Bitcoin Forum
December 04, 2016, 02:23:28 PM *
News: Latest stable version of Bitcoin Core: 0.13.1  [Torrent].
 
   Home   Help Search Donate Login Register  
Pages: « 1 [2]  All
  Print  
Author Topic: an example of high-profile chip-level backdoor  (Read 3476 times)
RodeoX
Legendary
*
Offline Offline

Activity: 2100


The revolution will be monetized!


View Profile
June 09, 2012, 03:17:38 PM
 #21

@niko Thanks for posting this. I think you make some excellent points. I don't know much about these HW back-doors. Even though I try for best practices in security I never feel like it's impossible to be pwned.
I wonder about some of the new tiny form factor computers, are there any chipsets free of backdoors? 

The gospel according to Satoshi - https://bitcoin.org/bitcoin.pdf

Free bitcoin=https://bitcointalk.org/index.php?topic=1610684
1480861408
Hero Member
*
Offline Offline

Posts: 1480861408

View Profile Personal Message (Offline)

Ignore
1480861408
Reply with quote  #2

1480861408
Report to moderator
1480861408
Hero Member
*
Offline Offline

Posts: 1480861408

View Profile Personal Message (Offline)

Ignore
1480861408
Reply with quote  #2

1480861408
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1480861408
Hero Member
*
Offline Offline

Posts: 1480861408

View Profile Personal Message (Offline)

Ignore
1480861408
Reply with quote  #2

1480861408
Report to moderator
1480861408
Hero Member
*
Offline Offline

Posts: 1480861408

View Profile Personal Message (Offline)

Ignore
1480861408
Reply with quote  #2

1480861408
Report to moderator
1480861408
Hero Member
*
Offline Offline

Posts: 1480861408

View Profile Personal Message (Offline)

Ignore
1480861408
Reply with quote  #2

1480861408
Report to moderator
cypherdoc
Legendary
*
Offline Offline

Activity: 1764



View Profile
June 09, 2012, 05:27:27 PM
 #22

one laughable example of US outsourcing to Asian countries.
lame.duck
Legendary
*
Offline Offline

Activity: 1242


View Profile
July 25, 2012, 10:47:21 AM
 #23

Existence of such backdoors could have been revealed long ago. Many countries import US hardware and use them in critical applications, so their security agencies should have been fired for not finding the backdoors if they existed.

Those agencies should also have been fired if they would tell it.
check_status
Full Member
***
Offline Offline

Activity: 196


Web Dev, Db Admin, Computer Technician


View Profile
July 25, 2012, 11:40:46 AM
 #24

Option ROMs are why INT19 traps are disabled by default in most BIOSes. Wonder if the next hardware spying system will be a cheap RAID card with its own BIOS.

Why? its already integrated in the northbridge, has its own embedded cpu, but uses the same bios chip as the rest of the system. See the last PDF I linked above.
Right but for remote activation you would need to use the built in ethernet port, I would think, and if there is a separate NIC installed you would have to attack from a different angle. So the attack could instead originate from an expansion card.

EFI BIOS has it's own network stack and it's operation is undetected by the system. The EFI BIOS can reflash itself without the owners knowledge. It's for this reason the LinuxBIOS Project was created, now Coreboot.

FOSDEM 2007 LinuxBios:
http://www.youtube.com/watch?v=tjS985UQjHg

For Bitcoin to be a true global currency the value of BTC needs always to rise.
If BTC became the global currency & money supply = 100 Trillion then ⊅1.00 BTC = $4,761,904.76.
P2Pool Server List | How To's and Guides Mega List |  1EndfedSryGUZK9sPrdvxHntYzv2EBexGA
DeathAndTaxes
Donator
Legendary
*
Offline Offline

Activity: 1218


Gerald Davis


View Profile
July 25, 2012, 12:00:57 PM
 #25

Right. Their job is to have access to any and all information. Not to use it, but to be able to get it when/if needed.

This has to be sarcasm right?  Please tell me you honestly don't believe that.

From ...
Quote
We hold these truths to be self-evident, that all men are created equal, that they are endowed by their Creator with certain unalienable Rights, that among these are Life, Liberty and the pursuit of Happiness.--That to secure these rights, Governments are instituted among Men, deriving their just powers from the consent of the governed

To
Quote
Their (agents of the state) job is to have access to any and all information. Not to use it, but to be able to get it when/if needed.

rjk
Sr. Member
****
Offline Offline

Activity: 420


1ngldh


View Profile
July 25, 2012, 01:51:08 PM
 #26

Right. Their job is to have access to any and all information. Not to use it, but to be able to get it when/if needed.

This has to be sarcasm right?  Please tell me you honestly don't believe that.

From ...
Quote
We hold these truths to be self-evident, that all men are created equal, that they are endowed by their Creator with certain unalienable Rights, that among these are Life, Liberty and the pursuit of Happiness.--That to secure these rights, Governments are instituted among Men, deriving their just powers from the consent of the governed

To
Quote
Their (agents of the state) job is to have access to any and all information. Not to use it, but to be able to get it when/if needed.


I hate to make it sound like my tinfoil hat is screwed on too tight, but that seems to be the thing that is happening more and more lately. Knowledge at all costs without regards to some old piece of paper (The Constitution).

Mining Rig Extraordinaire - the Trenton BPX6806 18-slot PCIe backplane [PICS] Dead project is dead, all hail the coming of the mighty ASIC!
RodeoX
Legendary
*
Offline Offline

Activity: 2100


The revolution will be monetized!


View Profile
July 25, 2012, 02:13:53 PM
 #27

Right. Their job is to have access to any and all information. Not to use it, but to be able to get it when/if needed.

This has to be sarcasm right?  Please tell me you honestly don't believe that.

From ...
Quote
We hold these truths to be self-evident, that all men are created equal, that they are endowed by their Creator with certain unalienable Rights, that among these are Life, Liberty and the pursuit of Happiness.--That to secure these rights, Governments are instituted among Men, deriving their just powers from the consent of the governed

To
Quote
Their (agents of the state) job is to have access to any and all information. Not to use it, but to be able to get it when/if needed.

I'm not saying it's great. But yes, I think that is the attitude. If suddenly we had a chance to get at some high value information by using a back door on a chip, the CIA would do it in a heart beat. There would be no time to research it in an emergency. That's why the CIA hires people to know about these things in advance.
Could that knowledge be abused by some "bad" government in the future. Sure it could.  Undecided

The gospel according to Satoshi - https://bitcoin.org/bitcoin.pdf

Free bitcoin=https://bitcointalk.org/index.php?topic=1610684
niko
Hero Member
*****
Offline Offline

Activity: 742


There is more to Bitcoin than bitcoins.


View Profile
July 25, 2012, 02:52:13 PM
 #28


I'm not saying it's great. But yes, I think that is the attitude. If suddenly we had a chance to get at some high value information by using a back door on a chip, the CIA would do it in a heart beat. There would be no time to research it in an emergency. That's why the CIA hires p0eople to know about these things in advance.
Could that knowledge be abused by some "bad" government in the future. Sure it could.  Undecided
[/quote]

I highlighted the important part. The value for whom? From what I see, US citizens are not reaping benefits at all - the agencies represent interests of large capital - often international. We can keep naively justifying it in one way or another, or we can grow cynical, but that's not going to lead us to a better - or even good - world.

Anyhow, seems like we agree that yes, there are hardware backdoors, and yes, we should be aware of it. The reason for OP was that I felt many are not aware of the problem.

They're there, in their room.
Your mining rig is on fire, yet you're very calm.
conspirosphere.tk
Legendary
*
Offline Offline

Activity: 1862


Revolution will be decentralized


View Profile WWW
July 25, 2012, 03:30:51 PM
 #29

So for the moment who is using AMD puters is supposed to be safe from this mother-of-all-rootkits?

Otherwise I would suggest to put together some BTC to pay a prize to whoever comes out with a way to kill this orwellian device.

Coinoisseur
Sr. Member
****
Offline Offline

Activity: 252


View Profile
July 25, 2012, 03:47:21 PM
 #30

Yep, with heck Wake on Lan implementation means there could easily be an exploit present to get low level access to anything attached to the motherboard. This is one occasion where there is probably a bit of safety in using an obscure or low volume product, as I doubt even intelligence agencies want to spend a ton of money backdooring low volume run chips.

This is a storm in a glass of water.

If you are worried about hardware backdoors, just imagine if your PC or laptop had a real hardware backdoor that would allow an attacker to connect remotely over LAN, Wifi or 3G to access your harddrive, your RAM, your display, your keyboard, your microphone, your camera. It would render any and all of your attempts to protect your privacy null and void, including any encryption. Something immune to software protection or detection, completely OS independent, in fact, even independent of the main cpu and therefore impossible to detect. Something that works out of band, even when your PC is powered off. Something that you cant disable, even if you think you can, because it can remotely be enabled again. All it would take is someone having the key to this backdoor

Sounds far fetched? Yet if you have an intel laptop or PC with AMT/vpro; thats precisely what you got.  

http://en.wikipedia.org/wiki/Intel_Active_Management_Technology

And it would be a stretch to believe some 3 letter agencies wouldnt have the keys.
Pages: « 1 [2]  All
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!