Bitcoin Forum
November 06, 2024, 03:24:19 AM *
News: Latest Bitcoin Core release: 28.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: « 1 2 [3]  All
  Print  
Author Topic: Possible hardware backdoors  (Read 606 times)
goldkingcoiner
Legendary
*
Offline Offline

Activity: 2226
Merit: 1973


A Bitcoiner chooses. A slave obeys.


View Profile WWW
July 21, 2023, 08:28:00 PM
 #41

Hi all!

I've recently seen a video where a hacker holds a conversation about possible hardware backdoors in some pcs and other devices, mainly in the processor but also in more parts. Those backdoors would come with an OS preinstalled that could spy you.
If you are afraid of this, then how about taking your / friend / relative's old PC / laptop to generate a wallet and then use it? It is unlikely that hardware backdoors will be possible on older devices. The problem with the pre-installed OS on these devices is solved simply by reinstalling on a Linux distribution of your choice (You voice Tails OS).

That is, this way you will surely be safe by not buying new devices, in which backdoors can be pre-installed by manufacturers in the OS and hardware parts, such as the processor. Also, save on expensive purchases.


In this case I think that the worry lies in the fact that most people are not working with (or will not be working with- in the near future) PC's or other devices which are old and outdated. We live in a world where software as well as hardware is being constantly updated and renewed.

So your solution of using old devices is not a sustainable one for the future. Which, only goes to show how serious OP sees the problem to be, I would say.

I think we need to group together and find a way to stop the governments from doing this to us. They cannot be allowed to permit such spying to be possible in the first place. Laws are supposed to protect our freedoms, not exploit them.

Although I also think that private companies would not want to miss out on customers, if they make such devious devices in the first place. Perhaps the free market will take care of the problem?

███████████████████████████
███████▄████████████▄██████
████████▄████████▄████████
███▀█████▀▄███▄▀█████▀███
█████▀█▀▄██▀▀▀██▄▀█▀█████
███████▄███████████▄███████
███████████████████████████
███████▀███████████▀███████
████▄██▄▀██▄▄▄██▀▄██▄████
████▄████▄▀███▀▄████▄████
██▄███▀▀█▀██████▀█▀███▄███
██▀█▀████████████████▀█▀███
███████████████████████████
.
.Duelbits.
..........UNLEASH..........
THE ULTIMATE
GAMING EXPERIENCE
DUELBITS
FANTASY
SPORTS
████▄▄█████▄▄
░▄████
███████████▄
▐███
███████████████▄
███
████████████████
███
████████████████▌
███
██████████████████
████████████████▀▀▀
███████████████▌
███████████████▌
████████████████
████████████████
████████████████
████▀▀███████▀▀
.
▬▬
VS
▬▬
████▄▄▄█████▄▄▄
░▄████████████████▄
▐██████████████████▄
████████████████████
████████████████████▌
█████████████████████
███████████████████
███████████████▌
███████████████▌
████████████████
████████████████
████████████████
████▀▀███████▀▀
/// PLAY FOR  FREE  ///
WIN FOR REAL
..PLAY NOW..
o_e_l_e_o
In memoriam
Legendary
*
Offline Offline

Activity: 2268
Merit: 18746


View Profile
July 22, 2023, 08:39:06 AM
 #42

Your 15-16 year old PC will most likely run outdated OS and / or packages, which are much more likely to be exploited than bugs in the CPU.
The number of bugs which have been discovered in older PRNGs alone makes me never want to do this.

Can you name some hardware wallets that are made with both open source software and hardware?
Passport - https://foundationdevices.com/

They cannot be allowed to permit such spying to be possible in the first place. Laws are supposed to protect our freedoms, not exploit them.
I admire your optimism, but none of that is true. Governments the world over are fully committed to mass surveillance via any and all means available to them. The information which has been leaked regarding these programs is shocking enough, but will be absolutely dwarfed by all the true scope of the surveillance.
DaveF
Legendary
*
Offline Offline

Activity: 3654
Merit: 6660


Crypto Swap Exchange


View Profile WWW
July 22, 2023, 11:07:15 AM
 #43

Oops: https://www.bleepingcomputer.com/news/security/critical-ami-megarac-bugs-can-let-hackers-brick-vulnerable-servers/
Quote
Furthermore, the two MegaRAC BMC firmware vulnerabilities disclosed today can be chained with the ones mentioned above.

Specifically, CVE-2022-40258, which involves weak password hashes for Redfish & API, could help attackers crack the administrator passwords for the admin accounts on the BMC chip, making the attack even more straightforward.

Although not 100% related to this, since I do not think most of us are running enterprise servers for ourselves. But, there are some higher end workstations that have the vulnerabilities. However, if you have the hadware management port on your home machine exposed to the internet, you already have other issues....

But still, makes you wonder how many hacks have happened to other places because they had servers like this with the out of band access not secured properly and people got in.

But, in reference to the OP this is not really a back door, just a front door with a really crappy lock on it.

-Dave

█▀▀▀











█▄▄▄
▀▀▀▀▀▀▀▀▀▀▀
e
▄▄▄▄▄▄▄▄▄▄▄
█████████████
████████████▄███
██▐███████▄█████▀
█████████▄████▀
███▐████▄███▀
████▐██████▀
█████▀█████
███████████▄
████████████▄
██▄█████▀█████▄
▄█████████▀█████▀
███████████▀██▀
████▀█████████
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
c.h.
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
▀▀▀█











▄▄▄█
▄██████▄▄▄
█████████████▄▄
███████████████
███████████████
███████████████
███████████████
███░░█████████
███▌▐█████████
█████████████
███████████▀
██████████▀
████████▀
▀██▀▀
Synchronice
Hero Member
*****
Offline Offline

Activity: 1036
Merit: 867



View Profile
July 22, 2023, 01:02:47 PM
 #44

Given the current technical possibilities for surveillence, I think IF a powerful organisation or government does want to spy on someone or a company, they have plenty of tools available.
One tech that comes to mind, which seemed pretty mind boggling to me at the time (already a few years old), is a special video-analyzing software that can be used to analize micro-vibrations on surfaces of objects to reconstruct the sound emitted to create these vibrations.
I guess it depends on the quality of the video, however as technology advances these limitations will also be less and less of an obstacle.
Every case is very individual. If you live in third countries, in small cities or towns, or in poor villages, you can definitely feel very safe in terms of spying. It's very individual, if one knows the undeveloped/developing country well, he/she can manage the situation very well. There are countries where police isn't advanced, lacks knowledge, equipment and athletism and so on.

However, to the best of my knowledge, officially backdoored CPUs don't have (enough) persistent, read- and writeable storage on die to allow for such an attack. Furthermore, anyone with the amount of resources to set up such an attack, usually aims for other goals than stealing some BTC.

If you want to be extra paranoid though, just unplug any other secondary storage before booting Tails and fully turn off the device after creating the seed and remove all power (to flush dynamic memories).
For the maximum level of paranoia, simply never reconnect the hardware to the internet, at all. Keep it as a forever-offline signing-only Tails PC.

To avoid doubts, better use an old computer or a hardware wallet (made with open source software and hardware) Wink
You will be much better off with an open-source, open hardware, airgapped hardware wallet.
I can't believe that nobody is really criticizing this 'old computer' idea. Your 15-16 year old PC will most likely run outdated OS and / or packages, which are much more likely to be exploited than bugs in the CPU.
It's a very different what's official and what's unofficial. I'm really afraid that when I buy a very expensive CPU, it may come with another surprise. What if every CPU since 2012 comes with secret nano microphone that doesn't need internet and uses radio frequencies to transmit data? Does it sound sci-fi? Probably, but doesn't mean that I am crazy and out of mind. There is a possibility that what I said is a real threat.
But it's my personal opinion that old CPUs can be safer. The reason why I think so is that there was a time in technology that the development was more important than spying. Now, things are pretty developed and monetized, it's time to make some powerful things more affordable, spy on people and control them.

I think we need to group together and find a way to stop the governments from doing this to us. They cannot be allowed to permit such spying to be possible in the first place. Laws are supposed to protect our freedoms, not exploit them.

Although I also think that private companies would not want to miss out on customers, if they make such devious devices in the first place. Perhaps the free market will take care of the problem?
You can't imagine how many people like the idea of everything being controlled by the government. There are a lot of people who like the idea of government controlling your messages, transactions, your footsteps, etc. You can't make an independent person out of slave.



For maximum individual cyber security, you have to do a big research and choose a different country to live in. You have to choose a specific country, specific city, specific street, specific neighborhood, change your personality and openness, absolutely everything matters.

▄▄███████████████████▄▄
▄███████████████████████▄
████████▀░░░░░░░▀████████
███████░░░░░░░░░░░███████
███████░░░░░░░░░░░███████
██████▀░░░░░░░░░░░▀██████
██████▄░░░░░▄███▄░▄██████
██████████▀▀█████████████
████▀▄██▀░░░░▀▀▀░▀██▄▀███
███░░▀░░░░░░░░░░░░░▀░░███
████▄▄░░░░▄███▄░░░░▄▄████
▀███████████████████████▀
▀▀███████████████████▀▀
 
 CHIPS.GG 
▄▄███████▄▄
▄████▀▀▀▀▀▀▀████▄
███▀░▄░▀▀▀▀▀░▄░▀███
▄███
░▄▀░░░░░░░░░▀▄░███▄
▄███░▄░░░▄█████▄░░░▄░███▄
███░▄▀░░░███████░░░▀▄░███
███░█░░░▀▀▀▀▀░░░▀░░░█░███
███░▀▄░▄▀░▄██▄▄░▀▄░▄▀░██
▀███
░▀░▀▄██▀░▀██▄▀░▀░██▀
▀███
░▀▄░░░░░░░░░▄▀░██▀
▀███▄
░▀░▄▄▄▄▄░▀░▄███▀
▀█
███▄▄▄▄▄▄▄████▀
█████████████████████████
▄▄███████▄▄
███
████████████▄
▄█▀▀▀▄
█████████▄▀▀▀█▄
▄██████▀▄▄▄▄▄▀██████▄
▄█████████████▄████████▄
████████▄███████▄████████
█████▄█████████▄██████
██▄▄▀▀▀▀█████▀▀▀▀▄▄██
▀█████████▀▀███████████▀
▀███████████████████▀
██████████████████
▀████▄███▄▄
████▀
████████████████████████
3000+
UNIQUE
GAMES
|
12+
CURRENCIES
ACCEPTED
|
VIP
REWARD
PROGRAM
 
 
  Play Now  
n0nce
Hero Member
*****
Offline Offline

Activity: 882
Merit: 5918


not your keys, not your coins!


View Profile WWW
July 22, 2023, 05:03:28 PM
Last edit: July 22, 2023, 05:21:09 PM by n0nce
 #45

Hi n0nce
Please, forgive for the question but I'm a bit newbie at this.
Can you name some hardware wallets that are made with both open source software and hardware?
No need to apologize! @dkbit98 maintains a list of open source hardware wallets, with extra notes regarding hardware and reproducibility: [L​I​ST] Open Source Hardware Wallets

As of right now, due to latest changes (September 2022) at Trezor, I would only recommend Foundation Passport; find my (obviously independent, unpaid) honest reviews here:
​​​
To avoid doubts, better use an old computer or a hardware wallet (made with open source software and hardware) Wink
You will be much better off with an open-source, open hardware, airgapped hardware wallet.
I can't believe that nobody is really criticizing this 'old computer' idea. Your 15-16 year old PC will most likely run outdated OS and / or packages, which are much more likely to be exploited than bugs in the CPU.
Some linux distro (such as Debian) works fine with old PC though.
It depends. Depending on how old and how good the machine was at the time, you can get Debian running on it. Choose the right architecture here: https://cdimage.debian.org/cdimage/release/current/

In my personal experience though, sometimes latest versions of packages are not available for 32-bit CPUs, for instance. You will then need to try compiling them yourself. Only to run into issues with your toolchain being updated and so on (you get the idea). Sometimes compilation needs several GB of RAM which you may not have. Just to name a few problems with reeeeally old hardware.

Every case is very individual. If you live in third countries, in small cities or towns, or in poor villages, you can definitely feel very safe in terms of spying.
It is quite unlikely that anyone here is specifically targeted by 'individual' spying; most of it takes place as mass surveillance. Mass surveillance (as the word implies) targets everyone, no matter where you are located.

I'm really afraid that when I buy a very expensive CPU, it may come with another surprise. What if every CPU since 2012 comes with secret nano microphone that doesn't need internet and uses radio frequencies to transmit data? Does it sound sci-fi? Probably, but doesn't mean that I am crazy and out of mind. There is a possibility that what I said is a real threat.
But it's my personal opinion that old CPUs can be safer.
It can be your opinion, but it makes little sense. Although the possibility you keep bringing up can exist, the possibility of an old chip being vulnerable is actually much higher. As mentioned before; outdated OS, outdated kernel, outdated packages, weak PRNG, are just a few known vulnerabilities. Meanwhile the threats you think of are purely hypothetical.
Furthermore, stuff like hidden microphones inside the CPU package would be spotted by anyone opening it up and creating die shots. Which is usually done right after release by some PC enthusiasts every single year.

█▀▀▀











█▄▄▄
▀▀▀▀▀▀▀▀▀▀▀
e
▄▄▄▄▄▄▄▄▄▄▄
█████████████
████████████▄███
██▐███████▄█████▀
█████████▄████▀
███▐████▄███▀
████▐██████▀
█████▀█████
███████████▄
████████████▄
██▄█████▀█████▄
▄█████████▀█████▀
███████████▀██▀
████▀█████████
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
c.h.
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
▀▀▀█











▄▄▄█
▄██████▄▄▄
█████████████▄▄
███████████████
███████████████
███████████████
███████████████
███░░█████████
███▌▐█████████
█████████████
███████████▀
██████████▀
████████▀
▀██▀▀
Pages: « 1 2 [3]  All
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!