[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Snowden and Compilers

Hash: SHA1

On 02/12/2014 04:26 AM, sunder wrote:

> My guess would be things like network card drivers, or the firmware
> in network cards - anything that has supervisor level access to the
> entire

Like this?


Proof of concept was been proven in 2010.  Practical application is
probably being done by now.  Somebody is asleep behind the wheel if it
is not.

> As we've seen there are plenty of "open source" linux kernel
> drivers for NICs and video cards that are really binaries.  Plenty
> of room to hide

Hex-encoded blobs, if not binary blobs that show up under /lib/firmware.

> stuff there, but the hardware itself is a better target, especially
> if the firmware they carry cannot be downloaded by the computer
> for forensic analysis, and especially if there's some sort of open
> DMA access from the device to the full memory of the machine that
> the OS cannot detect.

Subverting hardware during design means getting lots of engineers in
the private sector to shut up.  That is not always easy.  Spending
time reversing the binaries they require (which few people do anyway)
and developing a version that is subverted requires keeping the lid on
fewer people, and can be done entirely in house (i.e. without telling
the manufacturer).

> Maybe they'd add stuff to tcp/udp packets as an out of band
> channel, or

Did somebody mention looking for outbound UDP packets encrypted with
RC-6 or something?

> in the case of wireless stuff transmit on unused nearby frequencies
> that the hardware is capable of transmitting on, but cannot be
> detected with normal wifi/bluetooth sniffers.

That would work so long as the radio is not otherwise in use.  Radio
chipsets can be flipped around but it generates heat and uses up power
faster.  It should be more detectable than a subverted hardline.

> Since there are only a handful of chip manufacturers, subverting
> those would be the path of least resistance and most gain, and
> companies like

Until somebody that works there blabs about it.  Is that a risk an
intel agency would accept?  Good question; my wild-assed guess is 'no,
not these days'.

- -- 
The Doctor [412/724/301/703] [ZS]
Developer, Project Byzantium: http://project-byzantium.org/

PGP: 0x807B17C1 / 7960 1CDC 85C9 0B63 8D9F  DD89 3BD8 FF2B 807B 17C1
WWW: https://drwho.virtadpt.net/

"Ziggy's got zip, zilch, zero." --Al

Version: GnuPG v2.0.22 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/