Can you get root with only a cigarette lighter?

Original Article ↗ Hacker News Discussion ↗

Overall reaction & educational value

  • Many readers found the write-up “amazing” and creative, praising the clear walk-through of caches, memory, and how to turn glitches into a deterministic exploit.
  • The post is seen as a mini-introduction to CPU caching and low-level behavior, comparable in spirit to well-known “from gates to computers” resources.
  • Some wonder how long it would take to acquire the skills shown and express a desire to reach that level.

Physical access, security model, and consoles

  • Several comments revisit the “if you have physical access, game over” maxim.
  • Others argue modern TPMs, enclaves, disk encryption, and trusted boot are precisely meant to keep some operations safe even under physical access.
  • A key motivation discussed is jailbreaking/“reclaiming” locked-down devices (e.g., a future console) while preserving things like TPM and anti-cheat rings.
  • There’s debate about why bother with console hacking when open handhelds (e.g., PC-based) exist; counterpoint: people follow the games, not the hardware.

EMI mechanics, reliability, and defenses

  • The exploit relies on EMI-induced bit flips on a specific DRAM data line, turning a “safe” pointer into a malicious one.
  • Commenters discuss how pulses can flip bits in both directions, not just force a 1, because the induced waveform swings positive and negative.
  • Without a soldered antenna, interference would be less directed and likely affect multiple bits or components, making controlled exploitation harder.
  • ECC RAM is proposed as a strong defense; single-bit errors get corrected, and multi-bit errors typically raise exceptions.
  • Others note that carefully chosen 3-bit flips could theoretically evade common ECC schemes, prompting ideas about more robust paging/CRC-based checks.
  • Encrypted RAM, SEV-style schemes, and PUFs are mentioned as relevant defenses in some threat models.

Debate over practicality and title

  • Some argue the title is misleading: it’s not “only a lighter” because a resistor and a wire soldered to a DRAM pin are required.
  • Others respond that it’s still impressive: root was obtained using a cigarette lighter as the trigger source, even if setup work is needed.
  • There’s agreement it is not a remote exploit; it presupposes significant physical access and hardware modification.

Related hacks and anecdotes

  • Many reminisce about abusing piezo igniters or lighter “clickers” to shock arcade machines, phone booths, and vending systems into giving free credits or calls.
  • Stories include mechanical tricks (bamboo sticks, coin return levers, hidden service buttons) and iterative countermeasures by operators.
  • These anecdotes reinforce a long history of low-tech electrical and mechanical “exploits” akin to this EMI hack.

Humor and wordplay

  • Numerous jokes riff on “getting root” by torturing a sysadmin (rubber-hose cryptography, $5 wrench) or, in Australian slang, “root” as sex.
  • There are puns about lighter hacking, lemon batteries, and mock shell commands, reflecting that the thread is as much entertainment as technical debate.