Hardware backdoors
-
Correct - My point exactly.
-
I have never understood FOSS to be a security problem in any way! To the contrary. Me mentioning open source in the original question was sort of the result of me not yet understanding what I really wanted to ask. Sorry for the confusion.
My question is probably more like: how much can hardware have a life on it's own, without the OS being in control of the ressources being accessed by the hardware? For example, take DMA:
Direct memory access (DMA) is a feature of modern computers that allows certain hardware subsystems within the computer to access system memory independently of the central processing unit (CPU).[1]
The DMA controller is controlled by the CPU, but can you trust the DMA controller to do what it is told?
How about "bus mastering":
In a bus mastering system, both the CPU and peripherals can be granted control of the memory bus. Where a peripheral can become bus master, it can directly write to system memory without involvement of the CPU, providing memory address and control signals as required.[1]
OTOH, everyone knows that there are tools like tcpdump and any obvious remote backdoor can be easily exposed.
BUT: there might still information be transmitted that these tools do not capture at all, or messages that disguise as "normal" traffic…And this is probably what I really want to know: is it even possible for freebsd to protect us from hardware manufacturers exploiting hardware architectures?
Would we have to allow only encrypted information into memory? But how do you do math on encrypted data? Hmm..
1 https://en.wikipedia.org/wiki/Direct_memory_access
-
Thats why I don't like too many "features" on the mobo of the firewall. Some motherboards these days have all sorts of features that could, in theory, allow an intruder to examine pretty much everything thats happening in the OS remotely without any need of hacking the OS.
This was based on software exploit
http://en.wikipedia.org/wiki/Blue_Pill_%28software%29But with the wrong hardware, I imagine the same effect could be had with malicious hardware not thin hypervisor required.
If you believe the news, all phones are already there, so why not MOBOs and NIC cards etc… etc...
(By malicious I mean malicious to the consumer - but on purpose) -
Anything that has an IP or could potentially get an IP could be sending information back to China. I'm not going to start worrying about a device built into my keyboard or something because to retrieve the information from it would require physical access and once someone has that they could get anything anyway.
Things that I might worry about would include, in rough descending order of worry: routers, layer3 switches, layer2 switches, out-of-band management devices, network printers. Anything with an IP.To be honest I'm not that worried about any of that. You are far more likely to be hacked by someone with a phone that has been compromised.
Steve
-
Yeah - You can't worry about EVERY piece of hardware or software made, but you can avoid the known offenders.
-
Interesting thread and question.
I was thinking about the same as you. Using Commercial products or open-source software. In the days of NSA affairs this comes again more in my focus. Of course there are other institutions or groups which do the same as the NSA but today it's in the media.
So in general I would agree that open-source firewalls would be "more secure" when looking at backdoors because the code is open source and everyone can look at the code. And I would be should that even if some institutions support open-source product to implement backdoors someone else on the wolrd would find this and publish this.
Further you were talking about virtualisation. Virtualisation with KVM or qemu is also open-source. Don't know if this makes things more or less secure than let's say VMware virtualized servers.
-
I would trust the open versions more than the more closed code things when it comes to VM stuff also. Yeah. Like you said.
-
Everything that is connected to a network or has the ability to connect to a network (WAN or LAN) could be possibly hacked into. It all depends on how dedicated the opposite person/hacker is on hacking your network or network device.
For example.. Apple says a lot of BS about their iOS.. but it has been hacked/compromised time and time again. Darn even their so called super secure finger print has been hacked as of today.
-
Fingerprints are stupid simple biometrics to copy. I'm amazed it took this long to hack that since the very fingerprint you need to lift is all over the screen more than likely! :P
-
Fingerprints are stupid simple biometrics to copy. I'm amazed it took this long to hack that since the very fingerprint you need to lift is all over the screen more than likely! :P
Well it took a day from the date of actual product receipt :)
-
Seems like my thoughts on DMA and bus mastering express real issues and that there is exploitation and research going on:
"DMA-based attacks launched from peripherals are capable of compromising the host without exploiting vulnerabilities present in the operating system running on the host.
"Therefore they present a highly critical threat to system security and integrity. Unfortunately,to date no OS (operating system) implements security mechanisms that can detect DMA-based attacks. Furthermore, attacks against memory management units have been demonstrated in the past and therefore cannot be considered trustworthy."
The German Government funded research was closing in on its aim to develop a reliable detector for DMA malware.
"At the moment we have a proof-of-concept that proves that a detector is possible," Stewin said in an email to SC. "It can find DAGGER."
The proof-of-concept was based on a runtime monitor dubbed BARM which modelled and compared expected memory bus activity to the resulting activity, meaning malware residing on peripherals would be detected. [1]
1 http://www.scmagazine.com.au/News/358265,research-detects-dangerous-malware-hiding-in-peripherals.aspx
