We require additional desert power
We require additional desert power
If you absolutely have to hand over your phone, turn it off completely, like hold the power button and then tap the off icon. That will dump any keys out of RAM, which is why it always requires the full password to unlock when you turn it back on. Both in terms of how your phone works and the leaks we’ve seen, the cracking tools the police have are overall significantly less likely to be successful when used on a phone that’s been turned off and not unlocked since.
Also, IIRC iphones have a feature where they will dump at least some of the system keys from RAM if you push the lock button five times. I’d still trust fully off more but that’s easier to do covertly.
They mean the Bluetooth MAC address. It’ll capture your phone’s and can tell who the manufacturer is but the rest of the address is randomized. That said, lots of watches/earbuds/assorted smart Bluetooth things aren’t randomized because manufacturers are lazy.
And if your nav system crashes, so does your car
This seems like an odd move. Let China pay money to use ClosedAI hallucinations instead of using the money to develop their own hallucinations that the US has no insight into.
There’s no technology transfer if they just using the hallucination outputs, it’s just free money for trash.
Setup a firewall with the minimum exposed ports, even on Linux. UFW is reasonable
Yeah but it really shouldn’t be that way. Just add a pin or something, it’s way too easy for people to just grab devices or install malware to leak keys. The current standard for security is that everything is encrypted at rest regardless of whole disk encryption.
Signal is still better that most of the stuff out there but it’s not above well intentioned criticism
Intrinsically/semantically no but the expectation is that the texts are encrypted at rest and the keys are password and/or tpm+biometric protected. That’s just how this works at this point. Also that’s the government standard for literally everything from handheld devices to satellites (yes, actually).
At this point one of the most likely threat vectors is someone just taking your shit. Things like border crossings, rubber stamped search warrants, cops raid your house because your roommate pissed them off, protests, needing to go home from work near a protest, on and on.
RF analysis is kinda difficult, you’d need to take the car out into the middle of nowhere and have access to fairly good equipment. A tinySA would maybe work if you’re very patient but data transmissions are generally very bursty so it may be difficult to nail down where it’s coming from in a sane amount of time.
One option would be to try to figure out if there are any FCC filings for your car. All filings will have pictures of whatever module is being used and what antenna systems it uses which may give you a good idea of where it is and what it looks like. There should be an FCC ID mentioned somewhere at the beginning or end of the cars manual. Googling that should bring up some stuff.
The lower layers all already at least moderately well encrypted, what they’re doing here is trying to pull the unencrypted device ID necessary to establish a connection. It’s not really what you’re sending (though traffic frequency analysis may be included) and more about just figuring out where a particular phone is so they can physically track the user.
I got screeched at for covering up a super bright blinking light on a red eye. Their FAs are next level stupid.
Making ai more efficient will just mean more ai
I hate that it needs to be said but love that they said it so plainly
There might be a few layers to this one. Drones are becoming a central part of strategic production and the US doesn’t really have many competitive companies manufacturing small ones at volume.
They need to force the domestic market to build up local expertise and manufacturing capacity in the event that small drones are the direction warfare ends up going more broadly.
The us defense apparatus is still on the fence about this given that their volume of use in Ukraine could be more of an aberration due to the respective industrial bases and static nature of the war. That said the numbers are insane enough that they warrant some action just in case.
Yeah, I’d agree with that.
The point I was making was for people who thought this was cellphone cameras and that it would somehow work even if the camera wasn’t actively running.
As far as war driving with an sdr you’d probably occasionally find something interesting, but the vast majority would be cameras just pointed back out at the street. I think you’d mostly see stuff where if you wanted to spy it would make more sense to hide your own camera because it’s already public.
All that said, I would lose my shit if Hollywood did something believable for once and used this for a heist movie.
$250 per camera that you have to be within meters of best case. That doesn’t include the packaging cost to make this look innocuous so probably significantly more money if you wanted this to be stealthy and reliable. Add in the money for the distribution and “installation” of such devices.
This doesn’t scale at all.
It’s just a tempest attack. Firmware won’t fix anything but the attack is an extremely expensive nation state level operation that doesn’t scale.
I work on this stuff, short answer, no, it’s not possible. This is just yet another overly complicated tempest attack. Especially with phones the camera link is so short it’s just not radiating enough. They claim 30cm so you basically need the receiver in the same backpack as the phones. As phones get higher resolution and faster cameras this will become even less of an issue. Also, most importantly the camera has to be powered and running for this to work so just don’t take pictures of classified stuff while carrying around a weirdly warm battery bank an unusually attractive eastern European girl gave you as an engagement gift and you’re good.
The actual target here is some sort of The Thing https://en.m.wikipedia.org/wiki/The_Thing_(listening_device) style attack where someone with a huge budget can get a wildly expensive device really close to a system through a significant human intelligence effort.
The line of reasoning is valid though. These satellites will have some ability to track and intercept low power intentional emissions like WiFi and cellular packets. While these are encrypted there are still things you can do with the metadata.
You’d need exactly two skyscrapers actually