Comment by PUSH_AX

5 hours ago

> how does one defend against an attacker or red-team who controls the CPU voltage rails

The xbox does have defences against this, the talk explicitly mentions rail monitoring defences intended to detect that kind of attack. It had a lot of them, and he had to build around them. The exploit succeeds because he found two glitch points that bypassed the timing randomisation and containment model.

5 comments

PUSH_AX

poemxo 4 hours ago

I hope Apple is paying attention, since their first gen AirTags are vulnerable to voltage glitching to disable the speaker and the tracking warning.

nitros 1 minute ago

I don't see much motivation for fixing that when I can purchase a nrf52xx Bluetooth Beacon on aliexpress for €4 and flash it with firmware that pretends to be 50 different airtags, rotating every 10 minutes, and therefore bypassing all tracker detections.
mikepurvis 3 hours ago

It's pretty trivial to just open it up and disconnect the speaker too. I took one apart to make a custom wallet card out of it and broke the speaker in doing so; the rest of it worked perfectly fine (though obviously the warning would still work).
Vexs 4 hours ago

They're also, as it turns out, vulnerable to a drillbit
tjoff 2 hours ago

Isn't airtags completely and utterly broken, or has anything changed?