hi Steve
Steve:
> Without a Nation State being involved, the most likely threat would come
> from a permiscuous WiFi in the TV auto-connecting to any open networks in
> your area.
Good point. Which links to my thought if you wanted to keep a Qubes
box secure it would be a really BAD idea to plug it into someone
else's TV (like in a motel for example) or a conference room
projector.
My mitigation at home is to use the oldest flat panel TV I can find;
however that has its own difficulties (not security-related but to do
with the picture overscanning the screen).
> If you are sure that is not the case then it should be 'safe
> enough' for most people.
> Side channel attacks take tools, skills, and physical location that isn’t
> going to happen without you already being a target of some kind. It you are
> a target then no monitor is going to help and its time to unplug your
> computer.
There are degrees of Nation State interest ahd more than one level of
being a target; it is not all or nothing.
Presumably the top three tiers of interest are other Nation States
(especially those perceived as hostile), suspected terrorists, and
suspected paedophiles. Below that (I hope) in a fourth level would
come people with a non-violent agenda for significant political
change.
We know that many well known states put effort in to infiltrating such
groups in this fourth level -- to the extent where (for example) State
Infiltrators have been known to have long term, child procreating,
relationships with female activists while popping home to see their
real wives when they can -- so it is reasonable to suppose that there
is also some cyber-infiltration to their computers as well. Equally it
would be paranoid to imagine that any Nation State throws the full
range of their surveillance capability at every individual identified
with such groups.
> I once saw one demo years ago where the target machine with no
> known public vulnerabilities at the time was rooted in less than 15s. They
> don't play around.
Agreed -- in fact it is worse than that.
Those who know how to access to the Intel ICE processor or the AMD
equivalent (whose name I forget) have millisecond access whenever they
want it whenever an Intel or AMD machine is directly net-connected or
connected via routers that are themselves compromised in other ways.
That is after all the hidden-in-plain-sight message on the sticker:
Intel Inside ;) and why Qubes certify so few recent machines.
Apart from avoiding TV's that connect to random unknown Wifi or that
are owned by someone else, I think that I would have to stop using a
recent AMD box other risks of entry via the TV became the biggest
security issue.
Warmly,
R~~