See my previous post on Advanced Security Intro to Hardware Hacking and Reverse Engineering Preview.
A few weeks ago there was a blog post about sniffing the SPI bus that had a TPM to decrypt a bit locker-encrypted laptop. (https://dolosgroup.io/blog/2021/7/9/from-stolen-laptop-to-inside-the-company-network). Reactions ranged the typical response on the classic watering holes. Everything from egotistical “I told everyone about this N date-units ago and I’m upset someone else is getting more attention” to “this is what the spec says, what’s the big deal.” Most of the world meanwhile is focused on more important things, but I for one, appreciated the detail into this blog post.
Of course, I can’t make a video without a few rants. Technical marketing across the board is pretty horrible and I think one of the main culprits of this “failure” is that consumers most likely expected their laptops to be more protected. I don’t blame the consumer of course – it’s our hesitancy in tech to avoid saying what something _doesn’t_ do. We are all welcome to leave this as an exercise for the reader.
But, in new-Josh style, despite the constant barrage of the world falling apart, I try to end with an optimistic message. I encourage those not yet in security to give it a try, and too often that means taking a magnifying glass to an area no one has bothered. When you do that, you will most likely find lots of juicy security problems. So, don’t be intimidated by the security industry. There’s plenty of people that like to hear themselves talk and especially tweet (I’m not so much in the later but the former, guilty as charged). Start digging around various products. I’m confident you will eventually start finding as many security problems as you’d like.