this post was submitted on 06 Jul 2026
64 points (100.0% liked)

Technology

7009 readers
569 users here now

News community around technology, social media platforms, information technology and governmental policy surrounding it.

What doesn't fit here?

The core of the story has to be technology focused.


Post guidelines

Title formatPost title should mirror the news source title. If you don't like the title of article, look for an alternative source instead of editorializing it.
URL formatPost URL should be the original link to the article (even if paywalled) and archived copies left in the body. It allows avoiding duplicate posts when cross-posting.
[Opinion] prefixOpinion (op-ed) articles must use [Opinion] prefix before the title. Opinion articles refer to articles that their publisher doesn't explictly endorse.
Country prefixCountry prefix can be added to the title with a separator (|, :, etc.) if the news is from a local publisher who doesn't clearly mention the country.


Rules

1. English onlyTitle and associated content has to be in English.
2. Use original linkPost URL should be the original link to the article (even if paywalled) and archived copies left in the body. It allows avoiding duplicate posts when cross-posting.
3. Respectful communicationAll communication has to be respectful of differing opinions, viewpoints, and experiences.
4. InclusivityEveryone is welcome here regardless of age, body size, visible or invisible disability, ethnicity, sex characteristics, gender identity and expression, education, socio-economic status, nationality, personal appearance, race, caste, color, religion, or sexual identity and orientation.
5. Ad hominem attacksAny kind of personal attacks are expressly forbidden. If you can't argue your position without attacking a person's character, you already lost the argument.
6. Off-topic tangentsStay on topic. Keep it relevant.
7. Instance rules may applyIf something is not covered by community rules, but are against lemmy.zip instance rules, they will be enforced.


Companion communities

!globalnews@lemmy.zip
!interestingshare@lemmy.zip


Icon attribution | Banner attribution


If someone is interested in moderating this community, message @brikox@lemmy.zip.

founded 2 years ago
MODERATORS
 

Paradigm Shift’s usbliter8 exploit targets Apple A12 and A13 SecureROM via USB DFU mode, creating an unpatchable hardware risk.

you are viewing a single comment's thread
view the rest of the comments
[–] quick_snail@feddit.nl 2 points 2 days ago* (last edited 2 days ago) (3 children)

This requires physical access. I don't get it, why is this bad?

Someone with physical access can already pull out the disk, clone it, and put in a different disk that boots to an identical looking login, but which actually relays the password back to the attacker.

What more would this exploit allow an attcker with phsycal access that they wouldn't already have before this exploit?

[–] Stiggyman@ani.social 3 points 1 day ago

Disk? This is iPads and iPhones shits soldered on there typically right next to or inside the SOC

People store a lot of sensitive information on their phones and iPhones are big targets for phone theft. Physical access is quite easy once the device is snatched from the owner's hands.

[–] DdCno1@beehaw.org 0 points 1 day ago* (last edited 1 day ago) (1 children)

An attack via USB is much sneakier to pull off (no device surgery required) and more difficult to combat as an org. You essentially have to epoxy the ports shut or remove them physically and force your employees to charge their phones and tablets wirelessly. Not an unusual thing to do - I first saw this decades ago with PCs and laptops - but still.

Fun fact: With laptops commonly using USB ports for charging these days, higher-end business-oriented ones tend retain the old barrel plug so that they can still be used with USB ports being rendered inoperable.

Slightly off-topic: One of my last employers used software (I think it was a built-in utility of HP business computers) to disable USB ports on laptops instead, primarily to stop people from using insecure USB drives (only people working on really sensitive stuff had the ports epoxied). There was an internal file sharing service that was meant to be used in place of tiny drives you can accidentally lose, but it worked exceptionally poorly. They forgot that you can still transfer files via Bluetooth to virtually any other Bluetooth device that has storage, which is what I resorted to. It's slow, but reliable, works with anything (even old dumb phones) and is of course not as stupid as using a commercial cloud service, which is what some of my colleagues did.

[–] quick_snail@feddit.nl 1 points 1 day ago

I think a lot of companies use EDR to software disable USB ports. But I wouldn't recommend it.