I'd like to think it's possible, but sadly we don't even have the tooling to begin to correctly understand the problem in software let alone the unsafe hardware interactions.
I don't think its possible for any platform that allows for arbitrary code execution to be completely safe. The exploits of today are far more sophisticated than they needed to be 20 years ago, but they still exists and are harder to find and fix.
I know there's some limits to the surface of this... but it seems that could precisely be triggered by certain types of security software, ironically designed to protect such systems. Eww...
The small amount of IT security work I've done has taught me that such hopes are quickly and frequently dashed. Even products specifically designed for security applications have silly glaring vulnerabilities.
There is a difference between something you can't rule out as impossible because it isn't a violation of the laws of physics and something you can't rule out as implausible based on the observed past behavior of the entity responsible.
If I told you that an operating system has just been caught doing that, would your first guess be Windows or Debian?
It’s largely shortcomings of “modern” OS designs and hardware. Things like kernel-space drivers and dma for peripherals make it very hard to have any reasonable level of protection.
I assert it is impossible to secure an internet connected device running Windows, MacOS, or Linux. It boggles my mind that anyone would insure such fragile systems.
I think it's safe to say that 100% of all software and hardware have a security vulnerability of some kind, though that doesn't mean the vulnerabilities are known or exploitable.
Wow - it’s a strange one indeed. Your use case doesn’t even strike me as that far from a pretty normal scenario. But it illustrates, how much potential for malfeasance is introduced with the chains of “smart” components that we’re increasingly required to use. And even being vigilant becomes difficult to impossible, because there are just too many vectors of vulnerability. Kinda depressing...
I'm not quite sure I see the real threat here. Barring remotely exploitable firmware bugs, this family of exploits requires access to the hardware. No security model anywhere can protect a machine from an attacker with physical access...
I wonder if we can imagine a future where most software is simply released in a secure state, or it's not humanly possible to design sufficiently-advanced software that is anything but a teetering stack of security holes just waiting to be discovered.
Theoretically, if we accepted lower performance, could we design our hardware and software to actually be secure? The number of exploits over the last two years is making my head spin
The issue goes beyond the limited threat of any particular vulnerability. The larger issue is that we were blindsided by a category of systemic vulnerabilities that upend prior assumptions about the security of core principles of modern processor and operating system design, which raises doubt about our collective ability to identify and avoid risks in the design phase of computer and communications systems.
Even if every individual aspect of these vulnerabilities had been recognized before, it is undeniable that the risks of their synergistic (from the point of view of an attacker) combination had not been properly appreciated prior to deployment of the affected technology, and for some time after.
reply