> how does one defend against an attacker or red-team who controls the CPU voltage rails

The xbox does have defences against this, the talk explicitly mentions rail monitoring defences intended to detect that kind of attack. It had a lot of them, and he had to build around them. The exploit succeeds because he found two glitch points that bypassed the timing randomisation and containment model.

▲

poemxo 18 hours ago | parent [-]

I hope Apple is paying attention, since their first gen AirTags are vulnerable to voltage glitching to disable the speaker and the tracking warning.

▲

nitros 14 hours ago | parent | next [-]

I don't see much motivation for fixing that when I can purchase a nrf52xx Bluetooth Beacon on aliexpress for €4 and flash it with firmware that pretends to be 50 different airtags, rotating every 10 minutes, and therefore bypassing all tracker detections.

▲

extraduder_ire 12 hours ago | parent [-]

What's the battery life like on one of those?

	▲	nitros an hour ago \| parent [-]
		Months if the firmware properly sleeps.

▲

Vexs 18 hours ago | parent | prev | next [-]

They're also, as it turns out, vulnerable to a drillbit

▲

saagarjha an hour ago | parent | prev | next [-]

Apple has a team that works on glitching protection for their phones. Disabling the speaker on AirTags is a very different threat model.

▲

mikepurvis 17 hours ago | parent | prev | next [-]

It's pretty trivial to just open it up and disconnect the speaker too. I took one apart to make a custom wallet card out of it and broke the speaker in doing so; the rest of it worked perfectly fine (though obviously the warning would still work).

▲

tjoff 16 hours ago | parent | prev [-]

Isn't airtags completely and utterly broken, or has anything changed?