A few years ago some guys from Core security published a research were they found laptop's BIOS with a tool called Computrace that supposedly was to protect you if your computer was stolen, but contained a backdoor that allowed remote access and code execution. Computrace was installed in the BIOS for Notebooks of HP, Dell, Lenovo, Toshiba, Gateway, Asus, Panasonic, and more. No one can confirm it was the NSA yet... Snowden do you have something about it in your collection? Here is the paper http://www.blackhat.com/presentations/bh-usa-09/ORTEGA/BHUSA09-Ortega-Deacti... Cheerz http://apx808.blogspot.com On Tue, Feb 11, 2014 at 7:17 PM, Troy Benjegerdes <hozer@hozed.org> wrote:
All the 'NDA'/proprietary/confidential information that goes with chip designs provide plenty of cover to insert backdoors.
GCC would be a lot harder and people would be looking for it.
But your USB chip, graphics card, hard drive, or two factor authentication token, on the other hand...
The chinese are probably even copying the subverted chip designs without even knowing it's there.
I could see them more easily subverting chip designs themselves then
On Tue, Feb 11, 2014 at 02:47:01PM -0700, Kelly John Rose wrote: trying
to subvert the entire compiler ecosystem.
On Tue, Feb 11, 2014 at 2:05 PM, CypherPunk <cypherpunk@cpunk.us> wrote:
On 02/11/2014 01:32 PM, Rich Jones wrote:
In all of the Snowden docs that have been released so far, has
anybody
seen any mention of any NSA programs designed to subvert compilers?
Compilers seems like an extremely prime target for manipulation, but as far as I am aware there hasn't been anything mentioned about this yet. Has anybody here heard anything that I haven't?
Given that compilers are both a fairly easy to attack and amazingly convenient target, it wouldn't surprise me if the NSA has subverted a few specific compilers that are in common use. An attack of this nature has been hypothised since the early to mid-1980's. They would have to be amazingly dense not to have at least considered it.
On the flip side, the NSA likes to do things where it has the least opportunity to be caught. Compiler subversion, while not "easy" to catch by any means, might offer too big a risk of being caught for them to do it. Being that they have a multitude of weirdly named programs specifically set up to compromise software, the evidence would lean towards they haven't done it but I'm sure it was, at the very least, discussed.
-- Kelly John Rose Toronto, ON Phone: +1 647 638-4104 Twitter: @kjrose Skype: kjrose.pr Gtalk: iam@kjro.se MSN: msn@kjro.se
Document contents are confidential between original recipients and sender.