<ZetaR>
Though there was a ton of other info about what they had been up to, it was already suspected that the NSA could do that sort of thing.
<wpwrak>
yes, but we can also suspect chinese chip makers to plant backdoors. the question is still whether this actually happens, and - more importantly - in what sort of chips.
<ZetaR>
(For those of you that don't know, 641A is a room in an AT&T building where the NSA had set up a tap into the communications backbone)
<wpwrak>
also, i wouldn't expect that you'd need to involve a lot of people. you probably only have a few who really understand the design enough to spot a backdoor. for the rest, it may just look like a quirk like many others. and the vast majority of people who touch the part at the manufacturers wouldn't be able to understand how such things work anyway.
<wpwrak>
and all this is especially true in companies that normally have a high degree of compartmentalization. again, something you're likely to find in asian cultures (but in the west as well)
<ZetaR>
Well, lets see what sort of ways we could discover that: The manufacturer (lets presume they are not the attacker for the moment) knows the intended layout of the IC, and they probably have lots of info about how the dies look when they come out. If the die looks different in any way, there is something "wrong" with it. Firmware could be added, but AFAIK they have the ability to dump it and check it against known firmware, and they would so see if there was somet
<wpwrak>
naw, you want to tap into the design process. if chip and design disagree, then that will obviously be spotted by the lower ranks.
<ZetaR>
So my thought is that it would be hard to add hardware or firmware backdoors after design in the manufacturing facility to a large number of chips without being caught by the manufacturer.
<ds2>
the line btwn silicon and firmware is very blurry
<wpwrak>
so involve the manufacturer. easy :)
<ds2>
SoCs these days have cores that isn't even documented
<ZetaR>
Wouldn't there be too many people working on the design to ensure secrecy?
<ZetaR>
ds2: The manufacturer knows about them, though.
<wpwrak>
i don't know, but i wouldn't be surprised if the number was relatively small. at least small enough that you could ensure they don't talk about it.
<ds2>
yes but they are probally licensed from someone else along the chain
<ds2>
that someone else may say 'you need to have firmware xyz'
<ZetaR>
ds2: Ah, yes, I forgot about that.
<wpwrak>
again, that also depends on culture. both general and company culture. there are companies where people hardly talk to each other.
<ds2>
best thing to do is to assume anything you cannot personally verify to be tainted
<ZetaR>
I disagree. A better method of security is to examine the cost to the attacker of trying to break or subvert each part of the system.
<ds2>
you cannot guarantee an exhaustive examination with incomplee information
<wpwrak>
yes. such attacks would be expensive. so they would/will be used selectively.
<ZetaR>
No, you can't do exhaustive examination, but the efforts to subvert a system probably have typical costs proportionate to the cost of developing that system.
<ZetaR>
Or subsystem rather.
<ZetaR>
IIRC the NSA has done attacks where they intercept specific hardware and upload their subverted firmware to it. This is a much lower cost and lower risk of getting exposed.
<ZetaR>
But you can't do something like subvert an entire product line of CPUs that way.
<ds2>
isn't it simplier to treat it all as tainted
<ZetaR>
All development costs being equal, it is better to treat things as being subverted. But often the development costs are not equal, and the techniques used to try and deal with the possibility of subverted hardware are impractical.
<ZetaR>
Thankfully when using generic off the shelf hardware, it will not "know" ahead of time what the rest of the system will look like, and so it would make exploiting more than a small part very difficult.
<ZetaR>
At least, it is difficult when you separate things properly like with the Neo900.
<ds2>
hmmm?
<ds2>
it is more of good practice then doing anything special if you assume tainted hw
<ds2>
regardless of how tainted it is, it still has to obey laws of physics
<ZetaR>
Okay, so how do you build a secure system from subverted components?
<ds2>
partition the hw
<ds2>
chips that do not have a physical connection to the outside world cannot transmit info to the outside world
<ZetaR>
If all of the chips are subverted in a way that is controllable, then you can subvert whatever has access to the outside world and then work your way inward by accessing the other chips through the first one's bus.
<ZetaR>
Or maybe this is not what you meant by "tainted".
<ds2>
let's take a simple bus
<ds2>
SPI
<ds2>
data can only do certain things
<ds2>
keep that in mind when build the system
<ZetaR>
Unless the module you are talking to has a back door, then a certain data sequence can do whatever the chip is capable of.
<ds2>
so you assume it has a backdoor
<ZetaR>
My question is how you are proposing to achieve a secure system here.
<ds2>
you look at what the chip can do
<ds2>
and make sure it doesn't get anything that is considered "important"
<ZetaR>
Well, if the device in general is handling "important" things, then *something* has to handle the "important" data.
<ds2>
yes
<ds2>
make sure the part that does handle the important data is not useful to the capabilities of that part
<ZetaR>
And if everything on the device is backdoored, then both the thing handling the "important" data and the thing able to access the outside world are both subverted.
<ZetaR>
The thing actually preventing this is the huge cost of backdooring a single thing in the first place.
<ZetaR>
Which makes backdooring two things that are coincidentally used together prohibitive.
<ds2>
i don't agree with that
<ds2>
let's say the modem is backed doored, what can it do?
<ZetaR>
It can talk to the CPU.
<ZetaR>
And it can transmit/receive.
<ds2>
why is that?
<ds2>
how can it directly talk to the CPU?
<ZetaR>
It is on the same bus (presumably)
<ZetaR>
Or the CPU/SoC I should say.
<ds2>
the CPU bus is rarely exposed thesedays
<ds2>
modems used to be serial interfaced, now it is ethernet, usb, etc
<ZetaR>
Yeah, yeah, I was just speaking loosely.
<ZetaR>
So you have UART and USB in the case of the Neo900.
<ds2>
so you make sure whatever flows over that interface is in a useless for for others
<ZetaR>
How do you ensure that when both the CPU/SoC and the modem have a backdoor?
<ds2>
unless them have a complementary set of backdoors....
<ZetaR>
They don't have to be complementary, they just need to have sufficient flexibility.
<ZetaR>
Command over wireless to modem backdoor -> Modem instructed to send command to CPU -> command over bus to CPU backdoor -> cpu commanded to dump memory to the modem
<ds2>
that in itself is not fatal
<ZetaR>
How so? You have arbitrary execute privileges.
<ds2>
dumping memory is not hte best way to gather useful info
Oksana_ is now known as Oksana
<ZetaR>
That is just an example.
<ds2>
just because you can execute doesn't mean you can't gather info. for someone to do that, the data needs to be in a known format
<ZetaR>
My point is that at some point you have to decide that an attack is too costly. You can't just assume everything is subverted.
<ZetaR>
Not really. That is what an analyst is for.
<ZetaR>
Sorry, I have to go AFK.
<EndZ>
ds2: no
<EndZ>
>heartbleed
<ds2>
that isn't a universal problem
<EndZ>
but that gave also only random 64 bit data
Defiant has quit [Ping timeout: 265 seconds]
Defiant has joined #neo900
varu|zZz has quit [Read error: Connection reset by peer]
varu- has joined #neo900
Kabouik_ has joined #neo900
Kabouik has quit [Ping timeout: 264 seconds]
vakkov__ is now known as vakkov
JamesJRH has quit [Ping timeout: 240 seconds]
rootman has quit [Ping timeout: 256 seconds]
JamesJRH has joined #neo900
rootman has joined #neo900
tomeff has joined #neo900
antiatom has quit [Read error: Connection reset by peer]
antiatom has joined #neo900
infobot has quit [Ping timeout: 255 seconds]
wojtas has joined #neo900
antiatom has quit [Quit: No Ping reply in 180 seconds.]
antiatom has joined #neo900
vakkov has quit [Ping timeout: 264 seconds]
antiatom has quit [Quit: No Ping reply in 180 seconds.]
antiatom has joined #neo900
wojtas has quit [Quit: Leaving.]
vakkov has joined #neo900
modem has quit [Ping timeout: 265 seconds]
antiatom has quit [Quit: No Ping reply in 210 seconds.]
modem has joined #neo900
antiatom has joined #neo900
xes has quit [Remote host closed the connection]
vakkov has quit [Ping timeout: 240 seconds]
vakkov has joined #neo900
antiatom has quit [Quit: No Ping reply in 180 seconds.]
antiatom has joined #neo900
antiatom has quit [Excess Flood]
antiatom has joined #neo900
infobot has joined #neo900
antiatom has quit [Excess Flood]
antiatom has joined #neo900
vakkov has quit [Ping timeout: 244 seconds]
jonsger has joined #neo900
ozero has joined #neo900
vakkov has joined #neo900
Kabouik has joined #neo900
Kabouik_ has quit [Ping timeout: 264 seconds]
JamesJRH has quit [Ping timeout: 244 seconds]
JamesJRH has joined #neo900
antiatom has quit [Quit: No Ping reply in 180 seconds.]
ozero has quit [Ping timeout: 272 seconds]
antiatom has joined #neo900
vakkov has quit [Ping timeout: 252 seconds]
xes has joined #neo900
ozero has joined #neo900
vakkov has joined #neo900
vakkov has quit [Ping timeout: 252 seconds]
vakkov has joined #neo900
vakkov has quit [Ping timeout: 260 seconds]
<DocScrutinizer05>
OK, one thing's for sure: next project without PP
<saper>
PP being?
sparetire_ has joined #neo900
* Kero
guesses paypal
che1 has joined #neo900
<saper>
DocScrutinizer05: started getting any serious amount of money and got blocked? been there :)
<wpwrak>
saper: how did you solve it ? show up at PP's doors, bringing the townsfolk with torches and pitchforks ?
che1 has quit [Ping timeout: 246 seconds]
<saper>
We have collected money for a conference via PP (among others)
itbaron has joined #neo900
<saper>
had to send them papework, that we are a registered non-gov organisation, etc. etc.
<saper>
it took a while but they were pretty fast
<saper>
the most annoying fact is that you don't know it in advance
<saper>
you just get blocked
<saper>
I remember getting stuck with important payments
<DocScrutinizer05>
we been there since quite some time now
<DocScrutinizer05>
today it got worse
<saper>
I am not sure if they blocked me once or even twice, asking for more paperwork once we've some more zeros on the account
<DocScrutinizer05>
"payments are freed *after shipping*"
<saper>
oh this is interesting
<DocScrutinizer05>
AFK, need to chill
<saper>
I think about doing crowsourcing for one thing and I am certain I will talk to them before I even start :(
<DocScrutinizer05>
PP and crowdsourcing doesn't go together well
<saper>
I know I won't promise any product or shipment
<saper>
just pure begging if you will
<saper>
need to ask Finanzamt what they think
<DocScrutinizer05>
this will be "donation" then, which you already know how to do, from your other project
<DocScrutinizer05>
Finanzamt? hehehe
<DocScrutinizer05>
those have no idea what's crowdsourcing, and they have no rules that would apply
<saper>
I think there are rules
<saper>
they mostly don't know how to apply them
vakkov has joined #neo900
ozero has quit [Ping timeout: 246 seconds]
tomeff has quit [Ping timeout: 244 seconds]
ozero has joined #neo900
lexik has quit [Quit: No Ping reply in 180 seconds.]
lexik has joined #neo900
antiatom has quit [Read error: Connection reset by peer]
antiatom has joined #neo900
vakkov has quit [Ping timeout: 246 seconds]
tomeff has joined #neo900
antiatom has quit [Ping timeout: 246 seconds]
jonsger has quit [Ping timeout: 252 seconds]
SylvieLorxu has joined #neo900
vakkov has joined #neo900
Pali has joined #neo900
GoGi has quit [Ping timeout: 246 seconds]
vakkov has quit [Ping timeout: 252 seconds]
<ozero>
Guten abend. Any source for a decent n900 case and front panel (w/o LCD itself)? Thanks :]
vakkov has joined #neo900
antiatom has joined #neo900
wicket64 has quit [Ping timeout: 246 seconds]
antiatom has quit [Ping timeout: 252 seconds]
vakkov has quit [Ping timeout: 264 seconds]
che1 has joined #neo900
Pali has quit [Ping timeout: 240 seconds]
antiatom has joined #neo900
che1 has quit [Read error: Connection reset by peer]
paulk-collins has joined #neo900
vakkov has joined #neo900
che1 has joined #neo900
ozero has quit [Ping timeout: 240 seconds]
ozero has joined #neo900
che1 has quit [Ping timeout: 240 seconds]
ozero has quit [Quit: bye]
che1 has joined #neo900
antiatom has quit [Quit: No Ping reply in 180 seconds.]
che1 has quit [Ping timeout: 240 seconds]
antiatom has joined #neo900
antiatom has quit [Ping timeout: 252 seconds]
wicket64 has joined #neo900
antiatom has joined #neo900
antiatom has quit [Client Quit]
antiatom has joined #neo900
antiatom has quit [Ping timeout: 252 seconds]
antiatom has joined #neo900
antiatom has quit [Ping timeout: 246 seconds]
che1 has joined #neo900
che1 has quit [Ping timeout: 268 seconds]
antiatom has joined #neo900
wicket64 has quit [Ping timeout: 264 seconds]
antiatom has quit [Ping timeout: 246 seconds]
antiatom has joined #neo900
antiatom has quit [Read error: Connection reset by peer]
fling has quit [Read error: Connection reset by peer]
wicket64 has joined #neo900
fling has joined #neo900
SylvieLorxu has quit [Ping timeout: 250 seconds]
SylvieLorxu has joined #neo900
SylvieLorxu has quit [Remote host closed the connection]
<DocScrutinizer05>
a good day for European information privacy: http://www.google.de/url?q=http://curia.europa.eu/jcms/jcms/P_180250/&sa=U&ved=0CBYQqQIwAGoVChMI68j0mNCuyAIVyVkaCh0w4QV-&usg=AFQjCNGGyWSDGLhyyhG4ikPUCKJLiZeVjg
<DocScrutinizer05>
now if they also would classify PP as a regular bank and apply all the regulations any other bank has to comply with...
<Wizzup>
hehe
wicket64 has quit [Ping timeout: 250 seconds]
tomeff has quit [Quit: tomeff]
stefek99 has quit [Remote host closed the connection]
nicksydney has quit [Remote host closed the connection]