Originally posted by chithanh
View Post
Announcement
Collapse
No announcement yet.
Why You Don't See Coreboot Supported By Many Modern Intel Systems
Collapse
X
-
As I don't know anything about how GPUs work, I'll have to take your word for it. Also that that parts which are not constrained by the same GPUVM tables are sufficiently isolated from parts that are, so the latter are unable to attack the former (e.g. by uncontrolled writing into their memory before they write to system memory). And that there is sufficient atomicity in the security checks to prevent TOCTTOU style attacks.
Comment
-
Originally posted by Luke View PostI assume you are speaking of the "evil maid" attack that requires physical access twice: once to install the keylogging initramfs and once to collect the machine. This attack is mostly used "proof of concept" when multiple hackers share living space and someone needs to be taught that no single defensive layer is ever 100%.
Actual cops are more likely to use hardware keyloggers, a businessman in China once caught the MSS with has laptop apart where he left it in his hotel room. He rejected the advances of an apparent sex worker, charged back to his room, and caught the cops trying to install a hardware keylogger that plugs in between the keyboard cable and the motherboard, not the easiest job in a laptop. The counter to this is to glue the keyboard down so removing it becomes tamper-evident.
The software "evil maid" attack on the initramfs is complex for an attacker without persistant physical access because you have to know what you are attacking. You need at least to know whether you are attacking Truecrypt, Bitlocker or linux native DM-Crypt. I can guarnantee you that if you replaced my initramfs with one made with initramfs-tools I would notice because mine is made with Dracut.Luke's defense for example is to use full-disk encryption with non-standard initramfs, because the Evil Maid can come prepared for all methods of disk encryption commonly employed by Linux distros.
Originally posted by Luke View PostLastly, you still need physical access, and not to leave a sign that you were present. If I were at a hotel room or activist house during a major protest and nobody would be there while we were deployed, you can bet my laptop would be coming with me. The desktop would be out of your jurisdiction in a place that is never left unattended. If I expected this kind of attack, say on a video editing machine that HAD to be left unattended during a major protest, the initramfs would come with me on a flash drive, and the keyboard would be glued shut.
As Snowden said, encryption works, but security is difficult. IMHO, it isn't realistic to think that you can secure yourself against a nation state unless you have systems that aren't on a network, and can be physically guarded 24 hours a day by 100% trustworthy people. Any hardware, USB drives, etc. that interface with the system also need to be protected. It would be very hard.
If nobody is watching you, then it's probably not because it isn't possible, but because you aren't interesting enough to justify the effort and expense.
Comment
-
using a network to exfil >3TB of video files?
Originally posted by chrisb View PostThe Evil Maid attack could be combined with a Blue Pill attack. No need for a second visit if you have network access, no need to target some specific encryption or boot scripts - just use the blue pill, then have the rogue hypervisor/interpreter inject a backdoor kernel module. You could log every keystroke, and present the exact binary data from the original drive so all checksums match. Even without a network, you can hide the encryption key and key log on a hidden area of the disk for later retrieval.. but if you have physical access, it makes sense to add your own network implant while you're there.
Physical security is hard, you have to trust the people guarding your system.. your attacker can use an undercover agent or flip one of your co-conspirators and that's it. Most people will turn on you if they think you are a threat to national security, or to their security, or their freedom, or just for profit. The only people who won't turn are the ones who are commited to the cause and willing to lose everything, and, ultimately, die for it. Outside of certain groups, those kind of people are very rare.
As Snowden said, encryption works, but security is difficult. IMHO, it isn't realistic to think that you can secure yourself against a nation state unless you have systems that aren't on a network, and can be physically guarded 24 hours a day by 100% trustworthy people. Any hardware, USB drives, etc. that interface with the system also need to be protected. It would be very hard.
If nobody is watching you, then it's probably not because it isn't possible, but because you aren't interesting enough to justify the effort and expense.
The more difficult and expensive you make it to attack your computers, the more "interesting" you can be without it being worth it to deploy the attacks. If you are arrested with an unencrypted computing device of any kind, I can almost guarantee it will be searched, legally or otherwise. If encrypted they almost certainly will not be to conduct a "routine" search. I've even heard of them holding machines and offering them back in return for the passphrase! If they otherwise give it back, that's when all the firmware-related attacks are to be presumed to be in use, especially against something common. Still, you are right that snitches, not hardware attacks, are the usual threat here.
Speaking of using the network to covertly exfil the take, it would be almost funny if the police tried to exfiltrate my over 3TB collection of video clips over a network of any kind. This would be equivalent to torrenting about 750 full length DVD movies at once. No way in hell that would go unnoticed. If I think there is a danger of a remote search for files from a particular date, changing the file creation times will block the search, and without knowing file and folder filenames there is no other way to search for them. Camera metadata I strip off.
I find it interesting that the US was never able to catch Mr Snowden, he was able to defeat his own former employers at their own game.
Comment
-
Originally posted by Luke View PostThe discussion below will apply to used machines with unwanted "anti-features" locked into them and to cases where they are a postpurchase surprise and the vendor refuses to take their crap back. That happens, I had to throw out $150 worth of T-Mobile hotspot garbage when I found they routed all activity through a "web-guard" censorship server unless you gave them a social security number or an ID. I refused, they refused to take their shit back, so I threw it in the pile of old circuit boards and went with someone else-after draining all the bandwidth on Ubuntu disk images so they could not re-sell it.
not simply use a pre-existing malicious feature in their own.
suddenly a new and not so easy layer to bypass has been added to the defenses.
Each different USB device will have different firmware, predicting which one has to be replaced with a malicious varient becomes an issue.
They must now resolve this chicken and egg situation or store a huge variety of firmware somewhere in flash.
For instance, V-Pro and other "AMT" type technologies as far as we know require use of the on-board network device and normally fail if used with a network device not supporting remote management.
If you've got one of those Supermicro boards you mentioned, not connecting the onboard networking device to the Internet disables remote use of AMT entirely,
As a rule all "enterprise" laptops and servers that offer "extra security" should be avoided when security against state level attackers, security against the vendor, or security against your ISP is required.
but it is the first three I consider the most dangerous.
As for screwing with RF circuits, RF happens to be one of my fields of expertise, and a shielded dummy load is not that hard to make
highly directional antennas and exact knowledge of your location to spy on you this way, and the NSA does not hand all their secrets to every cow town constable.
Since Lenovo disables booting with a non-Lenovo network card on the bus, all Lenovo wifi cards should be treated as malicious and removed.
One more question: what happens when an older (pre Boot Guard) Lenovo laptop gets both Coreboot and a non Lenovo network card installed?
Comment
-
Originally posted by chithanh View PostPCI/PCIe devices cannot be treated as black boxes however (remember the Thunderbold security fiasco?). Same for anything with Direct Memory Access like FireWire
Comment
-
Originally posted by SystemCrasher View PostModern hardware comes with IOMMU and it would catch any access which was not previously enabled in explicit way.
Originally posted by SystemCrasher View PostWhile primary use is to allow safe PCI(-e) devices passthrough to VM, it also good countermeasure against DMA attacks in general.
- they work correctly
- the operating system knows about their existence
- the operating system has a driver for them
- the operating system actually uses them (and not e.g. turns them off by default because they cause stability problems or other issues)
Neither of these is a given, as was demonstrated multiple times in the past.
Comment
Comment