NSA all up in your HDD firmware

Trojan

According to Kaspersky, the spies made a technological breakthrough by figuring out how to lodge malicious software in the obscure code called firmware

http://uk.businessinsider.com/r-russian-researchers-expose-breakthrough-us-spying-program-2015-2

A couple of years back you'd be seen as paranoid if you did not trust basic hardware. At this point it's crazy to assume anything but that every piece of hardware is compromised and build your systems based on that assumption.

I think that the only way forward is non-US devices along with a massive increase in open source (hopefully supported by non-US governments), or accept the NSA looking over your shoulder at literally everything.

orchidsrpretty

That's a really scary article, when is the rest of the world gonna stand up against the US.. I'm sure the use of spies within these tech companies (Seagate, IBM, WD, Google, Microsoft, Apple etc) would be astonishing to know, or else buying trade secrets from disgruntled employees etc.. (To get the HDD firmware and other secrets).

I'm sure the stealing of code, data and other information & ideas (via snooping on machines & other techniques) is a very, very, very lucrative business. Selling secrets to rival companies etc to fund their covert operations with (Black Budgets). Stealing ideas and then patenting/copyrighting/trademarking them with spurious figureheads who work for the NSA and the likes, and then make a movie about it to make more money from it.. i.e. Mark Zuckerberg & Facebook (bit OTT with the CT there but you get my drift..)

The Americans know how to leech the wealth from the rest of the world without anyone ever knowing..

Funny how the US is now one of biggest oil exporters after lifting a 40-year ban on exports just around the time other countries are trying to boycott Russian oil and gas over Ukraine..

It's nearly better to be a zombie and walk the straight and narrow, to not have to worry about these things..

Khannie

Was wondering who'd start the thread.

Quite frightening. I haven't looked, but do HDD manufacturers release firmwares that you can flash yourself if you believe you may have been compromised?

Mr. G

Khannie wrote: »

Quite frightening. I haven't looked, but do HDD manufacturers release firmwares that you can flash yourself if you believe you may have been compromised?

I don't know. Possibly, but not without wiping the hard drive.

With all these projects the NSA could find anything they wanted if they wanted to. I'm sure there are A LOT more projects we don't know about out there.

obsidianclock

Very worrying news!

Did you guys read about the proprietary spyware built into some Samsung mobile modems?

I use Orbot to communicate with the tor network on my Samsung phone but if it works in the way I think it does, the point is moot!

obsidianclock

So we have the problem - what is the solution? Will I have to use my Raspberry Pi from now until the end of time to be safe?

denisss

Trojan wrote: »

A couple of years back you'd be seen as paranoid if you did not trust basic hardware.

it was known couple of years ago, and i wouldn't call it basic as you can run linux on your hard drive controller:

spritesmods.com/?art=hddhack

Khannie wrote: »

I haven't looked, but do HDD manufacturers release firmwares that you can flash yourself if you believe you may have been compromised?

But would you trust HDD manufacturers and the way this firmware is delivered to you?

obsidianclock

What about routers? Can we install something like Tomato firmware onto them to make backdoors less likely?

obsidianclock

bedlam wrote: »

NSA's got your back there, they'll happily update your routers for you



It'll depend on the home router you have and who it was supplied by as to whether you can flash custom firmware.

Ooh dear, maybe a second hand one on eBay?

Stuxnet

Its gone beyond a joke, I think we just have to accept the NSA has effin PWN'd the entire planet, and there's nowt we can do about it, our cpu's no doubt contain dodgy implanted instruction sets. So free and open OS's arent even as effective as we might think, defiantly not now anymore if this is true.

Manach

However given the amount of h/w being sourced from China, then the People's Liberation army's Intel section will not be too far behind the NSA.

PrzemoF

Think about all pieces in your software/hardware chain that are not open-sourced. BIOS[1], binary blobs, microcode in wifi cards, RIL/baseband in android phones and so on. When you remove them all and you feel safer then read this: http://www.ece.cmu.edu/~ganger/712.fall02/papers/p761-thompson.pdf (it has been discussed on boards.ie before, so it just a reminder)

[1] RMS uses a laptop with open source BIOS...

dbit

USB = universal security breech , Bloody ecig chargers now have payloads in them for christ sake , rubber ducky on demand ! (Hak 5 do a good write up on rubber ducky) and the funny thing is MS and other OS vendors still do not see fit to block HID's - in that a USB device can be plugged in and execute thousands of lines of code in a few seconds - HID protection is very poor and no one thinks this avenue of attack is that serious not even the vendors >>> ? go figure >?

What person on earth can execute thousands of lines of code in just a few seconds ? Chuck Norris maybe ?

CPu die's , magnetic readers , RFID's everything is just plain broke.

dbit

obsidianclock wrote: »

What about routers? Can we install something like Tomato firmware onto them to make backdoors less likely?

Flashing the firmware great idea but then the cpu instruction sets how do we assure the integrity of those ?? rip it out and opt for a Chinese purchased one ? hand over to the dark side at least ?

obsidianclock

dbit wrote: »

Flashing the firmware great idea but then the cpu instruction sets how do we assure the integrity of those ?? rip it out and opt for a Chinese purchased one ? hand over to the dark side at least ?

I suppose the Chinese can be trusted not to hand over any information thus gleaned to the NSA. Just make sure you don't support freeing Tibet or they might out of spite!

Out of interest would it make any difference if your traffic was encrypted... let's say your accessing tor hidden service, wouldn't the traffic be encrypted by the time it got to your router...?

dbit

obsidianclock wrote: »

I suppose the Chinese can be trusted not to hand over any information thus gleaned to the NSA. Just make sure you don't support freeing Tibet or they might out of spite!

Out of interest would it make any difference if your traffic was encrypted... let's say your accessing tor hidden service, wouldn't the traffic be encrypted by the time it got to your router...?

Would it not be hard to read the de-crypted traffic once it has arrived on platform ????

obsidianclock

dbit wrote: »

Would it not be hard to read the de-crypted traffic once it has arrived on platform ????

We're screwed..! Unless you used public Wifi maybe?

dbit

See this little one here lenovo's are now at it :-
http://countermeasures.trendmicro.eu/superfish-and-chips-or-super-phish/#.VOXC-lXP3us.twitter

obsidianclock

It seems we're clear now about the scope of the problem - short of going to live in a cave though, what are the solutions?

As far as I can see if routers cannot be trusted, then perhaps we should rely on using a mobile phone with open source firmware like Replicant on it (see the link I posted above for more details). That way you can connect over 3G. Not ideal as even the purchase of a SIM card for cash can be traced back to you potentially and it'll make it quite easy to trace your phone but there it is.

When accessing hidden tor services I personally use TAILS and connect a mobile phone over 3G (although it runs Cynaogen Mod rather than Replicant). I also buy SIM cards in bulk over eBay which while less than ideal reduces the possibility of hardware snooping - still how can you know your laptop is safe??

Edit : Seems this won't work either - http://www.bbc.com/news/technology-31545050