Puppy Linux Discussion Forum Forum Index Puppy Linux Discussion Forum
Puppy HOME page : puppylinux.com
"THE" alternative forum : puppylinux.info
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

The time now is Thu 13 Dec 2018, 10:21
All times are UTC - 4
 Forum index » Off-Topic Area » Security
insidious, microscopic hardware backdoor (proof of concept)
Post new topic   Reply to topic View previous topic :: View next topic
Page 1 of 1 [7 Posts]  
Author Message
labbe5

Joined: 13 Nov 2013
Posts: 1535
Location: Canada

PostPosted: Sat 27 Oct 2018, 16:33    Post subject:  insidious, microscopic hardware backdoor (proof of concept)  

https://dwaves.org/2018/06/18/how-to-install-flash-libreboot-coreboot-on-lenovo-x60s-tutorial-from-2018/

In a study that won the “best paper” award at last week’s IEEE Symposium on Privacy and Security, they detailed the creation of an insidious, microscopic hardware backdoor proof-of-concept. And they showed that by running a series of seemingly innocuous commands on their minutely sabotaged processor, a hacker could reliably trigger a feature of the chip that gives them full access to the operating system. Most disturbingly, they write, that microscopic hardware backdoor wouldn’t be caught by practically any modern method of hardware security analysis, and could be planted by a single employee of a chip factory.

“Detecting this with current techniques would be very, very challenging if not impossible,” says Todd Austin, one of the computer science professors at the University of Michigan who led the research. “It’s a needle in a mountain-sized haystack.” Or as Google engineer Yonatan Zunger wrote after reading the paper: “This is the most demonically clever computer security attack I’ve seen in years.”

Hacking out of control.

Further reading :
How China Used a Tiny Chip to Infiltrate U.S. Companies
https://www.bloomberg.com/news/features/2018-10-04/the-big-hack-how-china-used-a-tiny-chip-to-infiltrate-america-s-top-companies

Last edited by labbe5 on Yesterday, at 14:45; edited 1 time in total
Back to top
View user's profile Send private message 
musher0

Joined: 04 Jan 2009
Posts: 13160
Location: Gatineau (Qc), Canada

PostPosted: Sat 27 Oct 2018, 17:29    Post subject:  

Hi gang.

Another one? Why not? Let's look at the bright side:
so many security holes have been discovered in the chip of our PC that
we'll now be able to rinse spaghetti with it! Twisted Evil

BFN.

_________________
musher0
~~~~~~~~~~
Je suis né pour aimer et non pas pour haïr. (Sophocle) /
I was born to love and not to hate. (Sophocles)
Back to top
View user's profile Send private message 
Flash
Official Dog Handler


Joined: 04 May 2005
Posts: 13109
Location: Arizona USA

PostPosted: Sat 27 Oct 2018, 17:37    Post subject:  

When used this way, it's not called hacking, it's called cracking.
Back to top
View user's profile Send private message 
8Geee


Joined: 12 May 2008
Posts: 1751
Location: N.E. USA

PostPosted: Sun 28 Oct 2018, 17:52    Post subject:  

I've been very wary of these $4-$5 32Gb Micro-SDHC chips. In fact I disconnect from the internet while using them. These also come with an adaptor. The chip most likely has a super/hyper visor within.

I would also treat the newer mini-cameras and mini-mp3's the same ($1.50 mp3 player and $5-$10 cameras... some of these are quite good functionally). Both of these cheap devices have the ability to act aas a USB drive. Again D/C from internet when using/charging.

Regards
8Geee

_________________
Linux user #498913

Some people need to reimagine their thinking.
Back to top
View user's profile Send private message 
Burn_IT


Joined: 12 Aug 2006
Posts: 3322
Location: Tamworth UK

PostPosted: Mon 29 Oct 2018, 07:48    Post subject:  

Quote:
their minutely sabotaged processor
If you could minutely change pretty much any basic piece of equipment, you can create havoc. Computing is so complex and huge(behind the scenes) that I am rather surprised there aren't far more "bugs" found than there are.
_________________
"Just think of it as leaving early to avoid the rush" - T Pratchett
Back to top
View user's profile Send private message 
belham2

Joined: 15 Aug 2016
Posts: 1628

PostPosted: Mon 29 Oct 2018, 12:24    Post subject:  

8Geee wrote:
I've been very wary of these $4-$5 32Gb Micro-SDHC chips. In fact I disconnect from the internet while using them. These also come with an adaptor. The chip most likely has a super/hyper visor within.

I would also treat the newer mini-cameras and mini-mp3's the same ($1.50 mp3 player and $5-$10 cameras... some of these are quite good functionally). Both of these cheap devices have the ability to act aas a USB drive. Again D/C from internet when using/charging.

Regards
8Geee


Hi 8Geee,

Can I ask: "wary" how?

What I mean is, given what I know of you from interacting over the years here on Murga, and both us sort of being on the upper end of cautious (like severely modifying/ hardening our browsers, firewalls, systems, etc, etc)....I'd imagine that every storage device you might buy that they get hit with a dd /dev/zero and 3-4 dd /dev/random on a dedicated offline machine before you ever touch/use them. I've got an old AMD machine just for that.....a basic OS without any desktop/programs/etc installed and it boots in ram fully to a terminal. Then the only thing that is done (after mounting my just-bought device) is hit dd zero and dd random a few times, and the old machine spends its good ole time smacking the device with zero & random writes. At least that is what I do.

Or are you saying that the SD and USB stuff we are buying nowadays is coming with hard-coded memory cells that are impervious to however many dd runs we take at it? I know with SSDs I have to take a different approach (dd doesn't do much or rather is not applicable on an SSD), but SD cards & USBs are a different story.

Anyhow, if dd is no longer effective against ANY SD card and/or USB stick (there's really only a handful of factories worldwide that produce everything we see in this SD card/USB world---the hundreds of brands just proliferate off of these), then personally I've got a whole new level of worry to, well, worry even more about. I use SD cards and USB sticks copiously....way more than hard drives of any type. Confused
Back to top
View user's profile Send private message 
8Geee


Joined: 12 May 2008
Posts: 1751
Location: N.E. USA

PostPosted: Mon 29 Oct 2018, 15:55    Post subject:  

I don't go as far as DDing the device/chip.

The Chips are universally formatted as FAT32 (64Gb+ are usually exFAT, and proprietary), but there are some exFAT format (SDXC) as small as 8Gb. Since I don't have the ability to run exFAT devices/Chips, I won't go there. But China is dumping these microSDHC chips 32Gb and less.

I usually format the Chip before use as ext2, then make my partitions as ext3. When it comes to the cheap devices, one is very much forced to maintain FAT32. But an initial formatting of the inserted Chip to ext3, followed by a reformat to FAT32 using GParted doesn't hurt.

These chips, like USB drives, have at least a supervisor circuit. That could be a problem. But when using an alien format like ext3, the chances improve.

I like the cheap chips for $4... as opposed to a Chinese manufactured name brand at $30 in my local CVS, RiteAid, Walgreens, et al. MHO is that at any price its all M.I.C.

Regards
8Geee

_________________
Linux user #498913

Some people need to reimagine their thinking.
Back to top
View user's profile Send private message 
Display posts from previous:   Sort by:   
Page 1 of 1 [7 Posts]  
Post new topic   Reply to topic View previous topic :: View next topic
 Forum index » Off-Topic Area » Security
Jump to:  

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group
[ Time: 0.1044s ][ Queries: 11 (0.0414s) ][ GZIP on ]