• 66 Posts
  • 1.12K Comments
Joined 2 years ago
cake
Cake day: July 7th, 2023

help-circle





  • Attackers with physical access to a Linux system can access a debug shell simply by entering the wrong decryption password several times in a row.

    Yeah, no duh. This isn’t a critical security flaw unless you have the worst partition scheme on your encrypted volumes imaginable. It’s not even a process flaw at that point, just “possible”.

    This is essentially what the Israeli government did to Android a decade ago with Pegasus: if you can get in front of the bootloader, you can compromise disks once encrypted because everything is happening in an in-memory boot process.

    Same way you can hotwire cars. It’s not new.