On Fri, Jan 24, 2014 at 10:07 AM, <fre3frizt@riseup.net> wrote:
... Is there any way to save any evidence of this kind of attack,
as stated earlier, you can use technical means to monitor at this level. software defined radio with the right decoding, good position, proper antennas can obtain full bits. even without specific decoding, measuring signal levels at various frequencies compared to baseline is also useful. and of course, you can always improve decoding after the fact. directly accessing flash storage and comparing firmware images in a way otherwise not possible. instrumenting and modifying software to verbosely report on anomalies and make it likely attempted attacks will fail unsuccessfully. (see also camouflage) the list goes on and on and on,
... to use to help fix the vulnerability?
help fix vulnerability? i am sympathetic to your intent, but these exploits are the product of a large, well funded process. they take advantage of positioning in the middle, or next to your endpoint. they're churned out like an assembly line. "saving evidence to fix" is like asking for a digest to add to your antivirus blacklist... in this model, success is measured by doing less badly. not by protecting or fixing.
... and to provide to the EFF, ACLU, or other interested parties that may want to litigate?
i have alluded to this before: multiple constraints limit what i can disclose, and those groups are not likely to be helpful in specific scenarios. general efforts to eliminate public funding for CNE would be useful, however!