-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 02/12/2014 04:26 AM, sunder wrote:
My guess would be things like network card drivers, or the firmware in network cards - anything that has supervisor level access to the entire
Like this? http://www.livehacking.com/tag/network-card-backdoor/ Proof of concept was been proven in 2010. Practical application is probably being done by now. Somebody is asleep behind the wheel if it is not.
As we've seen there are plenty of "open source" linux kernel drivers for NICs and video cards that are really binaries. Plenty of room to hide
Hex-encoded blobs, if not binary blobs that show up under /lib/firmware.
stuff there, but the hardware itself is a better target, especially if the firmware they carry cannot be downloaded by the computer for forensic analysis, and especially if there's some sort of open DMA access from the device to the full memory of the machine that the OS cannot detect.
Subverting hardware during design means getting lots of engineers in the private sector to shut up. That is not always easy. Spending time reversing the binaries they require (which few people do anyway) and developing a version that is subverted requires keeping the lid on fewer people, and can be done entirely in house (i.e. without telling the manufacturer).
Maybe they'd add stuff to tcp/udp packets as an out of band channel, or
Did somebody mention looking for outbound UDP packets encrypted with RC-6 or something?
in the case of wireless stuff transmit on unused nearby frequencies that the hardware is capable of transmitting on, but cannot be detected with normal wifi/bluetooth sniffers.
That would work so long as the radio is not otherwise in use. Radio chipsets can be flipped around but it generates heat and uses up power faster. It should be more detectable than a subverted hardline.
Since there are only a handful of chip manufacturers, subverting those would be the path of least resistance and most gain, and companies like
Until somebody that works there blabs about it. Is that a risk an intel agency would accept? Good question; my wild-assed guess is 'no, not these days'. - -- The Doctor [412/724/301/703] [ZS] Developer, Project Byzantium: http://project-byzantium.org/ PGP: 0x807B17C1 / 7960 1CDC 85C9 0B63 8D9F DD89 3BD8 FF2B 807B 17C1 WWW: https://drwho.virtadpt.net/ "Ziggy's got zip, zilch, zero." --Al -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iEYEARECAAYFAlL7z4sACgkQO9j/K4B7F8Hx2wCg9CsrBuGsaYtHtRvOsQEO6b8T /SYAoIJXXmPpXdMfdWAsQ165Ng93ibEL =SnQe -----END PGP SIGNATURE-----