[PLUG] Equation may p0wn your hard drive
Keith Lofstrom
keithl at gate.kl-ic.com
Fri Feb 20 04:28:30 UTC 2015
On Wed, 18 Feb 2015 12:49:28 -0800 Larry Brigman dijo:
>Not just hard drives but the whole of the electronics coming out of
>china in the near future.
On Wed, Feb 18, 2015 at 01:36:54PM -0800, John Jason Jordan wrote:
> A couple of questions:
>
> 1) Does this include hard drives and other hardware in computers used by
> the federal government?
The feds have policies controlling the storage hardware they allow
into secure sites. I have relatives near Annapolis, and the best
technical library nearby is Nimitz Library at the Naval Academy.
The USNA does not allow USB flash drives and outside computers onto
the campus; too many ways for data to leak over airgaps from Navy
secure sites, or trojans to find their way back in.
I just got my first hearing aid. The computer in it is more
sophisticated than my old flip phone. In another decade, hearing
aids will store gigabytes, have agile radios that can communicate
on any band, and be yet another transport for digital infection.
> 2) Does there exist hardware free from these backdoors, perhaps
> manufactured in a country unfriendly to the US government?
Yes, all hardware is free of backdoors. Trust us. Also, all of the
US is unfriendly to one aspect or another of the US government. :-)
Here's yet another (rather technical) recent article on the subject:
http://spectrum.ieee.org/semiconductors/design/stopping-hardware-trojans-in-their-tracks
The answer is "you cannot know without very sophisticated teardown."
Techniques like those suggested by the authors of the article above
/might/ work, or they might simply add some expense and complexity to
the task of adding backdoors to critical hardware. Unless the chips
are transported by trusted courier between manufacturers, and directly
to the final installation at a secure site, the good guys can add all
the complexity they want, and the bad guys can replace secure items
with compromised counterfeits, rerouting shipments by hacking Fed Ex.
Keith
--
Keith Lofstrom keithl at keithl.com
More information about the PLUG
mailing list