an example of high-profile chip-level backdoor

Coinoisseur

sr. member

Activity: 336

Merit: 250

Yep, with heck Wake on Lan implementation means there could easily be an exploit present to get low level access to anything attached to the motherboard. This is one occasion where there is probably a bit of safety in using an obscure or low volume product, as I doubt even intelligence agencies want to spend a ton of money backdooring low volume run chips.

Quote from: P4man on June 08, 2012, 03:44:27 AM

This is a storm in a glass of water.

If you are worried about hardware backdoors, just imagine if your PC or laptop had a real hardware backdoor that would allow an attacker to connect remotely over LAN, Wifi or 3G to access your harddrive, your RAM, your display, your keyboard, your microphone, your camera. It would render any and all of your attempts to protect your privacy null and void, including any encryption. Something immune to software protection or detection, completely OS independent, in fact, even independent of the main cpu and therefore impossible to detect. Something that works out of band, even when your PC is powered off. Something that you cant disable, even if you think you can, because it can remotely be enabled again. All it would take is someone having the key to this backdoor

Sounds far fetched? Yet if you have an intel laptop or PC with AMT/vpro; thats precisely what you got.

http://en.wikipedia.org/wiki/Intel_Active_Management_Technology

And it would be a stretch to believe some 3 letter agencies wouldnt have the keys.

conspirosphere.tk

legendary

Activity: 2352

Merit: 1064

Bitcoin is antisemitic

So for the moment who is using AMD puters is supposed to be safe from this mother-of-all-rootkits?

Otherwise I would suggest to put together some BTC to pay a prize to whoever comes out with a way to kill this orwellian device.

niko

hero member

Activity: 756

Merit: 501

There is more to Bitcoin than bitcoins.

Quote from: RodeoX on July 25, 2012, 10:13:53 AM

I'm not saying it's great. But yes, I think that is the attitude. If suddenly we had a chance to get at some high value information by using a back door on a chip, the CIA would do it in a heart beat. There would be no time to research it in an emergency. That's why the CIA hires p0eople to know about these things in advance.
Could that knowledge be abused by some "bad" government in the future. Sure it could. Undecided

[/quote]

I highlighted the important part. The value for whom? From what I see, US citizens are not reaping benefits at all - the agencies represent interests of large capital - often international. We can keep naively justifying it in one way or another, or we can grow cynical, but that's not going to lead us to a better - or even good - world.

Anyhow, seems like we agree that yes, there are hardware backdoors, and yes, we should be aware of it. The reason for OP was that I felt many are not aware of the problem.

RodeoX

legendary

Activity: 3066

Merit: 1147

The revolution will be monetized!

Quote from: DeathAndTaxes on July 25, 2012, 08:00:57 AM

Quote from: RodeoX on June 08, 2012, 01:06:36 PM

Right. Their job is to have access to any and all information. Not to use it, but to be able to get it when/if needed.

This has to be sarcasm right? Please tell me you honestly don't believe that.

From ...

Quote

We hold these truths to be self-evident, that all men are created equal, that they are endowed by their Creator with certain unalienable Rights, that among these are Life, Liberty and the pursuit of Happiness.--That to secure these rights, Governments are instituted among Men, deriving their just powers from the consent of the governed

To

Quote

Their (agents of the state) job is to have access to any and all information. Not to use it, but to be able to get it when/if needed.

I'm not saying it's great. But yes, I think that is the attitude. If suddenly we had a chance to get at some high value information by using a back door on a chip, the CIA would do it in a heart beat. There would be no time to research it in an emergency. That's why the CIA hires people to know about these things in advance.
Could that knowledge be abused by some "bad" government in the future. Sure it could. Undecided

rjk

sr. member

Activity: 448

Merit: 250

1ngldh

Quote from: DeathAndTaxes on July 25, 2012, 08:00:57 AM

Quote from: RodeoX on June 08, 2012, 01:06:36 PM

Right. Their job is to have access to any and all information. Not to use it, but to be able to get it when/if needed.

This has to be sarcasm right? Please tell me you honestly don't believe that.

From ...

Quote

We hold these truths to be self-evident, that all men are created equal, that they are endowed by their Creator with certain unalienable Rights, that among these are Life, Liberty and the pursuit of Happiness.--That to secure these rights, Governments are instituted among Men, deriving their just powers from the consent of the governed

To

Quote

Their (agents of the state) job is to have access to any and all information. Not to use it, but to be able to get it when/if needed.

I hate to make it sound like my tinfoil hat is screwed on too tight, but that seems to be the thing that is happening more and more lately. Knowledge at all costs without regards to some old piece of paper (The Constitution).

DeathAndTaxes

donator

Activity: 1218

Merit: 1079

Gerald Davis

Quote from: RodeoX on June 08, 2012, 01:06:36 PM

Right. Their job is to have access to any and all information. Not to use it, but to be able to get it when/if needed.

This has to be sarcasm right? Please tell me you honestly don't believe that.

From ...

Quote

We hold these truths to be self-evident, that all men are created equal, that they are endowed by their Creator with certain unalienable Rights, that among these are Life, Liberty and the pursuit of Happiness.--That to secure these rights, Governments are instituted among Men, deriving their just powers from the consent of the governed

To

Quote

Their (agents of the state) job is to have access to any and all information. Not to use it, but to be able to get it when/if needed.

check_status

full member

Activity: 196

Merit: 100

Web Dev, Db Admin, Computer Technician

Quote from: rjk on June 08, 2012, 01:49:28 PM

Quote from: P4man on June 08, 2012, 01:38:54 PM

Quote from: rjk on June 08, 2012, 01:33:19 PM

Option ROMs are why INT19 traps are disabled by default in most BIOSes. Wonder if the next hardware spying system will be a cheap RAID card with its own BIOS.

Why? its already integrated in the northbridge, has its own embedded cpu, but uses the same bios chip as the rest of the system. See the last PDF I linked above.

Right but for remote activation you would need to use the built in ethernet port, I would think, and if there is a separate NIC installed you would have to attack from a different angle. So the attack could instead originate from an expansion card.

EFI BIOS has it's own network stack and it's operation is undetected by the system. The EFI BIOS can reflash itself without the owners knowledge. It's for this reason the LinuxBIOS Project was created, now Coreboot.

FOSDEM 2007 LinuxBios:
http://www.youtube.com/watch?v=tjS985UQjHg

lame.duck

legendary

Activity: 1270

Merit: 1000

Quote from: nimnul on June 08, 2012, 01:08:21 PM

Existence of such backdoors could have been revealed long ago. Many countries import US hardware and use them in critical applications, so their security agencies should have been fired for not finding the backdoors if they existed.

Those agencies should also have been fired if they would tell it.

cypherdoc

legendary

Activity: 1764

Merit: 1002

one laughable example of US outsourcing to Asian countries.

RodeoX

legendary

Activity: 3066

Merit: 1147

The revolution will be monetized!

@niko Thanks for posting this. I think you make some excellent points. I don't know much about these HW back-doors. Even though I try for best practices in security I never feel like it's impossible to be pwned.
I wonder about some of the new tiny form factor computers, are there any chipsets free of backdoors?

niko

hero member

Activity: 756

Merit: 501

There is more to Bitcoin than bitcoins.

Quote from: Bitco on June 08, 2012, 05:20:02 PM

This has nothing to do with bitcoin mining.

This was a FPGA which had a security feature where you could program the chip and then lock out further changes. Well, the manufacturer left themselves a back door where they could unlock the chip, and this was discovered.

All bitcoin miners use unlocked chips where you can load your own software, so this is completely irrelevant to bitcoin mining.

My first thoughts after reading the article were not pointed at present-day Bitcoin miners, but at Bitcoin users in general. Bitcoin enables decentralized, peer-to-peer monetary transactions, and therefore also shifts the responsibility for secure storage and handling of coins to the peers themselves. The past year is full of sad examples of just how unprepared the public is.

Vast majority of discussions pertaining to secure storage and handling of Bitcoins is focused on software (Windows vs. Linux, malware, bots, cracking of passwords, hacking of exchanges, VPS), and the issue of hardwired backdoors has been largely neglected. Sure, few of you in this thread appear to be well versed in this topic, but you have to admit that an average, even advanced, user typically has no idea. This article could be a wake-up call to anyone planning to handle significant amounts of coins, or to develop Bitcoin gadgets (from handheld wallets to ATMs to authentication cards to, yes, miners).

Littleshop

legendary

Activity: 1386

Merit: 1003

Quote from: P4man on June 08, 2012, 12:46:04 PM

Quote from: nimnul on June 08, 2012, 12:42:00 PM

The argument "And it would be a stretch to believe some 3 letter agencies wouldnt have the keys." is an invalid FUD argument.

You honestly think the NSA or CIA wouldnt have asked intel to get access to say, laptop of Al Qaeda suspects or that intel would have said "No" ?
I do think thats a stretch.

BTW, even if intel said no, some hackers managed to crack older versions of VPro.
http://news.softpedia.com/news/Intel-vPro-Hacked-101286.shtml

A good read here:
http://invisiblethingslab.com/resources/bh09usa/Ring%20-3%20Rootkits.pdf

The power of Vpro to infect a computer remotely is amazing if it was compromised. Heck, you can even turn Vpro on remotely even when it is turned off! That is the most troubling part of all with vpro. The only solution to stop vpro is to use a separate nic card from the built in one.

Quote from: Bitco on June 08, 2012, 05:20:02 PM

This has nothing to do with bitcoin mining.

This was a FPGA which had a security feature where you could program the chip and then lock out further changes. Well, the manufacturer left themselves a back door where they could unlock the chip, and this was discovered.

All bitcoin miners use unlocked chips where you can load your own software, so this is completely irrelevant to bitcoin mining.

Not only that, but it assumes a level of access to the pretty much says that the hardware/software talking to the chip needs to be pwned as well. The backdoor is not a non issue, but not at all the kind of problem the original article headline makes it seem.

Bitco

sr. member

Activity: 746

Merit: 253

This has nothing to do with bitcoin mining.

This was a FPGA which had a security feature where you could program the chip and then lock out further changes. Well, the manufacturer left themselves a back door where they could unlock the chip, and this was discovered.

All bitcoin miners use unlocked chips where you can load your own software, so this is completely irrelevant to bitcoin mining.

rjk

sr. member

Activity: 448

Merit: 250

1ngldh

Quote from: P4man on June 08, 2012, 01:38:54 PM

Quote from: rjk on June 08, 2012, 01:33:19 PM

Option ROMs are why INT19 traps are disabled by default in most BIOSes. Wonder if the next hardware spying system will be a cheap RAID card with its own BIOS.

Why? its already integrated in the northbridge, has its own embedded cpu, but uses the same bios chip as the rest of the system. See the last PDF I linked above.

Right but for remote activation you would need to use the built in ethernet port, I would think, and if there is a separate NIC installed you would have to attack from a different angle. So the attack could instead originate from an expansion card.

P4man

hero member

Activity: 518

Merit: 500

Quote from: rjk on June 08, 2012, 01:33:19 PM

Option ROMs are why INT19 traps are disabled by default in most BIOSes. Wonder if the next hardware spying system will be a cheap RAID card with its own BIOS.

Why? its already integrated in the northbridge, has its own embedded cpu, but uses the same bios chip as the rest of the system. See the last PDF I linked above.

rjk

sr. member

Activity: 448

Merit: 250

1ngldh

Option ROMs are why INT19 traps are disabled by default in most BIOSes. Wonder if the next hardware spying system will be a cheap RAID card with its own BIOS.

nimnul

sr. member

Activity: 252

Merit: 250

Malware can be embedded basically anywhere. AMT just offers yet another way. Relevant technologies (SMM and to some extent option ROMs - google "PCI Rootkits") were there since 80s.

And general fear of backdoors embedded in hardware go back into cold war era. Russia, for example, still uses its own outdated 180nm technology for military chips out of this fear.

Existence of such backdoors could have been revealed long ago. Many countries import US hardware and use them in critical applications, so their security agencies should have been fired for not finding the backdoors if they existed.

RodeoX

legendary

Activity: 3066

Merit: 1147

The revolution will be monetized!

Quote from: ?? on ??

Quote from: RodeoX on June 08, 2012, 12:52:12 PM

Quote from: P4man on June 08, 2012, 12:46:04 PM

Quote from: nimnul on June 08, 2012, 12:42:00 PM

The argument "And it would be a stretch to believe some 3 letter agencies wouldnt have the keys." is an invalid FUD argument.

You honestly think the NSA or CIA wouldnt have asked intel to get access to say, laptop of Al Qaeda suspects or that intel would have said "No" ?
I do think thats a stretch.

BTW, even if intel said no, some hackers managed to crack older versions of VPro.
http://news.softpedia.com/news/Intel-vPro-Hacked-101286.shtml

Agreed. Not a stretch at all. In fact it would surprise me if they did not have keys.

if they did not have the keys they should be shot for incompetence... the us govt pays for most of that work anyway.

Right. Their job is to have access to any and all information. Not to use it, but to be able to get it when/if needed.

RodeoX

legendary

Activity: 3066

Merit: 1147

The revolution will be monetized!

Quote from: P4man on June 08, 2012, 12:46:04 PM

Quote from: nimnul on June 08, 2012, 12:42:00 PM

The argument "And it would be a stretch to believe some 3 letter agencies wouldnt have the keys." is an invalid FUD argument.

You honestly think the NSA or CIA wouldnt have asked intel to get access to say, laptop of Al Qaeda suspects or that intel would have said "No" ?
I do think thats a stretch.

BTW, even if intel said no, some hackers managed to crack older versions of VPro.
http://news.softpedia.com/news/Intel-vPro-Hacked-101286.shtml

Agreed. Not a stretch at all. In fact it would surprise me if they did not have keys.

P4man

hero member

Activity: 518

Merit: 500

Quote from: nimnul on June 08, 2012, 12:42:00 PM

The argument "And it would be a stretch to believe some 3 letter agencies wouldnt have the keys." is an invalid FUD argument.

You honestly think the NSA or CIA wouldnt have asked intel to get access to say, laptop of Al Qaeda suspects or that intel would have said "No" ?
I do think thats a stretch.

BTW, even if intel said no, some hackers managed to crack older versions of VPro.
http://news.softpedia.com/news/Intel-vPro-Hacked-101286.shtml

A good read here:
http://invisiblethingslab.com/resources/bh09usa/Ring%20-3%20Rootkits.pdf

Topic: an example of high-profile chip-level backdoor (Read 3728 times)