[PLUG] Equation may p0wn your hard drive
Ken Stephens
kens at cad2cam.com
Fri Feb 20 04:37:58 UTC 2015
Keith Lofstrom wrote:
> On Wed, 18 Feb 2015 12:49:28 -0800 Larry Brigman dijo:
>
>> Not just hard drives but the whole of the electronics coming out of
>> china in the near future.
>
> On Wed, Feb 18, 2015 at 01:36:54PM -0800, John Jason Jordan wrote:
>> A couple of questions:
>>
>> 1) Does this include hard drives and other hardware in computers used by
>> the federal government?
> The feds have policies controlling the storage hardware they allow
> into secure sites. I have relatives near Annapolis, and the best
> technical library nearby is Nimitz Library at the Naval Academy.
> The USNA does not allow USB flash drives and outside computers onto
> the campus; too many ways for data to leak over airgaps from Navy
> secure sites, or trojans to find their way back in.
>
> I just got my first hearing aid. The computer in it is more
> sophisticated than my old flip phone. In another decade, hearing
> aids will store gigabytes, have agile radios that can communicate
> on any band, and be yet another transport for digital infection.
>
>
>> 2) Does there exist hardware free from these backdoors, perhaps
>> manufactured in a country unfriendly to the US government?
> Yes, all hardware is free of backdoors. Trust us. Also, all of the
> US is unfriendly to one aspect or another of the US government. :-)
>
>
> Here's yet another (rather technical) recent article on the subject:
>
> http://spectrum.ieee.org/semiconductors/design/stopping-hardware-trojans-in-their-tracks
>
> The answer is "you cannot know without very sophisticated teardown."
> Techniques like those suggested by the authors of the article above
> /might/ work, or they might simply add some expense and complexity to
> the task of adding backdoors to critical hardware. Unless the chips
> are transported by trusted courier between manufacturers, and directly
> to the final installation at a secure site, the good guys can add all
> the complexity they want, and the bad guys can replace secure items
> with compromised counterfeits, rerouting shipments by hacking Fed Ex.
>
> Keith
>
Keith,
Sounds like monitoring your network traffic would be a way to discover
any trojan traffic. Unless the traffic is carried by radio frequency
somewhere. Now all you need is a frequency spectrum analyzer or put
your computer in a Faraday cage.
Ken
More information about the PLUG
mailing list