David I. Emery
die at dieconsulting.com
Mon Dec 21 16:09:31 PST 2015
On Mon, Dec 21, 2015 at 11:23:30PM +0000, nosphalot wrote:
> You always have similar concerns with any closed source software (or even
> open source you haven't audited yourself). Or am I missing a new problem
> that occurs with auto-updates?
I presume the suggestion is that vendors can cooperate with LEAs
to selectively send targets DIFFERENT and TROJANed updates because they
know who they are via all the "telemetry" and marketing tracking they do
and know which system is requesting updates and who it belongs to.
This is a different kind of cooperation than simply handing over
user data... or secretly sharing the fruits of their OWN spyware
(keystroke loggers intended to collect data to optimize search or UIs
And because such bogus updates would be specifically targeted
(maybe even with court ordered search warrants), it would presumably be
less objectionable as some form of legal process might have determined
that the system or software user is a "bad guy" legally subject to being
provided with such malware. And normal users would not be.
Obviously a defense is to determine if your system has a
different update binary (or code images in memory), but Dan points out
that the recent trend toward techniques such as address space
randomization and perhaps even different binaries from different
compilers and code optimizers (which reduces attack surfaces for
traditional malware a lot) might also make it a lot more difficult to
determine if the differences were just protective and the software
images functionally equivalent if not identical at the binary level or
whether some one of them contained backdoors or malware or trojans...
not present in the normal release.
This all WOULD provide backdoors only for targets, not the rest
of us... but also make the vendor at least indirectly an untrusted party
due to the potential that what appears to be a legitimate valid update
from him might instead be a trojan from the government (some government,
Might be better than having every copy equipped with a backdoor,
but also would of course be subject to various strategies of evasion...
depending on whether it was possible to obtain generic off line update
binaries (as it is now for the most part) anonymously.
> On Mon, Dec 21, 2015 at 3:17 PM <dan at geer.org> wrote:
> > With software auto-update in a fully personalized digital world,
> > there is no need for back doors.
> > Were active defense to go in the direction of diversity compilers,
> > comparing updates would be uninformative.
> > --dan
Dave Emery N1PRE/AE, die at dieconsulting.com DIE Consulting, Weston, Mass 02493
"An empty zombie mind with a forlorn barely readable weatherbeaten
'For Rent' sign still vainly flapping outside on the weed encrusted pole - in
celebration of what could have been, but wasn't and is not to be now either."
More information about the cypherpunks