Slashdot Mirror
Hiding Backdoors In Hardware
quartertime writes "Remember Reflections on Trusting Trust, the classic paper describing how to hide a nearly undetectable backdoor inside the C compiler? Here's an interesting piece about how to hide a nearly undetectable backdoor inside hardware. The post describes how to install a backdoor in the expansion ROM of a PCI card, which during the boot process patches the BIOS to patch grub to patch the kernel to give the controller remote root access. Because the backdoor is actually housed in the hardware, even if the victim reinstalls the operating system from a CD, they won't clear out the backdoor. I wonder whether China, with its dominant position in the computer hardware assembly business, has already used this technique for espionage. This perhaps explains why the NSA has its own chip fabrication plant."
A good example of this is Lojack for Laptops to see about having stuff in hardware be able to keep a program installed and hidden.
It sounds like a technique that a random hacker won't do. That is a bunch of work to get that going on a user's system. By that, I mean you are modding a rom on something on the pci slot. So unless you are fixing their pc, it will hard to make an excuse as to why you are opening up their machine when they wanted some anti-virus installed.
The world is how you make it
What, you can't sniff the traffic going in and out of your machine?
For justice, we must go to Don Corleone
Wikipedia, as linked in the summary: "Its secure government communications work has involved the NSA in numerous technology areas, including the design of specialized communications hardware and software, production of dedicated semiconductors (at the Ft. Meade chip fabrication plant), and advanced cryptography research. The agency contracts with the private sector in the fields of research and equipment."
Spectrum IEEE: "The DOD also maintained its own chip-making plant at Fort Meade, near Washington, D.C., until the early 1980s, when costs became prohibitive."
I'm betting this statement is now bullshit.
Bio questions? Ask me to start a Q&A journal. Computer analogies available for most topics!
So what exactly is new here? I thought most ./ readers already knew that you have to trust the hardware you use...
You don't even have to go to this great of a length; if you want to root Linux machines, release a proprietary driver in the form of a binary Linux kernel module and watch as your customers blindly install it.
This is one reason why we should insist on the source code to all firmware - or reverse engineer write new firmware ourselves.
"Bad, bad Chinks!" Yeah, because the CIA does not spy at all.
If the NSA broke in and stuck a small device into an empty PCI slot in your computer, would you notice?
Go green: turn off your refrigerator.
Chins is absolutely doing this and the DoD, NSA, and CIA are aware of the activity. Honestly, they don't care about regular consumers, but govt. officials and employees are banned from having Chinese manufacture equipment during official business/work.
These stories appear over and over, but this kind of trick is almost useless because the manufacturer does not know on which machine their device will be installed and so has no way of knowing how it's spying is going to work. If it appears on every device then you've got a logistical nightmare trying to figure it out. And, why would you put it in hardware when the trail of evidence will lead directly back to you if it is found out??? Entirely stupid.
well that's... brilliant... and fucking scary.
... you're probably close enough to image the disk(s) and futz around with the data your hack is trying to access remotely. This is only a hack that would work to target a specific machine, runnning a specific O/S. Presumably before the expansion ROM tries to alter kernels it does a quick check to make sure the box is actually running the O/S and architecture it's intended for. Otherwise you'll have an awful lot of Windows users buying this card and returning it when it scrashes their PCs.
politicians are like babies' nappies: they should both be changed regularly and for the same reasons
If no-one really saw this coming, blame you. In the 90's one could already mail order devices which would plug into the ISA/VESA bus, which could restore the system to the "original" state.
everyone knows it's easy to slip backdoors into hardware, but hiding it is the hard part. every fabless chip maker does spot checks of their products and will find these backdoors. at the very least they will find that the shipping products aren't like the ones they designed with extra circuits.
anyone with data that's worth keeping secret will have it behind firewalls and all kinds of security appliances that will start flashing alerts if there is traffic to a high risk geographic area
The NSA has their own chip fab plant - I bet they've been doing this for years (embedding their own backdoors in the h/w). How better to manage hardware assets that are compromised in the field?
"Content's a bitch."
The flaw in this otherwise sinister scheme would be: What kind of effort would it take, on the part of the would-be bad guys, to ensure that the components in question found their way into machines that were of any consequence? And once discovered, the retribution to the manufacturer would be harsh and most likely final, as in going out of business final. I am not saying that it would be impossible, only difficult in the extreme. I imagine that this kind of scenario would be so improbable (and since we are here talking about it, not likely to slip under the radar of people who need hardened machines, ergo the NSA chip factory) as to be a huge investment of time for the would be attacker without any real chance of success.
you don't need to open the case to flash a a rom.
Your right, this is well known... but not by everybody. Every minute new babies are born... grow up and have the told everything that everyone already knows, because they don't.
So every second, new slashdotters come on and have to learn that yes, you have to be able to trust the hardware you use for security to mean anything. See, you ALREADY left a IMPORTANT part out. You say "you have to trust your hardware", this implies that you just have no choice but to trust it. In reality, you got to ask yourself, who designed the hardware I am relying on and can they and their suppliers/contractors be trusted. Answer: rarely. Reality is that most of us just ain't intresting enough to monitor at high levels.
This always amuses me with people at say Freenet. All of them seem so pampered in our western nations they can't conceive of how a true dictarorship can work. Encrypt? Who sold you that CPU that is doing the encryption? Darknet? When all the traffic flows through a government router. This is naive as saying that when you plug your lights straight into the grid, before the meter, the electricity company (the state) won't know about the 100 watt light streaming out of your windows...
Fact: there are those who would like to spy. Fact: A good method is to get the place you want to spy on to have a device inside, you control and can use to get data out. Fact: Those who wish to spy, make PC's that are brought into the places that they want to spy on and contain the data they wish to get.
If the Chinese AIN'T doing this, they are either afraid the west (and their own people) check all their hardware, ain't all that intrested because there are methods less likely to risk their trade or they are really stupid.
The Chinese ain't stupid and the west doesn't check all the time. Leaves that China doesn't want to risk trade by making their products suspect if just one nerd with a packet sniffer finds something.
It is worth keeping in mind however that the risk is there. Can the US afford to loose more and more of its chip production? We already saw what happens with rare earth materials. This stuff is all over the globe, the US got piles of it, Russia is drowning in it BUT it all seemed so easy to have ONLY the Chinese invest in mining it. Now the rest of the world needs years to get their own production up to scratch.
Say China starts a war (against Russia for resources) today... how long can the US afford to get its war production up to speed without Chinese/Taiwanese goods? Goods that might at the flick of a switch all contain spyware?
Gosh, maybe some generals should play Civ a bit more. See how things can change on a single turn.
MMO Quests are like orgasms:
You may solo them, I prefer them in a group.
Always terrifies me at the bank.. bunch of Lenovo Peecees, running windows. But when I think about it, what could China steal from us that we haven't been just throwing at them anyways?
If you're going to the trouble of messing with PCI hardware, I'm sure one of these tiny circuits, which can be hidden in a USB socket, could be used to take over a machine remotely much more easily. Adding radio remote access would be pretty easy.
Pretty old
http://en.wikipedia.org/wiki/Clipper_chip
Out of modpoints but really liked a post? 1BDkF6TtmmeZ3yqXbz9yhdYVqRYnwFoXDj
Can this method be used to bypass Tivo's hardware security?
to use this technique against Soviet Russia!
This perhaps explains why the NSA has its own chip fabrication plant."
If you are implying that all of the hardware used at NSA, even all of their computers contain semiconductors fabricated by themselves, I would say Yeah Right
My computer says "Designed in California!"
The issue here is not just the fact that they make their own chips, but that there hardware can not come into contact with any other hardware that might be compromised, as it could propagate and therefor compromise their network....it takes only one computer with this hardware backdoor (even a router) that ends up on the network talking with other pcs, and then wow, like a virus ends up spreading this one has access root on a machine from behind a firewall...anything is now possible.
I've been talking about this possibility for a long time and it has fallen largely on deaf ears. Here, now, we have a proof of concept (or at least practically a POC) for a irremovable attack vector. I've stopped using 2nd hand hardware because I saw the possibility for these sort of shenanigans. I also remember reading a forum where people were attempting to "repair" bad DIMMS by overwriting the firmware with different revisions. If that is the case, then could this method be extended to utilize a SO-DIMM of DDR3 or similar? That's a scary thought, indeed.
The eternal struggle of good vs. evil begins within one's self.
Hide the hardware in the backdoor. Unfortunately, we stopped playing because she said it was too detectable.
What's worried me for some time are the various "remote maintenance" schemes built into network controllers. See, for example, Intel's "Active Management Technology". This is Intel's successor to the Intelligent Platform Management Interface. These have a protocol stack built into the network board, with connections to other parts of the system strong enough to power the machine on and off, patch the disk, and do other drastic system changes. AMT is easier to attack from a distance than IPMI; it uses SOAP, HTTP, and TCP (on ports 16992 through 16995, which had better be blocked at your firewall), while IPMI used its own specialized protocol over UDP.
All that prevents taking over a machine with this mechanism is that the network controller is supposed to ship with no keys loaded. A "backdoor" would simply consist of pre-loading some crypto keys at the factory, or somewhere else in the supply chain. Considering the amount of hostile junk that routinely shows up on new USB sticks, that probably wouldn't be hard to accomplish.
A true "hardware level" attack for IPMI or AMT would be to ship a network controller which had keys pre-installed and enabled, but reported that remote management was disabled. There would be no way to find such a "backdoor", short of grinding open the network controller chip and reverse engineering it with a scanning electron microscope. There are special purpose systems for doing exactly that, used for reverse engineering IC designs, but this is e difficult and expensive process.
Resistance is futile. It was true back then, and still true today.
I think therefore I can't be ~TTNH
and use coreboot instead
there's no need to execute rombios to load drivers for dead OSes when the linux kernel has all required drivers.
Content goes here
The software on the expansion ROM is just a low level driver. So the attack described is about compromised firmware, not hardware. No need for special chip fabs at NSA secret facilities or physical access to the machine. Any one using flashrom or similar can install such code in a flash expansion ROM.
> The post describes how to install a backdoor in the expansion ROM of a PCI card, which during the boot process patches the BIOS to patch grub to patch the kernel to give the controller remote root access ..
Without physical access or remote root access how is this rootkit implanted in the first place?
The second book of Donaldson's Gap Series had a subplot around such a hardware attack. Ships in this series actually had Data Officers who were in charge of shipboard I.T. The Data First of an outlaw vessel tried to extort the Captain with a logic bomb in the ship's systems that he had to periodically stave off. This was deadly because without the computers you had no way of knowing where you were among other problems. It turned out he had hidden his virus in doctored interface cards so that it would keep coming back even if you reloaded the computers from a protected store.
Thank IBM for tossing China one of the best avenues for espionage and subterfuge: Lenovo.
And of course, we have Microsoft giving China access to Windows source code.
What the hell is wrong with good old PROM? It's not like any more than a tiny fraction of users are ever going to legitimately upgrade the firmware anyway. Making it modifiable accomplishes nothing other than adding a new place for malware to hide.
I miss the days when ROM actually meant read-only memory.
The "trusting trust" attack is a nasty attack, but there is a counter-measure. Diverse double-compiling can detect compiler executables subverted by the "trusting trust" attack. See my paper for more, if you're curious.
- David A. Wheeler (see my Secure Programming HOWTO)
If companies are concerned that fabrication contractors might be putting backdoors right onto the silicon, then maybe they should require that the masks for the chips be returned, and do random spot testing to see if they match up. Then they can be assured that the chips they had contracted out comply to their design. Obviously this wouldn't work if designing was also contracted out, though.
Because macs are made in, let's see... oh, never mind
I love how all this is called "undetectable". When you could pick it up with a simple network monitor.
A Trojan Boot Loader in the Firmware and the serial number known to the NSA.
hey this people have something interesting? whats the serial No of their routers?
Lets send them via Google some Search routine which monitors their in-house traffice.
-
BTW HP hardware has nice little chips which can not be switched off by the BIOS!
Andf I guess some other vendors have it too!
there are also a very limited number of secured chip fabs in the US, plants in which security is so well controlled that they are licensed to produce sensitive silicon for the government. IBM's fab in North Burlington is known to be one of them. you used to find all sorts of custom logic with IBM on the top in things like ethernet cards and video chipsets and the like. no more. no capacity.
if this is supposed to be a new economy, how come they still want my old fashioned money?
I once met a former colleague of theirs at a trade show. He told me that they had actually put the backdoor into the C compiler. They had been receiving calls at all hours from executives who demanded that systems be fixed ASAP but did not know the root login information. The backdoor set up a predefined root account whenever compiling a program named "login". It enabled them to get in and do the fixes without needing to contact the system administrators.
You dont need a Fab ( or fap if you prefer ) plant to fix BIOS hacks, you need only decompile the BIOS, and reverse the hack.
... you are going to get caught, either on the front end, ( where was it fabbed ) or on the back end ( where the backdoor crap collects ). Didnt they just take down some russian guy? Dont do the crime if you can do the time!
... 1.0 circa 1987 )
Since the author of the article does not really understand the 'Reflections on trusting trust' very well,
he just needs to consider that: Hardware is really just a faster version of software, i.e. anything you do in logic hardware you can simulate in software, so, the hardware is really running a program. You should be wary of rogue chips, that have backdoors built in! They could trigger without the BIOS!However, your going to find this out pretty fast, with a packet sniffer, and rogue hardware sending out encrypted packets.
and then some pesky Linux kernel hacker is going to find out, publish your hardware prefix, and all your cards are belong to us!
But of course, the hardware could pick a MAC address hardware prefix at random, but that would be traceable too!
It all sounds so cool and theoritical, but BIOS/Silicon guys in Taiwan are so busy trying just to get the damn device out the door, relitivly bug free, they dont have time to add spyware to the BIOS/Silicon, so you are going to get a hacked chop job done by some failure of a chinese postal employee? Someone is going to find out, really, they will spot the network traffic, and then your whole house of cards is going south, and then the word is going to get out, and they are going to find the people responsible and TP their house!
Spam is a tolerable social evil, as well as viruses/spyware. The intelligentsia keep them well at bay, but a BIOS/Silicon backdoor? Your going to need a custon FAB place to do it, and somehow
I have no fear....( and 40 years of experience )( p.s. I read the reflections paper while I was looking over the GNU C Compiler
There was an incident about 2 years ago about fake Cisco products in Canada. They were made in China and contained unknown or "questionable" code added. A source close the matter and friend spoke on length about the hack and the dangers.
Subversionhack
From one of my previous posts:
http://slashdot.org/comments.pl?sid=1821502&cid=33910412
You have to realize, as myself and (my) a team of researchers have (finally) dug up, this is not new, nor unique.
follow the link, which leads to other links - you'll see that this has gone from "you're insane", to "wow, they really can do that". in about three years.
As the details trickle out it becomes more insidious as to "the ends to which means" we're dealing with.
I'm happy people have quit discounting this hardware option, which doesn't necessarily need to be "acquired", it can be created from existing hardware, repurposed by chip-crowding, firmware "updates" and firmware / BIOS replacement code, you get it.
~hylas
Very interesting... After I read the trusting trust paper, I figured the only counter was a clean-room bootstrapping. But if I understand it correctly, DDC is something a motivated hacker could manage.
I suspect the OpenBSD guys are going to love this.
...is where our government manufactures its own back-doored chips?
The NSA has had chip fabrication long before China knew what a chip was.
I'm safe. I'm running Windows.
Are we Yanks setting ourselves up for disaster? on Thursday October 28, @06:30PM theindustrialphreak Comments: 0 Submitted by theindustrialphreak on Thursday October 28, @06:30PM theindustrialphreak writes "The question exactly are we setting ourselves up for intellectual property theft and plausible IT disaster (Industrial/political espionage/Terrorism) by outsourcing hardware/software level solutions as well as complete system builds to potential hostile foreign country's/city states? Remember during the cold war their were several DoD security threats based of malicious firmware injected into the micro-controllers inside printers not to mention several recent incarnations via bogus network hardware. Can we really trust FC based out of a society that has proven time and time again to violate basic human rights, and recently put rare earth element export embargo's on our allied nations? article about hardware http://www.pcworld.com/article/195791/us_agencies_crack_down_on_counterfeit_networking_hardware.html http://onlyhardwareblog.com/2010/10/building-backdoors-into-computer-chips/"
I see the biggest lawsuit in tech industry history...
... "compiler’s parent is compiled using a trusted compiler" ...
Isn't the whole point of trusting trust that I don't have a trusted compiler?
Yes. In the purest form of DDC, you would need to implement a compiler, an OS to host it, and possibly the hardware to run that OS, from scratch. The saving grace is that it doesn't have to be a very good compiler, or a very fun OS to use, or a very fast computer. As long as it generates correctly compiled code, you can use it to compile your good compiler.
Meanwhile, on your Dell running Red Hat, you compile your good compiler (we'll just say it's GCC) using your existing copy of GCC. Now you've got two second generation compilers. Their internal code should differ drastically, but their output should be identical.
Use each of them to compile GCC once again, and you should have two identical executable blobs.
In a less thorough version of the same exercise, you can just use two compilers that don't share a pedigree, and hence are unlikely to be infected with the same compiler-resident bug. Even in the strict form, however, you "only" have to generate a working compiler, not a highly optimized and highly optimizing compiler.
It's not like it could be a weekend project for me, but it also doesn't mean duplicating 20 years of development work. You still end up with GCC (or whatever), and you add the ability to trust your code at the price of developing a compiler.
So the only way to keep my pron safe is to design and fabricate my own PC parts. I'll get right on that.
Thats not hiding it in the Hardware. A ROM is software and can be quite easily verified. Hide it in the design of some FSM, reacting on specific sequences, where you can overwrite data in the HWs RAM and control the PCI bus; that will not take more than thousand gates extra (you dont need to be fast) to do it. Unless somebody reverse-engineers the chip in detail, and maybe not even then, it will not be detected. If you do it right, you can even hide which code is necessary to access it.
would fix that if it patches grub first use lilo
I am lead to believe that some netbook certificates are stored in the eprom of the mother board. If the netbook is stolen, one notifies the vendor, and he blacklists the device. On every boot, the device checks the blacklist file, and if it is on it, the bios will not boot. It requires a factory reset that is not available to the netbook owner. So I am told. Is it true? I don't own a Netbook.
Leslie Satenstein Montreal Quebec Canada
It's far more cheap for the US to create hardware-level botnets inside 1.4billion Chinese
How well would Comodo's Defense+ Catch something like this? Would it be able to get past it? According to the internet no known malware can get passed defense+