Should i have in mind that only the government has the potential to hack qubes. I know that qubes is the most secure os publically available. Do you think that it is safe to assume " Only the government could hack qubes".
No, it should never be assumed that only X agency/entity (replace âXâ with whatever or whoever you want) can hack into an operating system and/or anything else.
If youâre asking if the government is the only one with the resources to hack into Qubes OS, then the answer is still no.
Itâs unlikely the government or anyone else would attempt to compromise Qubes OS, but itâs not impossible to.
Hi @SKS,
what Qubes OS does is help you to compartmentalize your data. It doesnât magically protect you from compromise. The idea here is that you have dedicated qubes for kinds of data / activities. So if someone attacks and compromises your email client used for work emails, they have access to your work emails and potentially everything else thatâs inside that particular qube. But they DO NOT have access to all the data in all the other qubes.
This obviously depends on how you compartmentalized your stuff. If you have all your important stuff in one qube and that qube gets compromised then Qubes OS canât do anything to protect you.
There are things you can do to limit the effects of a compromise like always use disposable qubes for web browsing, keep all your documents in offline qubes and only view/edit those files using disposable (offline) qubes.
Qubes OS is a platform / toolbox to assist you in creating a workflow that dramatically limits the effects of an eventual compromise.
Nothing about Qubes OS makes it less likely that you get hacked. Itâs all about limiting what the hacker can do if they are successful.
My question was more like @crying said who could technically have the resources to even attempt to get access of dom0. I mean the possibility that one finds an exploit as a normal person is low and the possibility of exploiting such system seems unlikely unless the government is involved which can havk everything. Even if someone has found an exploit in the code, it would be hard to exploit(transmit to computer). For me it seems unlikely that an entity outside of the government can hack and exploit qubes to reach dom0 access. What do you think?
Anyone can find a bug and create an exploit and they can just sell it off on some forum to anyone else like some big hacking group or some government. So in the end, answer will be that anyone can hack Qubes OS, not only governments.
There are certain agencies that have access to the hardware backdoors that exist in the interfaces. So it is a hardware vulnerability. The only way to accurately mitigate this is to have a CSOC on your network to watch and check every single packet before it has a chance to go to your computer. The back doors are built in by certain agencies.
Not to mention the CPU back doors that exist.
On top of that there are the zero day vulnerabilities that exist that have been mentioned. Along with the ones that are never found or patched because they are left there for exploiting.
You donât need a lot of âresourcesâ to really hack into anything. Thereâs an infamous story about the British teen who hacked into Rockstar Games (the people behind the GTA game series) only using an Amazon Firestick, his hotel television and a mobile phone. Itâs about skill, ability and the understanding of what youâre hacking into, etc. Qubes OS is open source, which in theory, can make it quite vulnerable, counting a good chunk (if not all) of the code is public.
The thing is, itâs statistically unlikely, because Qubes OS is not a very good target. The primary reason why viruses/malware mainly target Windows users is because Windows is the #1 home operating system and itâs used by millions daily. Not many use Linux, let alone Qubes OS.
If someone was targeting Qubes OS, it would be probably to target a specific user. And normally if youâre being targeted in that manner, it doesnât really matter what device or operating system you end up using, the person would be dedicated to targeting you in particular.
The average person probably doesnât care enough about Qubes OS. The average hacker probably doesnât care about Qubes OS. However, in theory, itâs possible that anyone can compromise Qubes OS.
As explained by Sven, the way Qubes OS works is not that itâs built as a strong operating system, with very security-focused code with zero flaws and zero issues. It works due to reducing hacking outcome/risks and thatâs done via itâs compartmentalizing system. Qubes OS is like most other operating systems. If someone wanted to, they will.
With that being said, it would have to be done by someone whoâs probably very skilled. Most skilled hackers do not inherently need a lot of resources to do their jobs well, but there arenât many skilled hackers and the ones who are are probably not interested in Qubes OS in particular.
Thatâs just my opinion and my understanding, though. I could be incorrect.
I do full cyber security checks and tests, all the hacking I can handle when employed to do so to test companies systems, all from a Samsung Galaxy S II.
Donât need anything more than that. One Linux shell and Iâm set.
Thereâs a lot of different ways to hack into something. Qubes does a very good job of reducing the likelihood and impact of certain categories of attack. If you use it right, youâre better protected than 99.9% of people from many attack vectors.
Bad operational security is more likely to lead to getting you pwned than the more sophisticated kinds of attacks that you hear about government agencies using. If you learn good opsec, and you learn to use Qubes intelligently, then youâre in a very good position.
But part of good security practice is never to assume that anything is unhackable.
Tha is one reason why I love qubes, works well normally. Minimal effort required to secure it to a very high degree.
I added a small CSOC to replace the firewall system. And that had worked wonders fory security.
Care to share more info, please? Iâm looking for something like that.
@Sks, think of (malicious) âhackingâ like trying to convince a night club bouncer that you âknow the managerâ so he/she will roll out the red carpet for you and let you in.
Thatâs probably the best analogy for what cybersecurity researchers do. They spend hours/days/weeks/months/years trying to find a way to âtrickâ that bouncer into giving them what they want.
The way in which you âtrickâ that bouncer doesnât necessarily need big, expensive machinery or massive computing power.
- Maybe you might bear a resemblance to a relative of the manager, and the bouncer might get confused and mistakenly let you in (exploiting poorly-written software)
- Maybe the bouncer is told to let people in with an ID card of a particular format, and you find that format and make one that fools the bouncer (spoofing)
- Maybe the bouncer gets a list of instructions of how to check people from the manager, but theyâre very poorly written, and you figure out a way to beat the bouncer with their own logic (protocol manipulation)
- Maybe you find out that the bouncer gets a new list of instructions every few hours, and you find a way to intercept the instruction while in transit, and change them to say âalways let me inâ (man-in-the-middle)
- Maybe you realise that the bouncer leaves the door unattended during some of their duties, and you time your entry accordingly (buffer overflow)
Unlike reality:
- If you kill the bouncer, the entrance disappears too. (If you kill the process on the server, the way in is usually closed as well)
- If you blow up the door, the building blows up with it (Think of the sceene in Zoolander where the files are âIN the computerâ )
Do governments have more resources to be able to come up with ways to trick the bouncer?
@apparatus is right. Governments generally have access to more resources, but anyone could get lucky and trick the bouncer first tryâŚ
So what makes Qubes OS so special/different from the rest?
@Sven is right. Qubes OS is built from the ground up assuming that âYouâve already been pwned, but you just donât know it yetâŚâ.
This is the same approach to ship-building. Just because the ship hasnât sunken doesnât mean they donât need to compartmentalize the hull as much as possible, and be able to seal off a compartment at will if they need to.
But what about my hardware? That has code running on it, and Qubes OS runs on top of that. How do I know that hardware code isnât evil?
@Vael_S is right in that there have been cases in the past (and likely many out there in the wild right now) of firmware running on chips that probably does contain entry points. Some might require a certain secret to be able to use, and some might be left open for literally anyone to use.
Can I do anything about my hardware?
Either write your own firmware and put it on your hardware, or find hardware that meets your criteria.
Both of these are not easy things to do, unfortunately.
Is Qubes OS more vulnerable because itâs open source?
@crying is right in that the entire codebase is âpublic for all to seeâ. In some cases that is not a good thing.
However, the best security implementations are ones where everyone knows exactly how it works, and they still cannot crack it.
NISTâs Advanced Encryption Standard (AES) is an example of this. Most of Qubes OS is designed with this approach.
The alternative, security through obscurity, requires something to be hidden from everyone, and retained by the Qubes devs. This would turn anyone who was in possession of that secret into a target for abduction and extortion. So trust me, this is not going to happen in Qubes OS .
So itâs more likely youâll get pwned because of the way you use Qubes OS, than because of Qubes OS itself?
Correct. @crying @andyleitermann and @Vael_S are all right in this regard. I can pass through networking into dom0, turn on the SSH daemon, and open port 22; but I wonât be immune from being pwned for my stupidity just because Iâm running Qubes OS âŚ
Qubes OS has been designed and structured to mitigate, as much as possible, common/frequently used attack vectors used out in the wild. This explains why a lot of things in Qubes OS are the way they areâŚ
âŚwith a hefty helping of usability thrown in by the amazing Qubes devs
What is a CSOC?
Itâs what large companies with a big enough budget call a âCybersecurity Operations Centreâ. Basically, something (a bunch of employees, bots, monitoring software, a third-party company, etc.) to more or less âwatchâ
You remember that night club bouncer I talked about? That can be considered to be a CSOC. The bouncer would also likely notify the manager if anyone dodgy tried to sneak in, went through the prescribed processes and was denied, denied multiple times, was caught being deceptive, etc.
There are many options for something like this.
Having something that performs this function in sys-firewall
could prove advantageous if youâre worried about whatâs going back and forth between your NIC and your qubes, but it wouldnât necessarily pick up on anything related to firmware (especially if the Linux kernel in sys-net
wasnât included in the interactions, like some on-chip device firmware).
But either way, youâd get access to more detailed information than you currently do
Seems to be No; using firmware to circumvent hypervisor compartmentalization discussed in:
It is never safe to assume anything.
Maybe a better way of addressing the question is to say you are safer with Qubes.
Breaking in to a machine with a single OS presents a single factor obstacle. Breaking into a Qubes machine and navigating between separate OS instances? Now you have to access at least two separate Qubes - and in all likelihood, four. Nothing is impossible, but the work factor has gone up significantly.
Which house gets broken in to, the one with obvious security cameras and door locks or the one with an open front door?
If the government TLA agency wants in your machine, they will get in. If your risk posture encompasses China, Israel or any FVEY member state, you should be prepared to welcome their company.
âI donât have to be faster than the bear, just faster than youâ Jim Butcher
Technically, anyone with a text editor can hack Qubes. Just as anyone with a text editor can hack iOS, Android, Windows, Facebook â and indeed, any software the government uses. Software is just text in files.
That might seem like Iâm saying there is not a realistic concern Qubes can be hacked but thatâs not what Iâm saying at all. Because those examples I just listed get hacked all the time. Someone probably just hacked one of them while I was writing this sentence.
Applying the Principle of Charity, what we have here is a disagreement over the meaning of the word âhackâ in this context. To me, that roughly means âunauthorized accessâ. Iâve hacked Qubes. I will hack Qubes again. Because I do things with it Iâm not supposed to be able to do. I do this to improve my own experience using Qubes (and occasionally, for my own entertainment). But Iâm just tweaking my own machine, nobody else ever runs my hacked code. Nor does it cause harm to anyone.
I think you are probably defining hack to mean something closer to âa severe attack which could significantly harm youâ.
On that, no, the government is not the only one who could do it. Others have already done it and theyâll do it again. If you are running hardware which is vulnerable to certain publicly known exploits, they can hack you right now. Itâs just a matter of them focusing their cyclops eye on you, really.
Iâve never hacked someone maliciously in my life and I never will, but if you gave me some details on your machine and network, I could probably hack you right now. (And thatâs your definition of hack - as in, see everything on your machine, use your machine as you etc).
Thatâs the world we live in. Plan accordingly.
Who can tell me what kind of threat actor pulled this off:
@1of7 Do you think a libreboot can be interdicted at US Customs and flashed with a malicious BIOS?
The BIOS / firmware cant be altered remotely but has to be flashed physically or there is a bug in latest stable libreboot.
I agree 100% with your general narrative.
But⌠just playing the Devilâs Advocate⌠how many parrallel instances of systemd does a standard QubesOS install run?
Well, that depends⌠How much RAM have you got?