The answer is "no" because literally nothing fits your bullshit requirements list because if you really have been working on embedded systems then you already know this to be true. You're basically doing a "cheap, easy, and fast" selection and telling people you need all three.
If you want embedded, you get embedded.
If you want to run a big OS, you get one that will run a big OS.
If you want to pretend these are all the same thing then you can fuck off.
Yes... but that will also be CSAM.
Sure but all the major brands are conformant and that's the bulk of devices. Perfect is the enemy of good.
Not really, just make it a certification process like we do for radio and electrical stuff.
How sure are we that it's accurate? Has the data been validated? If they are stressing the hardware then couldn't a bit get flipped at some point and throw off the whole things?
While plausible, consumer devices are generally a race to the bottom so it's unlikely to become the norm. A far more effective tool would be simple regulatory requirements for new updatable devices with embedded firmware that lack an isolated management interface. Maybe throw in a shadow stack requirement to thwart ROP. It would certainly shake up the MCU market because XIP isn't universally supported and shadow stacks are unheard of.
I wonder what the feasibility would be of making volatile memory non-executable.
I see no reason that it couldn't be but stack memory could still be hijacked. ROP would still be an option.
the cost of routers being a little higher for temporary-user-updating-enabling (switches) seems like it's worth it overall.
It 100% is worth it for the consumer but vendors don't see any benefit because it costs more and consumers are dummies that don't understand the value.
The problem is that this only makes an unthinking statistical word selection machine seem more credible. Considering how many people already think AI like this are actually thinking (intelligent), I see this as being a step in the wrong direction.
This should be a lesson to everyone that using petroleum-based energy makes you subject to the whims of foreign dictators If you are relying on an external source for fuel (or it's refinement) then you are dependent on everything between you and that external source.
Actual energy independence means you aren't subject to interruptions by a physical supply chain. If you are using a fuel then you never truly have energy independence.
Note: Idiots who want to tell me that sunlight can blocked, the wind can be stopped, or the Earth can be cooled are either talking about science fiction or literal mass extinction events which isn't relevant to this topic since a supply chain disruption (mass panic) is nearly guaranteed in those situations.
if such routers had unalterable firmware (such as from the PROM days), could they still be hacked in such ways?
Yes. If you can find a trivial error in the binary that enables you to write to RAM which is then executed, that's arbitrary code execution. This can be used to bootstrap receiving a malware package which would overwrite more RAM. XIP (execute in place) firmware (which is executed from read-only memory) could help reduce the attack surface but not eliminate it. However, consumer grade vendors use compressed filesystems (usually SquashFS) to save money on flash memory which makes using XIP impossible. Even if they did, RAM only attacks occur regularly on PCs so it would be unsurprising to see it used when needed.
Ultimately, the significant difference is that the malware would be wiped out upon router reboot. However, since it cannot be updated, the vulnerability could never be removed and thus, anyone who who could find your device would be able to compromise it. The solution here is to have a physical switch that needs to be pressed in order to make the memory writable for a brief period. Of course, that more hardware and costs more money, so vendors for consumers won't do it. This is generally solved in the tech sector by having a BCM which is only accessible through a secondary and isolated work.
One of the most salient features of KadNap is a sophisticated peer-to-peer design based on Kademlia (PDF), a network structure that uses distributed hash tables to conceal the IP addresses of command-and-control servers.
For the unaware, distributed hash tables (DHT) are regularly used for file-sharing applications, not the distribute files but to find other computers that are sharing files. The downside of DHT is that it's "slow" meaning it can take several minutes for a message to permeate the network.
Far too often, it seems like cyber criminals are too dumb to be effective because you almost never hear about P2P infrastructure when it comes to botnets. They just keep putting up obvious C&C points that just get taken down, time and time again. When I read this exact paper years ago, it seemed obvious to me that this was the perfect to improve the resiliency for secret/illegal networks. Despite that, it's almost never used!
Don't get me wrong, they'll still get taken down but it will be more of a challenge.
Despite all this investment and commitment to the technology, about three-quarters of large-company CEOs said generative AI might have been overhyped over the past year, but its true impact over the next five to ten years is likely underappreciated.
I look forward to all the "pro-life" idiots choosing to death over these treatments... but we both know they won't because they have ideological consistency of a crayon.
This implies that given the proper care, we should be able to put 2024 YR4 back on track to impact the Moon! Humanity has really been half-assing this destroying the ecosystem and I feel like we can do better by annihilating with a well placed asteroid.
"Just the facts, Ma'am" -- Joe Friday
