diff options
-rw-r--r-- | index.mdwn | 4 |
1 files changed, 3 insertions, 1 deletions
@@ -77,10 +77,12 @@ Threat Model 2. Infection is still possible in plenty of unencrypted/unauthenticated software residing in the machine, such as BIOS, network firmware and potential backdoors such as Intel's AMT/ME. +3. The USB stick itself is not a static device: it's has a built-in processor for wear-levelling that could be exploited to present to your computer a compromised kernel or initramfs ([BadUSB attacks](https://links.fluxo.info/tags/badusb)). + ### Additional mitigations 3. For physical attempts to tamper with your bare metal, you might try to protect and monitor your perimeter. -4. From inside threats such as preloaded backdoors in the hardware, the best you can do is to look for open hardware and try to build stuff yourself :P +4. From inside threats such as preloaded backdoors in the hardware, the best you can do is to look for laboratory audits and build and use open hardware. - Check your boot using something like [anti-evil-maid](http://theinvisiblethings.blogspot.com.br/2011/09/anti-evil-maid.html) ([repository](https://github.com/QubesOS/qubes-antievilmaid)), [smartmonster](https://git.fluxo.info/smartmonster) ([original repository](https://github.com/ioerror/smartmonster)) or [chkboot](https://wiki.archlinux.org/index.php/Dm-crypt/Specialties#chkboot). |