← Back to context

Comment by mrsssnake

2 hours ago

> they have no way to stop an attacker from loading up the broken firmware to exploit your device

You mean the attacker having a physical access to the device plugging in some USB or UART, or the hacker that downgraded the firmware so it can use the exploit in older version to downgrade the firmware to version with the exploit?

2 comments

mrsssnake

Reply
QuiEgo  2 hours ago

Sure. Or the supply chain attacker (who is perhaps a state-level actor if you want to think really spicy thoughts) selling you a device on Amazon you think is secure, that they messed with when it passed through their hands on its way to you.

mschuster91  1 hour ago

> You mean the attacker having a physical access to the device plugging in some USB or UART

... which describes US border controls or police in general. Once "law enforcement" becomes part of one's threat model, a lot of trade-offs suddenly have the entire balance changed.