Slashdot Mirror

← Back to Stories (view on slashdot.org)

Hiding Backdoors In Hardware

Posted by Soulskill on from the hamster-escape-route dept.

quartertime writes "Remember Reflections on Trusting Trust, the classic paper describing how to hide a nearly undetectable backdoor inside the C compiler? Here's an interesting piece about how to hide a nearly undetectable backdoor inside hardware. The post describes how to install a backdoor in the expansion ROM of a PCI card, which during the boot process patches the BIOS to patch grub to patch the kernel to give the controller remote root access. Because the backdoor is actually housed in the hardware, even if the victim reinstalls the operating system from a CD, they won't clear out the backdoor. I wonder whether China, with its dominant position in the computer hardware assembly business, has already used this technique for espionage. This perhaps explains why the NSA has its own chip fabrication plant."

12 of 206 comments (clear)

  1. Undetectable? by countertrolling · · Score: 5, Insightful

    What, you can't sniff the traffic going in and out of your machine?

    --
    For justice, we must go to Don Corleone
    1. Re:Undetectable? by noidentity · · Score: 2, Insightful

      Not if it's hidden among legitimate traffic.

  2. proprietary firmware by ArcRiley · · Score: 5, Insightful

    You don't even have to go to this great of a length; if you want to root Linux machines, release a proprietary driver in the form of a binary Linux kernel module and watch as your customers blindly install it.

    This is one reason why we should insist on the source code to all firmware - or reverse engineer write new firmware ourselves.

    1. Re:proprietary firmware by Salamander · · Score: 4, Insightful

      This is one reason why we should insist on the source code to all firmware - or reverse engineer write new firmware ourselves.

      "We" should reverse-engineer more firmware "ourselves" eh? When I see them at lunch, I'll let the subset of "we" who actually do such things know that somebody with an Ubuntu address said so. That'll be good for a few laughs.

      --
      Slashdot - News for Herds. Stuff that Splatters.
    2. Re:proprietary firmware by Anonymous Coward · · Score: 3, Insightful

      Why so snarky? I don't know who either of you are, but there are many ways to contribute to open-source computing. For instance, on the development, legal or political fronts. The GP's comment is wishful thinking, but that doesn't warrant getting your hate on.

  3. Re:Not bad but.. by ByOhTek · · Score: 2, Insightful

    So unless you are fixing their pc, it will hard to make an excuse as to why you are opening up their machine when they wanted some anti-virus installed

    You haven't dealt with the average end user much have you? Probably less than 1% would be worried/suspicious. Of those that said anything, the answer "Oh, the antivirus has a special piece of hardware that it uses to prevent it from being disabled by viruses..." would suffice.

    --
    Self proclaimed typo king, and inventor of the bear destroying coffee table (patent not pending).
  4. how do you hide it from QA? by alen · · Score: 4, Insightful

    everyone knows it's easy to slip backdoors into hardware, but hiding it is the hard part. every fabless chip maker does spot checks of their products and will find these backdoors. at the very least they will find that the shipping products aren't like the ones they designed with extra circuits.

    anyone with data that's worth keeping secret will have it behind firewalls and all kinds of security appliances that will start flashing alerts if there is traffic to a high risk geographic area

    1. Re:how do you hide it from QA? by Anonymous Coward · · Score: 1, Insightful

      Not to mention that it only has to be found in use once, and traffic is traffic. Something funny leaving the network gets a lot of attention in certain places - particularly the ones worth installing a hardware backdoor for.

    2. Re:how do you hide it from QA? by Samantha+Wright · · Score: 2, Insightful

      You don't: you own the whole chain. There are plenty of companies that are now wholly Chinese—consider, for example, that the NASA crew on the ISS uses Lenovo T61p Thinkpad laptops for all of their personal computing needs. There's no QA going on there that Lenovo can't control or manipulate if the Chinese government covertly asks them to. The chips involved in making the system never get shipped across the ocean prior to final assembly.

      Furthermore, who says you can't slip the modified chip in at the last stage? A backdoor that's only shipped to your target is less likely to be found than one you ship to every customer in the US.

      --
      Bio questions? Ask me to start a Q&A journal. Computer analogies available for most topics!
  5. Re:Not bad but.. by spottedkangaroo · · Score: 1, Insightful

    "sandboxie"

    Please don't do this. You'll regret it if you make it popular.

    --
    Imagine if you weren't allowed to use roads because a bus company complained about your driving 3 times. --skunkpussy
  6. Re:NSA Fabrication Plant... by mrsteveman1 · · Score: 4, Insightful

    By which I mean the summary is in error.

    That's what they want you to think.

  7. Re:Not bad but.. by Iron+Condor · · Score: 2, Insightful

    ... but I think this is why this is a non-story. ANYBODY with access to your hardware owns you. That's always been a given. If I can touch your bare silicon and metal, then I can put all kinds of things in all kinds of places for all kinds of reasons. Big fat Duh.

    Maybe this is news to the public, but I'm not sure it is "news for nerds".

    --
    We're all born with nothing.
    If you die in debt, you're ahead.