Can i assume that only the government can hack qubes

Should i have in mind that only the government has the potential to hack qubes. I know that qubes is the most secure os publically available. Do you think that it is safe to assume " Only the government could hack qubes".

2 Likes

No, it should never be assumed that only X agency/entity (replace “X” with whatever or whoever you want) can hack into an operating system and/or anything else.

If you’re asking if the government is the only one with the resources to hack into Qubes OS, then the answer is still no.

It’s unlikely the government or anyone else would attempt to compromise Qubes OS, but it’s not impossible to.

2 Likes

Hi @SKS,

what Qubes OS does is help you to compartmentalize your data. It doesn’t magically protect you from compromise. The idea here is that you have dedicated qubes for kinds of data / activities. So if someone attacks and compromises your email client used for work emails, they have access to your work emails and potentially everything else that’s inside that particular qube. But they DO NOT have access to all the data in all the other qubes.

This obviously depends on how you compartmentalized your stuff. If you have all your important stuff in one qube and that qube gets compromised then Qubes OS can’t do anything to protect you.

There are things you can do to limit the effects of a compromise like always use disposable qubes for web browsing, keep all your documents in offline qubes and only view/edit those files using disposable (offline) qubes.

Qubes OS is a platform / toolbox to assist you in creating a workflow that dramatically limits the effects of an eventual compromise.

Nothing about Qubes OS makes it less likely that you get hacked. It’s all about limiting what the hacker can do if they are successful.

6 Likes

My question was more like @crying said who could technically have the resources to even attempt to get access of dom0. I mean the possibility that one finds an exploit as a normal person is low and the possibility of exploiting such system seems unlikely unless the government is involved which can havk everything. Even if someone has found an exploit in the code, it would be hard to exploit(transmit to computer). For me it seems unlikely that an entity outside of the government can hack and exploit qubes to reach dom0 access. What do you think?

1 Like

Anyone can find a bug and create an exploit and they can just sell it off on some forum to anyone else like some big hacking group or some government. So in the end, answer will be that anyone can hack Qubes OS, not only governments.

3 Likes

There are certain agencies that have access to the hardware backdoors that exist in the interfaces. So it is a hardware vulnerability. The only way to accurately mitigate this is to have a CSOC on your network to watch and check every single packet before it has a chance to go to your computer. The back doors are built in by certain agencies.
Not to mention the CPU back doors that exist.

On top of that there are the zero day vulnerabilities that exist that have been mentioned. Along with the ones that are never found or patched because they are left there for exploiting.

2 Likes

You don’t need a lot of “resources” to really hack into anything. There’s an infamous story about the British teen who hacked into Rockstar Games (the people behind the GTA game series) only using an Amazon Firestick, his hotel television and a mobile phone. It’s about skill, ability and the understanding of what you’re hacking into, etc. Qubes OS is open source, which in theory, can make it quite vulnerable, counting a good chunk (if not all) of the code is public.

The thing is, it’s statistically unlikely, because Qubes OS is not a very good target. The primary reason why viruses/malware mainly target Windows users is because Windows is the #1 home operating system and it’s used by millions daily. Not many use Linux, let alone Qubes OS.

If someone was targeting Qubes OS, it would be probably to target a specific user. And normally if you’re being targeted in that manner, it doesn’t really matter what device or operating system you end up using, the person would be dedicated to targeting you in particular.

The average person probably doesn’t care enough about Qubes OS. The average hacker probably doesn’t care about Qubes OS. However, in theory, it’s possible that anyone can compromise Qubes OS.

As explained by Sven, the way Qubes OS works is not that it’s built as a strong operating system, with very security-focused code with zero flaws and zero issues. It works due to reducing hacking outcome/risks and that’s done via it’s compartmentalizing system. Qubes OS is like most other operating systems. If someone wanted to, they will.

With that being said, it would have to be done by someone who’s probably very skilled. Most skilled hackers do not inherently need a lot of resources to do their jobs well, but there aren’t many skilled hackers and the ones who are are probably not interested in Qubes OS in particular.

That’s just my opinion and my understanding, though. I could be incorrect.

2 Likes

I do full cyber security checks and tests, all the hacking I can handle when employed to do so to test companies systems, all from a Samsung Galaxy S II.

Don’t need anything more than that. One Linux shell and I’m set.

2 Likes

There’s a lot of different ways to hack into something. Qubes does a very good job of reducing the likelihood and impact of certain categories of attack. If you use it right, you’re better protected than 99.9% of people from many attack vectors.

Bad operational security is more likely to lead to getting you pwned than the more sophisticated kinds of attacks that you hear about government agencies using. If you learn good opsec, and you learn to use Qubes intelligently, then you’re in a very good position.

But part of good security practice is never to assume that anything is unhackable.

3 Likes

Tha is one reason why I love qubes, works well normally. Minimal effort required to secure it to a very high degree.

I added a small CSOC to replace the firewall system. And that had worked wonders fory security.

1 Like

Care to share more info, please? I’m looking for something like that.

1 Like

@Sks, think of (malicious) “hacking” like trying to convince a night club bouncer that you “know the manager” so he/she will roll out the red carpet for you and let you in.

That’s probably the best analogy for what cybersecurity researchers do. They spend hours/days/weeks/months/years trying to find a way to “trick” that bouncer into giving them what they want.

The way in which you “trick” that bouncer doesn’t necessarily need big, expensive machinery or massive computing power.

  • Maybe you might bear a resemblance to a relative of the manager, and the bouncer might get confused and mistakenly let you in (exploiting poorly-written software)
  • Maybe the bouncer is told to let people in with an ID card of a particular format, and you find that format and make one that fools the bouncer (spoofing)
  • Maybe the bouncer gets a list of instructions of how to check people from the manager, but they’re very poorly written, and you figure out a way to beat the bouncer with their own logic (protocol manipulation)
  • Maybe you find out that the bouncer gets a new list of instructions every few hours, and you find a way to intercept the instruction while in transit, and change them to say “always let me in” (man-in-the-middle)
  • Maybe you realise that the bouncer leaves the door unattended during some of their duties, and you time your entry accordingly (buffer overflow)

Unlike reality:

  • If you kill the bouncer, the entrance disappears too. (If you kill the process on the server, the way in is usually closed as well)
  • If you blow up the door, the building blows up with it (Think of the sceene in Zoolander where the files are “IN the computer” :stuck_out_tongue:)

Do governments have more resources to be able to come up with ways to trick the bouncer?

@apparatus is right. Governments generally have access to more resources, but anyone could get lucky and trick the bouncer first try… :slight_smile:

So what makes Qubes OS so special/different from the rest?

@Sven is right. Qubes OS is built from the ground up assuming that “You’ve already been pwned, but you just don’t know it yet…”.

This is the same approach to ship-building. Just because the ship hasn’t sunken doesn’t mean they don’t need to compartmentalize the hull as much as possible, and be able to seal off a compartment at will if they need to.

But what about my hardware? That has code running on it, and Qubes OS runs on top of that. How do I know that hardware code isn’t evil?

@Vael_S is right in that there have been cases in the past (and likely many out there in the wild right now) of firmware running on chips that probably does contain entry points. Some might require a certain secret to be able to use, and some might be left open for literally anyone to use.

Can I do anything about my hardware?

Either write your own firmware and put it on your hardware, or find hardware that meets your criteria.

Both of these are not easy things to do, unfortunately.

Is Qubes OS more vulnerable because it’s open source?

@crying is right in that the entire codebase is “public for all to see”. In some cases that is not a good thing.

However, the best security implementations are ones where everyone knows exactly how it works, and they still cannot crack it.

NIST’s Advanced Encryption Standard (AES) is an example of this. Most of Qubes OS is designed with this approach.

The alternative, security through obscurity, requires something to be hidden from everyone, and retained by the Qubes devs. This would turn anyone who was in possession of that secret into a target for abduction and extortion. So trust me, this is not going to happen in Qubes OS :slight_smile:.

So it’s more likely you’ll get pwned because of the way you use Qubes OS, than because of Qubes OS itself?

Correct. @crying @andyleitermann and @Vael_S are all right in this regard. I can pass through networking into dom0, turn on the SSH daemon, and open port 22; but I won’t be immune from being pwned for my stupidity just because I’m running Qubes OS :stuck_out_tongue:…

Qubes OS has been designed and structured to mitigate, as much as possible, common/frequently used attack vectors used out in the wild. This explains why a lot of things in Qubes OS are the way they are…

…with a hefty helping of usability thrown in by the amazing Qubes devs :wink:

What is a CSOC?

It’s what large companies with a big enough budget call a “Cybersecurity Operations Centre”. Basically, something (a bunch of employees, bots, monitoring software, a third-party company, etc.) to more or less “watch”

You remember that night club bouncer I talked about? That can be considered to be a CSOC. The bouncer would also likely notify the manager if anyone dodgy tried to sneak in, went through the prescribed processes and was denied, denied multiple times, was caught being deceptive, etc.

There are many options for something like this.

Having something that performs this function in sys-firewall could prove advantageous if you’re worried about what’s going back and forth between your NIC and your qubes, but it wouldn’t necessarily pick up on anything related to firmware (especially if the Linux kernel in sys-net wasn’t included in the interactions, like some on-chip device firmware).

But either way, you’d get access to more detailed information than you currently do :slight_smile:

2 Likes

Seems to be No; using firmware to circumvent hypervisor compartmentalization discussed in:

1 Like

It is never safe to assume anything.

1 Like

Maybe a better way of addressing the question is to say you are safer with Qubes.

Breaking in to a machine with a single OS presents a single factor obstacle. Breaking into a Qubes machine and navigating between separate OS instances? Now you have to access at least two separate Qubes - and in all likelihood, four. Nothing is impossible, but the work factor has gone up significantly.

Which house gets broken in to, the one with obvious security cameras and door locks or the one with an open front door?

If the government TLA agency wants in your machine, they will get in. If your risk posture encompasses China, Israel or any FVEY member state, you should be prepared to welcome their company.

“I don’t have to be faster than the bear, just faster than you” Jim Butcher

4 Likes

Technically, anyone with a text editor can hack Qubes. Just as anyone with a text editor can hack iOS, Android, Windows, Facebook – and indeed, any software the government uses. Software is just text in files.

That might seem like I’m saying there is not a realistic concern Qubes can be hacked but that’s not what I’m saying at all. Because those examples I just listed get hacked all the time. Someone probably just hacked one of them while I was writing this sentence.

Applying the Principle of Charity, what we have here is a disagreement over the meaning of the word ‘hack’ in this context. To me, that roughly means ‘unauthorized access’. I’ve hacked Qubes. I will hack Qubes again. Because I do things with it I’m not supposed to be able to do. I do this to improve my own experience using Qubes (and occasionally, for my own entertainment). But I’m just tweaking my own machine, nobody else ever runs my hacked code. Nor does it cause harm to anyone.

I think you are probably defining hack to mean something closer to ‘a severe attack which could significantly harm you’.

On that, no, the government is not the only one who could do it. Others have already done it and they’ll do it again. If you are running hardware which is vulnerable to certain publicly known exploits, they can hack you right now. It’s just a matter of them focusing their cyclops eye on you, really.

I’ve never hacked someone maliciously in my life and I never will, but if you gave me some details on your machine and network, I could probably hack you right now. (And that’s your definition of hack - as in, see everything on your machine, use your machine as you etc).

That’s the world we live in. Plan accordingly.

3 Likes

Who can tell me what kind of threat actor pulled this off:

1 Like

@1of7 Do you think a libreboot can be interdicted at US Customs and flashed with a malicious BIOS?

The BIOS / firmware cant be altered remotely but has to be flashed physically or there is a bug in latest stable libreboot.

1 Like

I agree 100% with your general narrative.
But… just playing the Devil’s Advocate… how many parrallel instances of systemd does a standard QubesOS install run? :smile:

1 Like

Well, that depends… How much RAM have you got? :stuck_out_tongue:

2 Likes