Has anybody read the recent article : http://www.itworld.com/security/9539...uter-equipment

What do we really know about this? And what can be done to protect ourselves?

Erm, he has taken two reported incidents (Google leaving China and the "broken" USB keys) and from extrapolated the idea that China has hacked the universe. Better question is "how would this work for users runnning either Windows OR Mac OR Linux?" How would these cameras report home? How would any of it report home for that matter? Governments may be inept at any number of things, but their machines generally sit behind a software or hardware firewall.

1 members found this post helpful.

Linux is Open Source, so everyone is free to browse thru the source an search for backdoors.

I am less sure about Windows. Although Microsoft is more mighty than the government, how can we be sure that the CIA has not required the installation of a back door, especially in Arabic versions of Windows?

And how can we be sure that Microsoft did not install a secret time bomb or a back door which allows a terrorist to enter all Windows installation and disable the functioning?

Same goes for Cisco. One worm getting thru this backdoor and Internet will be extremely silent. Take into account that the Cisco OS has many common component as to keep operation and software maintenance as efficient as possible?

jlinkels

2 members found this post helpful.

The truth is out there.

0 members found this post helpful.

No, I haven't. About everything "published" there is questionable and most of their "authors" lack the braincells to Create Fire using a Flint anyway (trying hard to remain polite here). If that "article" leaves you wanting more information see for instance Foreign Affairs November '09 issue Securing the Information Highway.


Sure your remarks may be modded "funny" elsewhere but in the Linux Security forum please avoid making such drive-by one-liner posts. They don't add anything constructive to the discussion.

1 members found this post helpful.

Opensource backdoors are quite a rare thing and I'm happy it is that way by now. Because, if someone adds a backdoor into opensource product he risks with reputation of entire opensource, when that is discovered. Those incidents, I guess, strike harder, rather than same situations with proprietary software which is distributed in the way "you can never be sure".
Thanks to everyone of those who is not abusing opensource for that.
Of course, there are exceptions. Some made by skiddies, somehow got into opensource development(maybe gained access into SCM or releases while cracked into system), some made by evilcrackers, were actually masking themselves as developers for some amount of time. You'll never know.
Browsing entire sources of some big thingy is quite a long process, say, for linux kernel it might take months of you. But I respect those who waste their time for inspecting parts of source code for different projects, they're heroes, not much lesser than ones who create that source Maybe, a greater heroes even, when they report security-related bugs they found.

1 members found this post helpful.

My impression is that the concern here is the hardware. In that sense, whether you run proprietary or free software isn't directly relevant AFAICT. I remember reading an article by Joanna Rutkowska a while back, in which she talks about this vulnerability and what could be done to mitigate it. As she points out though, even when you get to the point where you're able to use an IOMMU to limit the damage which individual hardware components can do, you're pretty much still blindly trusting the CPU manufacturers, as it's "trivial for [them] to build in an effective backdoor".

2 members found this post helpful.

The article from itworld talked about backdoors in firmware. As I stated earlier, I'm not a programmer, but I'm pretty sure that software is just a layer of controls/interpretation (the OS) on top of firmware (chips (eproms/programmable logic) on MB) to get hardware (HD, CD, Audio, Video) to do something.

If the function exists in firmware, wouldn't that allow access to hardware even though the OS is unaware of the function?

win32sux...that is a scary article by Joanna, and I think she's spot-on! I had 3 firewalls repeatedly trashed every night till I gave up a few months ago. Now I think I know how they did it. I need to learn more about what she's talking about.

I agree, instead of blaming everything on the USSR, or Canada, they now blame everything on China, not that China does not also fuel this by allowing stupid s*** to occur.

I don't like the linked article at all, it makes very little sense to me, just like you mention. What is this about firmware being infected with viruses, what would it do ? The most it could do is prevent the drive from functioning properly, which would decrease their sales. As for USB sticks, I'm sure they would only affect Window$ because of the friendly auto-run on plug-in feature. On Linux you can wipe the drive without ever mounting it if you want to. But, you could probably also mount it and run the virus through wine and nothing would happen ... not that you should do that, of course.

And indeed, the most pertinent question of all: Why ? Why would they sell you something with a virus on it ? On purpose ? So that you never buy from China again ?

I'll tell you why, because it's propaganda, and I bet they are building up towards Cold War 2 or WW III.

0 members found this post helpful.

H_texmex_H: Some of your links are quite interesting but, you totally miss the point of the original article. It's not a virus in firmware. It's a backdoor access built-in. It doesn't care about your politics. Although the article leans towards China as the culprit, those who read a lot, know the USA and other governments use these backdoors for discreet monitoring. It's not warfare or wwIII, or cyberwar, it's spying.

I would prefer a way to stop it, but after my exercise in futility, I see that ain't going to happen easily.

Please explain what "backdoor access built-in" means, because I read the article and it fails to what it might mean. Sure I know it's supposed to be something that allows full access to the system, like the NSA has for Window$, but they still don't mention how they accomplish this using a USB stick.

I suspect it is some type of rootkit ... in which case you could probably detect in using rkhunter and chkrootkit, and you wouldn't be able to get it on Linux unless you run it as root.

afaik, it's undocumented commands, buried into the logic of the hardware including the cpu. These aren't rootkits, they are instructions builtin when the device was made, on purpose to satisfy the laws of various governments and/or corporations who placed the purchase order. This can allow those who know the command, full access to that piece of hardware. I'm not an expert on this topic and was hoping my post could draw out some good useful info. Such as, MS for years used the cpu serial# to check piracy, don't know if they still do. The NIC uses a mac for id. but some units can report cpu serial #'s, a friend at Stanford showed me that 20 years ago. You can spoof the mac, but can't spoof the serial. You can read/write the HD, via these controls so I guess that since a USB is also a programmed device you could access it too if it has a backdoor. The Invisible things article mentions the use of VT-d to basicly scramble the hardware address of where these instructions reside, effectively making it impossible to remote access via these backdoors... all except the ones buried in the cpu and the NIC. Reading the article tells me that the backdoors may not be entirely just a single word but a command to use the contents of a specific memory address. That location containing an instruction possibly to answer back with "hello world" or read contents of file "x".

I still don't get it. You're saying someone can access your USB drive if it has a "backdoor" ? That makes no sense.

I was thinking more like malware on the USB drive installs a rootkit and then this opens a backdoor that will allow access to the whole system.

I know there exist hardware-based rootkits, like the one mentioned here:
http://www.linuxquestions.org/questi...xploit-712903/
but I don't think this applies here.

Since nobody reads Foreign Affairs the article is about chip-level hardware design deficiencies and malicious tampering. The risks related to this are electronic infiltration, data theft, hardware sabotage. The problem is that with the amount of transistors on a single IC it is not possible to independently check each transistor for anomalies like embedded trojan horses or "kill switches". ICs are checked for spec deviations but one can't test what one doesn't know about. Attack-wise, and in contrast with SW 0-days where one would want to exploit as many systems as fast as one could, a turned chip could remain dormant for years without giving away it's secondary purpose. According to the article part of the problem is also that ICs, even for security-related or military purposes, are made in insecure factories. Also in 2008 counterfeit HW (3600 Cisco network devices) was detected by the FBI inside defense and power systems and it estimates that about five percent of all commercially available chips are not genuine. The article suggest that risk management as in completely removing threats is neither cost-effective or technically feasible: securing the HW supply chain (embedded authentication codes, anti-tamper safeguards) and moving towards a less rigid, less homogeneous IT infrastructure ("diversity fortifies defenses") could help.