I’d agree with the broad thrust of your comment that this isn’t exactly screaming “panic now, the end is nigh”.
Being aware of vulnerabilities like this is important nonetheless.
The nature of side channel attacks like this are that they’re incredibly difficult to spot and mitigate. This one does seem rather elaborate in that it requires software running on a pc but the attack you mentioned with the processor is decidedly stealthier. Just like timing attacks with fans, tempest style attacks - this stuff happens, and from a consumer pov if someone can interdict a package you order from Amazon and alter it then you’d never even know anything was even happening.
Is this happening a lot? Probably exceedingly rarely. Is it a risk most people have to worry about? No. Is it a risk nonetheless? Yes.
All I’m saying is that it’s important to be aware of the risks if you care about security.
But I think you forget most people have limited attention spans and don’t care about this. They don’t need to know. It’s the equivalent of Windows UAC. Folks get a headline each week, Google is selling your info, malware this, Alexa it’s listening! And they have just tuned it all out. It’s counter productive unless you’re interested in the topic.
The privacy and security security could use a good lesson in messaging. They’ve largely made themselves irrelevant to the general public.
I would add that people’s unwillingness to understand or care about security risks does nothing to alter the importance of being aware of them, but I’m well aware that expecting anyone to give a shit about cybersecurity is pissing into the wind.
I’d agree with the broad thrust of your comment that this isn’t exactly screaming “panic now, the end is nigh”.
Being aware of vulnerabilities like this is important nonetheless.
The nature of side channel attacks like this are that they’re incredibly difficult to spot and mitigate. This one does seem rather elaborate in that it requires software running on a pc but the attack you mentioned with the processor is decidedly stealthier. Just like timing attacks with fans, tempest style attacks - this stuff happens, and from a consumer pov if someone can interdict a package you order from Amazon and alter it then you’d never even know anything was even happening.
Is this happening a lot? Probably exceedingly rarely. Is it a risk most people have to worry about? No. Is it a risk nonetheless? Yes.
All I’m saying is that it’s important to be aware of the risks if you care about security.
I said I love them didn’t I?
But I think you forget most people have limited attention spans and don’t care about this. They don’t need to know. It’s the equivalent of Windows UAC. Folks get a headline each week, Google is selling your info, malware this, Alexa it’s listening! And they have just tuned it all out. It’s counter productive unless you’re interested in the topic.
The privacy and security security could use a good lesson in messaging. They’ve largely made themselves irrelevant to the general public.
No arguments.
I would add that people’s unwillingness to understand or care about security risks does nothing to alter the importance of being aware of them, but I’m well aware that expecting anyone to give a shit about cybersecurity is pissing into the wind.