Richard StephensOct 23
Security conference talks fall into two categories
* we designed a distributed entropy siphon to perform a black-box hypervisor side channel escape and chain-load a persistent rootkit into the CPU cache
* we looked behind the sofa and found an entire industry of products/services that have made no attempt at security at all and are therefore vulnerable to the most basic issues that we've been finding in everything for the past 30 years, and no-one else had bothered to look.
Show threadSaphire LatticeOct 23

@richardstephens This post feels mildly relevant...

https://chaos.social/@ge0rg/115423543031291713

Ge0rG (@ge0rg@chaos.social)

Attached: 1 image @whitequark@mastodon.social And to add to the horror, all of the cars and chargers are in the same physical powerline broadcast domain, so when another car is plugged in, it needs to broadcast ping and measure the response signal strength(*) to find out which charger it's connected to... And once the data channel is up, you authorize the payment with the absolutely unforgeable and secret... *checks notes* serial number of your RFID card! (*) SLAC (Signal Level Attenuation Characterization)

chaos.social
Show threadJakobT
@saphire @richardstephens
Can someone explain why I can buy petrol for my old car anonymous by paying with cash (forget the surveillance cameras for now), but not charge an electric car without giving the seller all my data?
All the charging station needs to know should be a simple feedback on progress of charging to adjust the current, or am I ignorant/naive?
Oct 24 at 7:11amWeb
Show threadParnikkaporeNov 4
@jakobtougaard @saphire @richardstephens AFAIK (based almost completely on TechnologyConnections videos eep), you're right here - the "charging" bit doesn't care who you are, the "paying" bit does, and the common charger networks merely didn't go for "unlock the charger at the counter" or even "put a bog standard credit card reader in the charging station".