though I guess you could just take the drive and pay someone to deal with it, but still it would need at least some knowledge to even know what should be done with it.