| ▲ | Barbing 7 hours ago | |
What specifically might happen in the real world because of this? Which industries have to worry? >Finally, other than glancing at the PCB, which has an SOP-16 IC with the label scraped off (presumably the microcontroller), I haven't tried analyzing how this device works yet. Scraped off for obscurity, not export/customs, right? | ||
| ▲ | efesak 5 hours ago | parent | next [-] | |
This thing just makes it easier to dump the firmware, but it's not a revolution or anything. The STM issues have been known about for a while, and with a bit of effort, you can dump it yourself without this or any expensive tools, as I once did: https://analogic.cz/rs41-rpm411/ | ||
| ▲ | brohee 5 hours ago | parent | prev | next [-] | |
It makes devices using those (extremely popular) chips easy to clone as you can dump the firmware (firmware that sometimes also contain secrets, like cryptographic keys or API keys). Not world shattering, but damn annoying (I myself handle a few millions of those in a connected object deployment and at the very least it warrants a revision of the risk analysis, as the attacker level got lowered some scenarios became more likely). | ||
| ▲ | boromisp 6 hours ago | parent | prev | next [-] | |
As I understand it this bypasses a "please do not read" level of protection on cheap microcontrollers, not an actual secure element, so only those secrets are impacted that were not properly protected to begin with. | ||
| ▲ | zbrozek 6 hours ago | parent | prev [-] | |
Scraping is almost always for obscurity to try and impede cloning. I don't really know why folks bother; it's not effective. Especially with LLMs, it's never been easier to vaguely describe a chip's connections and get plausible part numbers back. Add in traditional decapping / xray / other microscopy and it's really just not that hard to know what you're holding. | ||