Slashdot Mirror
Hiding Backdoors In Hardware
quartertime writes "Remember Reflections on Trusting Trust, the classic paper describing how to hide a nearly undetectable backdoor inside the C compiler? Here's an interesting piece about how to hide a nearly undetectable backdoor inside hardware. The post describes how to install a backdoor in the expansion ROM of a PCI card, which during the boot process patches the BIOS to patch grub to patch the kernel to give the controller remote root access. Because the backdoor is actually housed in the hardware, even if the victim reinstalls the operating system from a CD, they won't clear out the backdoor. I wonder whether China, with its dominant position in the computer hardware assembly business, has already used this technique for espionage. This perhaps explains why the NSA has its own chip fabrication plant."
A good example of this is Lojack for Laptops to see about having stuff in hardware be able to keep a program installed and hidden.
What, you can't sniff the traffic going in and out of your machine?
For justice, we must go to Don Corleone
Wikipedia, as linked in the summary: "Its secure government communications work has involved the NSA in numerous technology areas, including the design of specialized communications hardware and software, production of dedicated semiconductors (at the Ft. Meade chip fabrication plant), and advanced cryptography research. The agency contracts with the private sector in the fields of research and equipment."
Spectrum IEEE: "The DOD also maintained its own chip-making plant at Fort Meade, near Washington, D.C., until the early 1980s, when costs became prohibitive."
I'm betting this statement is now bullshit.
Bio questions? Ask me to start a Q&A journal. Computer analogies available for most topics!
You don't even have to go to this great of a length; if you want to root Linux machines, release a proprietary driver in the form of a binary Linux kernel module and watch as your customers blindly install it.
This is one reason why we should insist on the source code to all firmware - or reverse engineer write new firmware ourselves.
You haven't dealt with the average end user much have you? Probably less than 1% would be worried/suspicious. Of those that said anything, the answer "Oh, the antivirus has a special piece of hardware that it uses to prevent it from being disabled by viruses..." would suffice.
Self proclaimed typo king, and inventor of the bear destroying coffee table (patent not pending).
This could be what malware could do. Take some of the newer botnet clients that have modules for everything, be it trying to climb out of a VMWare machine, try to get around sandboxie, or other items. Malware could try to find items that are flashable, and reflash them with code for hooks to malware, or even worse an active keyboard logger. It was mentioned a while back in a previous /. article about a major computer maker with keyboard HIDs that were flashable with new code. So, if one got root on the box, it wouldn't be hard to reflash the keyboard with a keylogger that could store keystrokes, or just send them as packets to the blackhat's site.
Other than cellphone makers, a lot of devices really don't put much in the way of protecting their BIOS against rogue code, so it isn't farfetched to reflash a sound card, a NIC, a Northbridge/Southbridge controller, a video card, motherboard BIOS, or any other subsystem with malicious programming.
everyone knows it's easy to slip backdoors into hardware, but hiding it is the hard part. every fabless chip maker does spot checks of their products and will find these backdoors. at the very least they will find that the shipping products aren't like the ones they designed with extra circuits.
anyone with data that's worth keeping secret will have it behind firewalls and all kinds of security appliances that will start flashing alerts if there is traffic to a high risk geographic area
If the NSA broke in and stuck a small device into an empty PCI slot in your computer, would you notice?
Now here's a good reason to use an iPad or macbook.
XML is a known as a key material required to create SMD: Software of Mass Destruction
Your right, this is well known... but not by everybody. Every minute new babies are born... grow up and have the told everything that everyone already knows, because they don't.
So every second, new slashdotters come on and have to learn that yes, you have to be able to trust the hardware you use for security to mean anything. See, you ALREADY left a IMPORTANT part out. You say "you have to trust your hardware", this implies that you just have no choice but to trust it. In reality, you got to ask yourself, who designed the hardware I am relying on and can they and their suppliers/contractors be trusted. Answer: rarely. Reality is that most of us just ain't intresting enough to monitor at high levels.
This always amuses me with people at say Freenet. All of them seem so pampered in our western nations they can't conceive of how a true dictarorship can work. Encrypt? Who sold you that CPU that is doing the encryption? Darknet? When all the traffic flows through a government router. This is naive as saying that when you plug your lights straight into the grid, before the meter, the electricity company (the state) won't know about the 100 watt light streaming out of your windows...
Fact: there are those who would like to spy. Fact: A good method is to get the place you want to spy on to have a device inside, you control and can use to get data out. Fact: Those who wish to spy, make PC's that are brought into the places that they want to spy on and contain the data they wish to get.
If the Chinese AIN'T doing this, they are either afraid the west (and their own people) check all their hardware, ain't all that intrested because there are methods less likely to risk their trade or they are really stupid.
The Chinese ain't stupid and the west doesn't check all the time. Leaves that China doesn't want to risk trade by making their products suspect if just one nerd with a packet sniffer finds something.
It is worth keeping in mind however that the risk is there. Can the US afford to loose more and more of its chip production? We already saw what happens with rare earth materials. This stuff is all over the globe, the US got piles of it, Russia is drowning in it BUT it all seemed so easy to have ONLY the Chinese invest in mining it. Now the rest of the world needs years to get their own production up to scratch.
Say China starts a war (against Russia for resources) today... how long can the US afford to get its war production up to speed without Chinese/Taiwanese goods? Goods that might at the flick of a switch all contain spyware?
Gosh, maybe some generals should play Civ a bit more. See how things can change on a single turn.
MMO Quests are like orgasms:
You may solo them, I prefer them in a group.
Remember when the Pentium chip was first released and there was a flaw found in the processor? The flaw was most commonly demonstrated in something like the eleventh decimal place in a mathematical calculation which could be made inside an Excel spreadsheet. Intel released a firmware fix that compensated (obviously they were not about to recall, retool, and replace all of thsoe chips). That sort of hardware "flaw" exists in almost any hardware chip of sufficient complexity. I believe it is a mathematical nuance of binary logic gates; somewhat analogous to algorithms which purport to generate prime numbers or pythagorean triples--eventually the algorithm breaks down and it misses one, then it misses a few, then it begins missing a whole bunch, then eventually the algorithm is marginally useless and a new algorithm must be applied to reliably continue to find the (n+1)th prime number or pythagorean triple.
These hardware flaws exist in your routers, in your processors, in your sound cards, in your video cards, even in your monitors and the chips of your hard drives and, now that microchip technology is sufficiently advanced and complex, in darn near anything which does more than basic mathematical calculations presented on a mantissa.
No technology has ever been released to the mass public without first knowing its flaws--and there will be flaws. It is an unavoidable result of the mathematics behind binary logic. I believe that most programmers begin to come in contact with this premise when they are asked, in intermediate programming courses, to write code for multiplication and division, especially with floating point numbers, performed using binary registers.
If you think your internets are safe then think again. All your base belong to the people who wrote it.
the NPG electrode was replaced with carbon blac
Ok - time for a few corrections
1) First Intel (after initially responding poorly to the bug) fully recalled the product without question. If you had a processor in question, you could ask for and recieve a replacement. Please see http://en.wikipedia.org/wiki/Pentium_FDIV_bug
2) The flaw was caused by a bad division lookup table, not the mathematical nuance of binary logic gates. What I think you are trying to describe is the fact that floating point numbers are not percise, and you never compare them directly, only compare if they are within a small delta of each other.
I have mod points and I am not afraid to use them
Sandboxie is the name of a program for Windows that can create and run programs in sandboxes.
The "trusting trust" attack is a nasty attack, but there is a counter-measure. Diverse double-compiling can detect compiler executables subverted by the "trusting trust" attack. See my paper for more, if you're curious.
- David A. Wheeler (see my Secure Programming HOWTO)
there are also a very limited number of secured chip fabs in the US, plants in which security is so well controlled that they are licensed to produce sensitive silicon for the government. IBM's fab in North Burlington is known to be one of them. you used to find all sorts of custom logic with IBM on the top in things like ethernet cards and video chipsets and the like. no more. no capacity.
if this is supposed to be a new economy, how come they still want my old fashioned money?
I mentioned to people about 2 years ago that malware would start moving in that direction(i.e. flashing nvram, etc). People called me crazy. This will become the new reality once EFI becomes the norm.
Om, nomnomnom...
The magic words are "this will make it faster"
My blog. Good stuff (when I remember to update it). Read it.
... but I think this is why this is a non-story. ANYBODY with access to your hardware owns you. That's always been a given. If I can touch your bare silicon and metal, then I can put all kinds of things in all kinds of places for all kinds of reasons. Big fat Duh.
Maybe this is news to the public, but I'm not sure it is "news for nerds".
We're all born with nothing.
If you die in debt, you're ahead.
Yes. In the purest form of DDC, you would need to implement a compiler, an OS to host it, and possibly the hardware to run that OS, from scratch. The saving grace is that it doesn't have to be a very good compiler, or a very fun OS to use, or a very fast computer. As long as it generates correctly compiled code, you can use it to compile your good compiler.
Meanwhile, on your Dell running Red Hat, you compile your good compiler (we'll just say it's GCC) using your existing copy of GCC. Now you've got two second generation compilers. Their internal code should differ drastically, but their output should be identical.
Use each of them to compile GCC once again, and you should have two identical executable blobs.
In a less thorough version of the same exercise, you can just use two compilers that don't share a pedigree, and hence are unlikely to be infected with the same compiler-resident bug. Even in the strict form, however, you "only" have to generate a working compiler, not a highly optimized and highly optimizing compiler.
It's not like it could be a weekend project for me, but it also doesn't mean duplicating 20 years of development work. You still end up with GCC (or whatever), and you add the ability to trust your code at the price of developing a compiler.