Hi all,
American traveling to China for IETF, and making my tech prep plans (bringing a laptop, phone, tablet, kindle, and steam deck). I won’t bias with my current plans too much, but I do already run Linux+LUKS and GrapheneOS.
For those with experience, what tech prep would you do?
Thanks!
Half a dollar for the hardware and they already have the manpower there. Certainly not bugging any random device, but there is always the chance and its certainly not unheard of. I’m a security researcher, that might be a red flag. But somebody posting on Lemmy might also be considered an activist and certainly somebody trying to enter the country with a heap of encrypted devices.
Genuine curiosity: What kind of hardware bug would you go for if you wanted to spy on a relatively easy target like a Thinkpad from ten years ago, and had 1-2 hours to install it?
My naive guess would be intercepting the monitor cable to pull occasional screencaps, but then you’d need a wireless modem to transmit out and you’d have pretty serious limitations on power draw (assuming you’re running off a cell battery and not splicing in somewhere).
Hardware bugs are put on the storage. Allows injecting data into ram or backdooring the OS.
I can absolutely see that making sense for a targeted attack.
Are there bootkits in the wild that can reliably bootstrap to a rootkit on most non-Windows hosts these days? The hard part of that approach would be having a bootkit payload sophisticated enough to escalate to a meaningful form of exfiltration, I imagine.