Questions tagged [hardware]
For attacks against, or best practices for physical components of an Information Technology system. It can consist of network equipment, servers, CPUs, hardware security module, smartcards, etc. When using this tag, also include an additional tag for the specific type of hardware.
601 questions
4
votes
4
answers
631
views
What advantage do hardware tamper-resistance provide in HSM?
Roughly speaking HSM is supposed to ingest or generate some secret material (key) and then never export them through the command interface. The keys can only be used according to their configured ...
- 41
0
votes
0
answers
49
views
Is there a way to deactivate ikvm on Asus kgpe-d16?
Tired of spyware PCs of the modern era (Intel ME, Amd PSP) I decided to build a "near to completely" secure PC. Imho a really secure PC must have:
an open source BIOS (gnu-boot is the good ...
- 243
8
votes
1
answer
825
views
What is the difference between contactless Apple Pay and contactless card?
Apple claims that one time token is created. What is the purpose of that token? What happens with that token?
As far as I know when I pay with my physical debit card the information passed the POS ...
- 495
0
votes
1
answer
231
views
How secure is a network HSM connection with TLS disabled, relying only on IP ACLs and PKCS#11 slot PINs?
If TLS is disabled on a network-attached Hardware Security Module (HSM), but the device still enforces:
IP-based access control (only whitelisted client IPs can connect),
and
PKCS#11 slot PIN ...
- 101
17
votes
4
answers
5k
views
For a router, is storing the Wi-Fi password in plain text in its own storage/firmware considered a vulnerability, or is it standard practice?
All the routers firmwares I've dumped so far, memorizes the wifi password as cleartext (or encoded, but it's basically cleartext).
Is it normal? Or actually for less cheap router there are other ...
- 547
1
vote
0
answers
146
views
Can files be designed to "float" – existing only as fragmented, context-bound encrypted data?
I’m exploring a data security concept where files do not exist as conventional static entities but instead “float” as encrypted fragments, retrievable only through specific contextual parameters.
The ...
- 21
3
votes
4
answers
1k
views
Unidirectional File Transfer (write only) Using Serial Adapter?
Building on This question -- I similarly want implement write-only transfer from an air gapped machine.
I noticed there are various serial-to-usb adapters available also.
What I'm wondering is, would ...
- 153
2
votes
1
answer
235
views
Is there any reasonable justification to be concerned with hardware-based "AI" processors?
Google Tensor is one example of a chip being designed around "AI" features, though it is not the only such chip. While these technologies are being placed on consumer devices, consumer-...
- 181
11
votes
3
answers
2k
views
Why might RDRAND not be safe to use when the rest of the system is?
In Linux, the RDRAND instruction is used, but taken with a grain of salt, in that it is used as only one of several sources of entropy for a CSPRNG. It is used in this way over concerns that the ...
- 1,378
1
vote
0
answers
41
views
What is the difference between Root of Trust and Trusted Computing Base (TCB)? [duplicate]
RoT: element within a system that is trusted and must always behave as expected because any misbehavior cannot be detected at runtime. It's part of the TCB.
TCB: the smallest set of hardware, ...
- 547
0
votes
0
answers
41
views
theoretical approach to executing code on a WiFi card through electrical fault means [duplicate]
Is it possible to for example send a malformed electromagnetic signal that is disguised as a regular network packet so that when it passes through multiple circuits and gets converted back into ...
- 49
3
votes
0
answers
108
views
Are there any commercially available (or not) hardware keylogger chip that someone could solder/plug to a phones LCD?
Title says it all.
Are there any keylogger chips for phone LCDs?
- 662
1
vote
1
answer
364
views
Is there an equivalent to passkeys but to prevent cookie stealing?
Passkeys prevent phishing, no one can make you login remotely (without exploits) and if they are hardware based and never leave the hardware, them even exploits might have a hard time getting them.
...
- 375
2
votes
0
answers
114
views
How to recycle dead Google Pixel laptop?
I have old Google Pixel laptop that is not working anymore. I cannot charge it and it would not start.
I have a number of apps installed there, linked to my current account (for example, social media ...
- 21
1
vote
0
answers
59
views
"PUF CRPs authentication requires trust in manufacturer since it's him who performs the storage of CRPs"....?
"PUF CRPs authentication requires trust in manufacturer since it's him who performs the storage of CRPs".
So does it mean that we have to trust manufacturer, because he could replace the ...
- 547