+ Reply to Thread
Page 2 of 3 FirstFirst 1 2 3 LastLast
Results 21 to 40 of 46

Thread: Apparently China just can't resist embedding spyware (It's worse - lots worse. See Post #32)

  1. Link to Post #21
    Avalon Member Bob's Avatar
    Join Date
    23rd June 2013
    Location
    North America
    Age
    66
    Posts
    6,624
    Thanks
    11,965
    Thanked 27,638 times in 5,882 posts

    Default Re: Apparently China just can't resist embedding spyware (It's worse - lots worse. See Post #32)

    On Hack-a-day there was an article, that a device, a smart device such as a fax machine connected to one's in-home network, could be sent a PICTURE with embedded data code hidden within.. If you recall in olden days, Windows Media Player files, and PDF files even could have executables within.. (the fax described was a modern HP all-in-one fax machine, printer, scanner, etc..)

    One's smart TV, connected to the internet.. sent a message, or for that matter a certain still image or a certain movie.. bang.. one's internet to home network infiltrated.. did the actual consumer product manufacturer know it's product could do that? Maybe, maybe not.. was it chip level, code level, firmware level, modified circuit board..

    It's serious. Tip of the iceberg may be more like a hornet's nest has been opened.. how deep it goes? Will our security agencies work with us to solve it, or are they part of a cover-up? Big questions to ask..
    Each of us play our part in creating a new story for humanity and our planet ~

  2. The Following 6 Users Say Thank You to Bob For This Post:

    avid (5th October 2018), Axman (7th October 2018), norman (5th October 2018), Ratszinger (5th October 2018), Sadieblue (5th October 2018), Valerie Villars (5th October 2018)

  3. Link to Post #22
    Australia Avalon Member
    Join Date
    23rd June 2011
    Age
    38
    Posts
    960
    Thanks
    235
    Thanked 3,288 times in 746 posts

    Default Re: Apparently China just can't resist embedding spyware (It's worse - lots worse. See Post #32)

    for me this news is disclosure...who believe NSA compromise devices while china sit back doing nothing? every product have compromised.

  4. The Following User Says Thank You to apokalypse For This Post:

    Ratszinger (6th October 2018)

  5. Link to Post #23
    United States Administrator Paul's Avatar
    Join Date
    4th January 2011
    Location
    North Texas
    Age
    71
    Posts
    26,797
    Thanks
    26,263
    Thanked 121,564 times in 19,729 posts

    Default Re: Apparently China just can't resist embedding spyware (It's worse - lots worse. See Post #32)

    .
    Well, I'll be danged. I've been figuring that it would be practically impossible to insure that circuit boards did not have such tiny chips hidden in them, between two of the fiber glass layers, invisible to external optical inspection by ordinary human eyes.

    Well, that may be, but there is a practical way to automatically detect such "enhancements" to the circuitry on a board.

    Thanks to this article on [H]ardOCP, I was led to this article: This Tech Would Have Spotted the Secret Chinese Chip in Seconds.

    ~~~~~~~~~~~~~~~~~~~~~
    This Tech Would Have Spotted the Secret Chinese Chip in Seconds

    University of Florida engineers use X-rays, optical imaging, and AI to spot spy chips in computer systems

    By Samuel K. Moore - 4 Oct 2018 | 20:48 GMT

    According to Bloomberg Businessweek, spies in China managed to insert chips into computer systems that would allow external control of those systems. Specialized servers purchased by Amazon, Apple, and others around 2015 and manufactured in China by San Jose–based Super Micro were reportedly at issue, as may have been systems built for the U.S. military.

    Amazon, Apple, the Chinese government, and Super Micro deny the incident ever happened. And some experts find it hard to believe a top-flight company like Apple could have initially missed something like this in their quality assurance process. However, other experts are convinced by Bloomberg’s reporting and the nature of the attack. One of those is Mark M. Tehranipoor, director of the Florida Institute for Cybersecurity Research (FICS). In fact, this is just the kind of attack his institute has been developing the technology to detect and counter.

    The institute’s semiautomated system “could have identified this part in a matter of seconds to minutes,” says Tehranipoor, an IEEE Fellow. The system uses optical scans, microscopy, X-ray tomography, and artificial intelligence to compare a printed circuit board and its chips and components with the intended design.

    It starts by taking high-resolution images of the front and back side of the circuit board, he explains. Machine learning and AI algorithms go through the images, tracing the interconnects and identifying the components. Then an X-ray tomography imager goes deeper, revealing interconnects and components buried within the circuit board. (According to Bloomberg, later versions of the attack involved burying the offending chip instead of having it sit on the surface.) That process takes a series of 2D images and automatically stitches them together to produce a layer-by-layer analysis that maps the interconnects and the chips and components they connect. The systems in question in the Bloomberg story probably had a dozen layers, Tehranipoor estimates.

    All this information is then compared to the original designs to determine if something has been added, subtracted, or altered by the manufacturer.

    Nearly all of the process is automated, and Tehranipoor’s group is working on completely removing the need for a human in the system. In addition, they are working on ways to identify much more subtle attacks. For example, an attacker could potentially alter the physical values of capacitors and resistors on the board or subtly change the dimensions of interconnects, making them susceptible to system-crippling electromigration.
    ~~~~~~~~~~~~~~~~~~~~~
    *** Avalon Forum Guidelines - Membership Guidelines.
    *** ProjectAvalonStatus.net - Check here for forum status.
    Formerly known as "ThePythonicCow", aka "Cow", "Mooster", ...

  6. The Following 10 Users Say Thank You to Paul For This Post:

    avid (6th October 2018), Axman (7th October 2018), Bill Ryan (6th October 2018), Bob (6th October 2018), Hervé (6th October 2018), Jayke (10th October 2018), JRS (8th October 2018), latte (10th October 2018), norman (6th October 2018), Ratszinger (6th October 2018)

  7. Link to Post #24
    France Administrator Hervé's Avatar
    Join Date
    7th March 2011
    Location
    Brittany
    Posts
    15,152
    Thanks
    52,572
    Thanked 82,383 times in 13,899 posts

    Default Re: Apparently China just can't resist embedding spyware (It's worse - lots worse. See Post #32)

    Quote Posted by Paul (here)
    Specialized servers purchased by Amazon, Apple, and others around 2015 and manufactured in China by San Jose–based Super Micro were reportedly at issue...
    [...]
    ... some experts find it hard to believe a top-flight company like Apple could have initially missed something like this in their quality assurance process.
    [...]
    In fact, this is just the kind of attack his institute has been developing the technology to detect and counter.
    With that emphasized last statement, one wonders who/what gave them the idea that someone, somewhere would think of it and produce it?

    This, of course leads to that irritating idea that China simply produced circuits designed by DARPA or the Pentagon or the NSA or... to their very specification of components and circuitry....

    What if these extraneous components are just decoys inserted to misdirect away from similars to Intel's spying chip built in within the main chip?
    "La réalité est un rêve que l'on fait atterrir" San Antonio AKA F. Dard

    Troll-hood motto: Never, ever, however, whatsoever, to anyone, a point concede.

  8. The Following 8 Users Say Thank You to Hervé For This Post:

    avid (6th October 2018), Axman (7th October 2018), Bill Ryan (6th October 2018), Bob (6th October 2018), Jayke (10th October 2018), latte (10th October 2018), Paul (6th October 2018), wavydome (11th October 2018)

  9. Link to Post #25
    Avalon Member Bob's Avatar
    Join Date
    23rd June 2013
    Location
    North America
    Age
    66
    Posts
    6,624
    Thanks
    11,965
    Thanked 27,638 times in 5,882 posts

    Lightbulb Re: Apparently China just can't resist embedding spyware (It's worse - lots worse. See Post #32)

    The A2 attack described in post 17 above shows the impossibility to use either X-Ray or optical comparison of proper images of boards and layers.

    Who gave them the idea? Chinese espionage and science is well developed.

    It has been known since the days of the H-bomb that it doesn't take a genius to install trusted people in the chain.

    Is it a cooperative effort by spy groups and economic groups. Why not? Having back doors and keys into people's and businesses lives is what these folk live for. One moment a friendly face the next moment backstabbing and a financial edge or a new tech stolen.

    By the way - see here: https://semiengineering.com/every-ch...ith-this-tool/ it is an article about how a premade chip can be hacked, taken apart, it's secrets and or cryptology modified.. The article mentions it is next to impossible to prevent any group/company/country from finding out what is inside any "secure" chip, and then modifying that chip and potentially putting it back into the supply chain.

    I could tell you stories of having experienced first hand Sony Digital's out of Japan technology espionage efforts, having been a victim of them personally in the '90s. In other words they all do it. For all we know another server manufacturer could have woo'd China to allow such modifications. After all the stocks took a big hit of the companies mentioned while folks making competitive products may well see a nice bonus for Christmas.

    I say figure out how to verify what's inside the chips. Now that board level sabotage is the smokescreen for deeper embedded chip level modifications, the problem will and most likely does exist there.

    After all the chips themselves LOOK like miniature versions of the motherboards. And there are hundreds of those in a modern electronic computer board.

    That in my opinion is what is not being scrutinized adequately. Nor are the chip silicon developers being scrutinized, nor are mysterious disappearances of those developers being looked at.

    To me it all points to the parts themselves. The chips, the semiconductors.

    And about the Malaysia flight MH370 crash? And the disappearance/loss of 20 chip specialists. Strangely Freescale semiconductor said these people were headed to the manufacturing plants for a detailed review. Checking the silicon for odd discrepancies?

    Freescale, a spinoff from Motorola Semiconductor, was responsible for some of the most secret military radar chips, parts in missiles/rockets, and medical devices.
    Last edited by Bob; 6th October 2018 at 17:30.
    Each of us play our part in creating a new story for humanity and our planet ~

  10. The Following 7 Users Say Thank You to Bob For This Post:

    avid (6th October 2018), Axman (7th October 2018), Hervé (6th October 2018), Jayke (10th October 2018), latte (10th October 2018), norman (6th October 2018), Valerie Villars (6th October 2018)

  11. Link to Post #26
    Avalon Member norman's Avatar
    Join Date
    25th March 2010
    Location
    too close to the hot air exhaust
    Age
    63
    Posts
    4,597
    Thanks
    6,991
    Thanked 20,980 times in 3,936 posts

    Default Re: Apparently China just can't resist embedding spyware (It's worse - lots worse. See Post #32)

    Yea, I'm sure it's chip level, but I think the story is a political story so far. The stage is being set for something.
    .................................................. my first language is TYPO..............................................

  12. The Following 3 Users Say Thank You to norman For This Post:

    Axman (7th October 2018), Bob (6th October 2018), Valerie Villars (6th October 2018)

  13. Link to Post #27
    United States Administrator Paul's Avatar
    Join Date
    4th January 2011
    Location
    North Texas
    Age
    71
    Posts
    26,797
    Thanks
    26,263
    Thanked 121,564 times in 19,729 posts

    Default Re: Apparently China just can't resist embedding spyware (It's worse - lots worse. See Post #32)

    Quote Posted by Hervé (here)
    With that emphasized last statement, one wonders who/what gave them the idea that someone, somewhere would think of it and produce it?
    Given that "taping out" boards is itself a complex process involving weeks of effort and two major engineering organizations (one design, and one manufacturing),
    given that these circuit boards are quite complex, and
    given that University efforts to automatically check software, circuits and hardware have long been a major research area,

    therefore I find it not at all surprising that automated checking of the final manufactured board, to see that it matches the original design, would be an area of extended University research.

    ---

    "taping out": transforming the engineers design from a painfully detailed document into an actual circuit, board or chip that manufacturing can reliably reproduce in quantity.
    *** Avalon Forum Guidelines - Membership Guidelines.
    *** ProjectAvalonStatus.net - Check here for forum status.
    Formerly known as "ThePythonicCow", aka "Cow", "Mooster", ...

  14. The Following 4 Users Say Thank You to Paul For This Post:

    Axman (7th October 2018), Bob (6th October 2018), Hervé (6th October 2018), Jayke (10th October 2018)

  15. Link to Post #28
    Avalon Member Bob's Avatar
    Join Date
    23rd June 2013
    Location
    North America
    Age
    66
    Posts
    6,624
    Thanks
    11,965
    Thanked 27,638 times in 5,882 posts

    Default Re: Apparently China just can't resist embedding spyware (It's worse - lots worse. See Post #32)

    Quote Posted by Paul (here)
    Quote Posted by Hervé (here)
    With that emphasized last statement, one wonders who/what gave them the idea that someone, somewhere would think of it and produce it?
    [..]
    therefore I find it not at all surprising that automated checking of the final manufactured board, to see that it matches the original design, would be an area of extended University research.
    .
    Any well established manufacturer of boards or the chips themselves should be using the optical comparator "machine vision inspection system". These are in full production and any reputable board factory for mass surface mount automated production should be using one or more of these. This system shown below does both x-Ray and optical inspection. It compares the proper assembly image with the live image of a board running through the scanner.


    The issues come up if these systems are not being used, or if the "original proper" board image and layers have had their master image hacked or corrupted.

    It is impossible to use a simple (the x-ray process) method to check inside the silicon and analyze the layers within these chips themselves, because of the size of the "components" is too small, and too complex, and chips tend to be "layered" much like a modern complex circuit board.

    A mask (like a photo-template) for such a computer chip containing billions of transistors if blown up to be "viewable" can be over 100 foot square.

    Checking the chip silicon is usually done by taking a sample, and delayering the layers, and comparing such layer by layer, an extreme time consuming and costly process.

    Here is a video of the taking apart step to get into a "chip" - it is costly time consuming and expensive:


    IF such is demanded by the end buyer to check each chip and certify it as "original and safe" a new method needs to be developed to verify the circuitry on the silicon. If not we take our chances that the sampling process to investigate a "chip's integrity" was done honestly.

    Here is a video looking at the nano-sized scales within a modern integrated circuit.. It was done using a scanning electron microscope.

    Last edited by Bob; 6th October 2018 at 20:00.
    Each of us play our part in creating a new story for humanity and our planet ~

  16. The Following 5 Users Say Thank You to Bob For This Post:

    avid (6th October 2018), Axman (7th October 2018), Hervé (6th October 2018), Jayke (10th October 2018), wavydome (11th October 2018)

  17. Link to Post #29
    Avalon Member Bob's Avatar
    Join Date
    23rd June 2013
    Location
    North America
    Age
    66
    Posts
    6,624
    Thanks
    11,965
    Thanked 27,638 times in 5,882 posts

    Default Re: Apparently China just can't resist embedding spyware (It's worse - lots worse. See Post #32)

    Bloomberg reported today *9 october 2018 that the security firm that discovered the "chip" in the bus on the motherboard had an apparent COMPONENT LEVEL hack, this time with an embedded spyware device within the Ethernet Connector itself, that thing which one plugs the cable to tie into the net..

    NSA is quite familiar with this type of hardware spyware, providing modified cables, a nice substitute, quickly plugged in by an agent and the server appears to not suffer any obvious tampering.. - It could be your USB cable, your Network cable, or your mouse, or keyboard..

    https://arstechnica.com/information-...illance-magic/ ---< This is a good read, don't pass it up

    and

    https://www.androidauthority.com/nsa-ant-328858/

    Bloomberg's hacked "component" device is described as something like this:


    NSA calls is FireWalk. What the Chinese call their's is indetermined at the moment.. but possibly they took their lead from the NSA..

    Quote But here is the really interesting part, the NSA has working spyware that implants itself into the BIOS of PCs. The BIOS is that bit that shows the graphic of your PC maker, or maybe some white text on a black background, that appear briefly before the Windows logo is displayed. It is the lowest level of software that runs on a PC and is stored on flash memory on the motherboard. From time to time motherboard makers release new versions of the BIOS software for their motherboards to fix bugs. This means that consumer level tools exist to replace the firmware with the latest version. So this is consumer level tech used in a nefarious way.

    Now imagine a situation where the NSA sends in a undercover engineer to perform a BIOS upgrade on a PC with spyware pre-built into it. Or where the agency intercepts that new motherboard you just bought online and installs its own BIOS before repackaging it and posting it on to you. Or worse imagine a situation where the NSA has managed to alter the official BIOS of a motherboard, either by coercion, bribery or subterfuge, so that the official BIOS on a motherboard actually contains NSA spyware.
    The bios implant was what the airfarce lt col dumped into my network machine when I caught her when I walked back unexpectedly into my sound studio. I trashed that computer rather than looking to see what modifications were done (if interested, see Hal turner's thread for more on that in Current News).

    and here is the updated Bloomberg article - https://www.bloomberg.com/news/artic...=technology-vp

    a small quote from the updated article:

    Quote Hardware implants are key tools used to create covert openings into those networks, perform reconnaissance and hunt for corporate intellectual property or government secrets.

    The manipulation of the Ethernet connector appeared to be similar to a method also used by the U.S. National Security Agency, details of which were leaked in 2013. In e-mails, Appleboum and his team refer to the implant as their “old friend,” because he said they had previously seen several variations in investigations of hardware made by other companies manufacturing in China.
    Multiple spyware components. In case one thought they found them all, look deeper, everything from the hard drives, the chips, the bios (firmware), layer after layer of spyware.. Buy Chinese? where else can we get machines which haven't been tampered with? So many of us say the operating vendors put in backdoors.. That is so much of the tip of the "obvious" iceberg, the smoke screen again, to divert us from digging deeper.. Sure, bash the OS developers .. focus there when the manufacturers and the NSA watch the show. Economic espionage is a big one. Getting the plans of foreign players, ambassadors, secrets of state can happen everywhere.. So called "air gap'd" machines may really not be secure, ready to experience an exploit from a simple human foible.
    Last edited by Bob; 10th October 2018 at 03:45.
    Each of us play our part in creating a new story for humanity and our planet ~

  18. The Following 2 Users Say Thank You to Bob For This Post:

    avid (10th October 2018), Jayke (10th October 2018)

  19. Link to Post #30
    United States Administrator Paul's Avatar
    Join Date
    4th January 2011
    Location
    North Texas
    Age
    71
    Posts
    26,797
    Thanks
    26,263
    Thanked 121,564 times in 19,729 posts

    Default Re: Apparently China just can't resist embedding spyware (It's worse - lots worse. See Post #32)

    Steve Gibson, on his weekly Security Now broadcast with Leo Laporte, recommended the following paper by Theo Markettos of Light Blue Touchpaper that describes this problem: Making sense of the Supermicro motherboard attack.

    I've just read this paper now, and it does the best job I've seen of explaining just how this could be done, with specific details of the low level hardware and firmware on such server motherboards, and of the opportunities that this provides for fairly easily adding a tiny, six-pin, package to a certain set of already available, often unused, set of six connection points on the board, next to the Baseboard Management Controller (BMC), an ARM CPU running Linux, that is powered on and operational, even when the main system is powered off.

    These BMC controllers are essential in server room environments, enabling fully remote control of each system. For example, I can power down, reboot into the BIOS, and reset my personal servers that are in some data center in Dallas (so I'm told; I've never been there), remotely over the Internet, using these controllers. Singlehop doesn't let me do that with the Avalon server, as they reserve access to the BMC controller on our Avalon server for their own use, but no doubt our Avalon server is some board, quite possibly a Supermicro board, in a rack somewhere, in the Phoenix Arizona data center operated by Singlehop.

    This is of course only one of hundreds of potential ways that such complicated circuits, boards, and chips could be compromised, and only one of many thousands of ways that the incredibly complicated software (layer upon layer upon layer of complexity) running on that hardware could be compromised, if only we knew all the bugs and vulnerabilities in them, more of which are added every day.

    There's a million (guessing wildly) programmers writing code on any day on this planet, and the average programmer writes ten lines of code per day, and one non-trivial bug per day ... that's a million new bugs each day (give or take several orders of magnitude.) Where there's a bug and a sufficiently persistent hacker, there's often a security vulnerability.

    At the hardware level, there are hundreds of engineering, manufacturing and shipping teams and organizations, around the world, that would have been in a position to compromise, by mistake or sabotage, some key (security sensitive) logic within any computer, even mobile.

    It's amazing it works at all .
    Last edited by Paul; 10th October 2018 at 11:06.
    *** Avalon Forum Guidelines - Membership Guidelines.
    *** ProjectAvalonStatus.net - Check here for forum status.
    Formerly known as "ThePythonicCow", aka "Cow", "Mooster", ...

  20. The Following 4 Users Say Thank You to Paul For This Post:

    Bob (12th October 2018), gord (11th October 2018), Hervé (10th October 2018), Jayke (10th October 2018)

  21. Link to Post #31
    Avalon Member Flash's Avatar
    Join Date
    26th December 2010
    Location
    Montreal
    Posts
    9,021
    Thanks
    36,373
    Thanked 49,040 times in 8,334 posts

    Default Re: Apparently China just can't resist embedding spyware (It's worse - lots worse. See Post #32)

    And some want us to connect our brains and bodies directly to the internet!!! Absolutely spooky. How about brain/body hijack by the Chinese through their motherboards. How about injected viruses, in our brain and body, if it is not already done (archon thinking here)
    How to let the desire of your mind become the desire of your heart - Gurdjieff

  22. The Following 2 Users Say Thank You to Flash For This Post:

    Bob (12th October 2018), Jayke (10th October 2018)

  23. Link to Post #32
    United States Administrator Paul's Avatar
    Join Date
    4th January 2011
    Location
    North Texas
    Age
    71
    Posts
    26,797
    Thanks
    26,263
    Thanked 121,564 times in 19,729 posts

    Default Re: Apparently China just can't resist embedding spyware (It's worse - lots worse. See Post #32)

    Quote Posted by Paul (here)
    This is of course only one of hundreds of potential ways that such complicated circuits, boards, and chips could be compromised, and only one of many thousands of ways that the incredibly complicated software (layer upon layer upon layer of complexity) running on that hardware could be compromised, if only we knew all the bugs and vulnerabilities in them, more of which are added every day.
    It's worse. It's as bad as we geeks who have worked at these levels of processor and system architecture suspected it might be.

    One does not need added circuitry on the motherboard, nor some software bug in the BIOS, EFI, BMC, IPMI, kernel, compiler or some system service.

    Any unprivileged process that is able to execute a particular sequence of a few dozen machine instructions has instant, full root, full privileged access to the entire system.

    This is not a bug. It is designed into the x86 architecture. It is a total and deliberate and carefully hidden defeat of the security model used in x86 CPU's, that works independently of any choice of operating system (Windows, Mac, Linux, BSD, ...) or vendor (Dell, HP, Apple, ...)

    A separate ARM processor running a RISC instruction set is built in to our CPU's. It can be enabled using a heretofore secret x86 instruction. This ARM processor can read and write key Ring 0 (kernel only) registers. Unprivileged user level code (Ring 3) can enable this ARM processor and feed it RISC instructions that totally compromise any system software running on the main x86 CPU. The proof-of-concept code demonstrated in this talk runs in unprivileged user space, and uses this ARM processor to reach into some structures in the Linux kernel its running over to give itself full root permissions.

    The following presentation, two months ago now, at the Black Hat conference in Las Vegas, Nevada, USA, discloses this security compromise, for the particular case of a certain VIA C3 Nehemiah processor and a particular Linux kernel. However I have essentially zero doubt that variations of this compromise apply to all the major x86 CPU architectures of Intel and AMD, and likely to other popular RISC and ARM CPU architectures as well.



    Game over.

    You don't get to be a major political leader if you are not deeply compromised.

    You don't get to be a major CPU architecture if you are not deeply compromised.
    *** Avalon Forum Guidelines - Membership Guidelines.
    *** ProjectAvalonStatus.net - Check here for forum status.
    Formerly known as "ThePythonicCow", aka "Cow", "Mooster", ...

  24. The Following 5 Users Say Thank You to Paul For This Post:

    Bob (12th October 2018), gord (11th October 2018), Hervé (11th October 2018), Jayke (11th October 2018), TargeT (11th October 2018)

  25. Link to Post #33
    United States Administrator Paul's Avatar
    Join Date
    4th January 2011
    Location
    North Texas
    Age
    71
    Posts
    26,797
    Thanks
    26,263
    Thanked 121,564 times in 19,729 posts

    Default Re: Apparently China just can't resist embedding spyware (It's worse - lots worse. See Post #32)

    Here is the presentation material and overview for the above posted GOD MODE black hat video:

    ~~~~~~~~~~~~~~~~~~~~~~
    GOD MODE UNLOCKED - Hardware Backdoors in x86 CPUs

    Christopher Domas | Director of Research, Finite State
    Location: South Pacific F
    Date: Thursday, August 9 | 11:00am-11:50am
    Format: 50-Minute Briefings
    Tracks: Platform Security, Hardware/Embedded

    Complexity is increasing. Trust eroding. In the wake of Spectre and Meltdown, when it seems that things cannot get any darker for processor security, the last light goes out. This talk will demonstrate what everyone has long feared but never proven: there are hardware backdoors in some x86 processors, and they're buried deeper than we ever imagined possible. While this research specifically examines a third-party processor, we use this as a stepping stone to explore the feasibility of more widespread hardware backdoors.

    Presentation Material

    • Download Presentation Slides
    Download White Paper
    ~~~~~~~~~~~~~~~~~~~~~~
    *** Avalon Forum Guidelines - Membership Guidelines.
    *** ProjectAvalonStatus.net - Check here for forum status.
    Formerly known as "ThePythonicCow", aka "Cow", "Mooster", ...

  26. The Following 4 Users Say Thank You to Paul For This Post:

    Bob (12th October 2018), gord (11th October 2018), Hervé (11th October 2018), Jayke (11th October 2018)

  27. Link to Post #34
    United States Administrator Paul's Avatar
    Join Date
    4th January 2011
    Location
    North Texas
    Age
    71
    Posts
    26,797
    Thanks
    26,263
    Thanked 121,564 times in 19,729 posts

    Default Re: Apparently China just can't resist embedding spyware (It's worse - lots worse. See Post #32)

    Here is the rather bleak conclusion from the White Paper linked in the previous post:

    ~~~~~~~~~~~
    X. CONCLUSION

    The rosenbridge backdoor provides a well-hidden,
    devastating circumvention to the long-standing x86 ring
    privilege model. In offering a knowledgeable attacker direct,
    unrestricted access to the kernel from arbitrary unprivileged
    code, the backdoor negates decades of progress on hardware
    and software kernel security mechanisms. Research into this
    backdoor is ongoing, and is presently being tracked under [CVE
    pending]. While this specific vulnerability is not widespread, it
    serves as a valuable case study into the feasibility and
    implementation of processor backdoors.

    In the wake of hardware backdoors, our existing security
    models are nearly entirely broken. Decades of work on
    software protection mechanisms do nothing to protect against
    such a threat, and we are bleakly unprepared for what lies
    ahead. In looking forward, we propose that, rather than panic
    and speculate, a valuable near-term course of action is to
    continue to develop tools to introspect and audit processors,
    bringing control and insight back to the end users of a chip. To
    this end, we previously released the sandsifter fuzzer for
    resolving the secret instructions in an x86 ISA, and
    examined the results on a wide variety of modern processors.
    Building on this theme, in this paper, we introduced an
    approach for auditing model-specific-registers through timing
    analysis; this idea is discussed further in the related paper
    Cracking Protected CPU Registers. Moving forward, the
    authors intend to continue to define and explore techniques for
    introspecting an untrusted processor, in order to discover and
    break through new security boundaries in x86. To support this,
    the research, tools, and data from this paper are open sourced as
    project:rosenbridge at github.com/xoreaxeaxeax/rosenbridge.
    ~~~~~~~~~~~
    Last edited by Paul; 11th October 2018 at 20:47.
    *** Avalon Forum Guidelines - Membership Guidelines.
    *** ProjectAvalonStatus.net - Check here for forum status.
    Formerly known as "ThePythonicCow", aka "Cow", "Mooster", ...

  28. The Following 5 Users Say Thank You to Paul For This Post:

    Bob (12th October 2018), gord (11th October 2018), Hervé (11th October 2018), Jayke (11th October 2018), JRS (12th October 2018)

  29. Link to Post #35
    Avalon Member Bob's Avatar
    Join Date
    23rd June 2013
    Location
    North America
    Age
    66
    Posts
    6,624
    Thanks
    11,965
    Thanked 27,638 times in 5,882 posts

    Default Re: Apparently China just can't resist embedding spyware (It's worse - lots worse. See Post #32)

    One question

    It is called a CLASS ACTION

    Against those whom have built in the holes, the deliberate "features" into the CPU's, or the motherboards, or the components.

    Isn't about time folks say NO to the infiltration, and hit them hard economically?

    Who will support this, can in the US actually Congress start a select investigative committee to get directly INTO who has put such compromised defective product into Commerce?

    Most certainly the President can issue orders to form a very massive all inclusive investigative committee.. this is BIG...

    Isn't FTC into wanting to know who has compromised?

    Isn't CERT wanting to know who has compromised?

    With this much of a landslide revelation of the security compromises, saying "Russia hacked the election" is a flea on an elephant's butt type of drama... At least it seems to me a bunch of folks need to go and do something to the perps, hit them hard for fixes AT THEIR EXPENSE and then hit them for the damages.. Hmm seems to me that ugly word NATIONALIZATION comes to mind when the criminal activity is so great, to let such corporations run rampant across every walk of society and security..
    Each of us play our part in creating a new story for humanity and our planet ~

  30. The Following 2 Users Say Thank You to Bob For This Post:

    JRS (12th October 2018), Paul (12th October 2018)

  31. Link to Post #36
    Avalon Member Bob's Avatar
    Join Date
    23rd June 2013
    Location
    North America
    Age
    66
    Posts
    6,624
    Thanks
    11,965
    Thanked 27,638 times in 5,882 posts

    Default Re: Apparently China just can't resist embedding spyware (It's worse - lots worse. See Post #32)

    Just read some military aerospace technical journals today, and they are picking up on this current level of "spyware", lending credibility (it's real Apple, Amazon.. etc.. and you cant' get away denying it..) and alerting the general executive staff in the Airforce/Army/Navy to be aware of the compromised parts, motherboards..

    Where that leads could be interesting to watch if the military wakes up to the holes in security...
    Each of us play our part in creating a new story for humanity and our planet ~

  32. Link to Post #37
    Virgin Islands Avalon Member TargeT's Avatar
    Join Date
    30th June 2011
    Location
    St. Croix
    Age
    39
    Posts
    7,229
    Thanks
    20,752
    Thanked 37,276 times in 6,761 posts

    Default Re: Apparently China just can't resist embedding spyware (It's worse - lots worse. See Post #32)

    Quote Posted by Paul (here)
    This Tech Would Have Spotted the Secret Chinese Chip in Seconds

    I would have found it, right away (ok, with in a week or two of initial install).....

    This only was able to happen because most of the US is still in the dark ages for IT security staff & methodologies...

    I spend my most time analyzing "the wire" (traffic flow in and out of a network).

    This small chip beaconed out to a random internet host,, that's an outside established connection from a major server (which, if done correctly; would be closely monitored). Some good security practices and a free installation of Security Onion (free software) would have caught this...

    No need for Xrays...

    Quote Posted by Bob (here)
    Where that leads could be interesting to watch if the military wakes up to the holes in security...
    I've been trained to catch something like this chip... just because it's a chip and not Malware doesn't change the attack vector, not really... just makes it more of a pain in the ass to fix.

    we would have caught it, and; no doubt started feeding false information... the spy you know about is a very valuable resource for disinfo dissemination
    Last edited by Paul; 17th October 2018 at 19:12. Reason: trim quote
    There was a 1: 400,000,000,000,000 chance of you being born: what have you done with your miraculous life today?

  33. The Following 4 Users Say Thank You to TargeT For This Post:

    Bob (17th October 2018), norman (17th October 2018), Paul (17th October 2018), zebowho (17th October 2018)

  34. Link to Post #38
    United States Administrator Paul's Avatar
    Join Date
    4th January 2011
    Location
    North Texas
    Age
    71
    Posts
    26,797
    Thanks
    26,263
    Thanked 121,564 times in 19,729 posts

    Default Re: Apparently China just can't resist embedding spyware (It's worse - lots worse. See Post #32)

    Quote Posted by TargeT (here)
    This small chip beaconed out to a random internet host,, that's an outside established connection from a major server
    Then, if I were your adversary, I would see to it that my next generation "chip" (or equivalent logic, embedded directly in a x86, ARM or MIPS processor) did not beacon out until some other event that I controlled happened first.

    It [military intelligence and secure computation and communication] is a cat and mouse game ... and from what I can tell, neither cats nor mice are in any risk of becoming extinct due to the other's efforts.
    *** Avalon Forum Guidelines - Membership Guidelines.
    *** ProjectAvalonStatus.net - Check here for forum status.
    Formerly known as "ThePythonicCow", aka "Cow", "Mooster", ...

  35. The Following 2 Users Say Thank You to Paul For This Post:

    Bob (17th October 2018), TargeT (17th October 2018)

  36. Link to Post #39
    United States Administrator Paul's Avatar
    Join Date
    4th January 2011
    Location
    North Texas
    Age
    71
    Posts
    26,797
    Thanks
    26,263
    Thanked 121,564 times in 19,729 posts

    Default Re: Apparently China just can't resist embedding spyware (It's worse - lots worse. See Post #32)

    Quote Posted by Paul (here)
    Then, if I were your adversary, I would see to it that my next generation "chip" (or equivalent logic, embedded directly in a x86, ARM or MIPS processor) did not beacon out until some other event that I controlled happened first.
    Oh - and the Chinese have (guessing wildly) ten technically educated engineers/geeks/nerds/... for every one that the US has, and many of them have at least some modest competence in reading/writing technical English, whereas almost no European descendant engineer can tell Chinese writing from Egyptian hieroglyphics.

    ... and as we know ... our semiconductor manufacturing moved across the Pacific in the 1990's.

    Ten hungry cats, one fat mouse. I wonder what's for dinner.
    *** Avalon Forum Guidelines - Membership Guidelines.
    *** ProjectAvalonStatus.net - Check here for forum status.
    Formerly known as "ThePythonicCow", aka "Cow", "Mooster", ...

  37. The Following 2 Users Say Thank You to Paul For This Post:

    Bob (17th October 2018), TargeT (17th October 2018)

  38. Link to Post #40
    Virgin Islands Avalon Member TargeT's Avatar
    Join Date
    30th June 2011
    Location
    St. Croix
    Age
    39
    Posts
    7,229
    Thanks
    20,752
    Thanked 37,276 times in 6,761 posts

    Default Re: Apparently China just can't resist embedding spyware (It's worse - lots worse. See Post #32)

    Quote Posted by Paul (here)
    Quote Posted by TargeT (here)
    This small chip beaconed out to a random internet host,, that's an outside established connection from a major server
    Then, if I were your adversary, I would see to it that my next generation "chip" (or equivalent logic, embedded directly in a x86, ARM or MIPS processor) did not beacon out until some other event that I controlled happened first.

    It [military intelligence and secure computation and communication] is a cat and mouse game ... and from what I can tell, neither cats nor mice are in any risk of becoming extinct due to the other's efforts.
    You can't have Command and Control with out a way to establish a connection, and good practices dictate that for certain assets, no outside initiated connections are allowed (or if they are, they are very TIGHTLY white listed).

    Honestly this is way less sophisticated than the stuff that Malware Jake (recently outed by the Russians as an X-NSA hacker) does, zero days are a looming threat that is very difficult to anticipate and re-act to; but still, they establish a foot hold and an outside connection and if you are paying attention to what "normal" traffic is, this stuff will stand out like a sore thumb.

    Data has to go over "the wire", attacks that use easily monitored ingress and egress will always be spotted by the observant security professional.

    Things like physical network plants with 2g/3g/4g connections are a bit more worry some, because it's hard to monitor ingress/egress when you don't even know it's there (and who would pick up on a random 2g/3g/4g connection, cellphones are always randomly connecting and disconnecting) that would be my move.... but it would take a physical aspect that is much harder to pull off.
    Last edited by TargeT; 17th October 2018 at 19:37.
    There was a 1: 400,000,000,000,000 chance of you being born: what have you done with your miraculous life today?

  39. The Following 2 Users Say Thank You to TargeT For This Post:

    Bob (17th October 2018), Paul (17th October 2018)

+ Reply to Thread
Page 2 of 3 FirstFirst 1 2 3 LastLast

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts