From some sources, I read that Laptop hardware component, contains backdoor.
This backdoor resides in BIOS firmware, hardware component driver, chip, and processor.
Also there are telemetry and spy inside nvidia geforce.
If the backdoor resides in BIOS, chip, or Graphic Card,
does it mean, It can bypass all security layer, provided by Qubes,
and directly see, everything that happen inside VM, including vault VM ?
If so, then maybe typing password via on-screen keyboard, is more dangerous.
The solutions are, to install secure BIOS, such as, coreboot, libreboot, skulls,
but these secure BIOS doesn’t support all Laptop, and the installation itself is not easy.
Sorry for several questions, but it is important for Qubes and all user.
- are there any way, for Qubes to protect us from this backdoor, without installing secure BIOS ?
- can we capture the traffic, related to these firmware backdoor and driver telemetry, and block the IP ? and whether it can block the backdoor ?
- how to see, what driver is being used, for the Graphic Card, in dom0 ? noveau ?
- how to see, what driver is being used, for each hardware component ?
Below, are some statement from several references:
- a hacker could trigger a feature of the chip that gives them full access to the operating system.
- microscopic hardware backdoor wouldn’t be caught by practically any modern method of hardware security analysis.
- microscopic hardware backdoor could be planted by a single employee of a chip factory.
- backdoor is hidden in hardware rather than software.
- Absolute’s Computrace agent resides in the firmware, or ROM BIOS, of millions of laptops and desktops from manufacturers including Dell, Fujitsu, HP, Lenovo, Samsung, and Toshiba.
Below some references (backdoor in BIOS firmware and chip):
https://libreboot.org/ https://www.flashedtech.com/post/coreboot-vs-libreboot https://www.wired.com/2016/06/demonically-clever-backdoor-hides-inside-computer-chip/ http://dwaves.de/2018/06/18/how-to-install-flash-libreboot-coreboot-on-lenovo-x60s-tutorial-from-2018/
Some references, also mention, that there are telemetry and spy inside Nvidia Geforce.
https://www.nvidia.com/en-us/geforce/forums/geforce-experience/14/243020/nvidia-spying-on-us-/ https://www.nvidia.com/en-us/geforce/forums/game-ready-drivers/13/258808/stop-the-spying-nvdia/ https://www.majorgeeks.com/news/story/nvidia_adds_telemetry_to_latest_drivers_heres_how_to_disable_it.html https://www.nvidia.com/en-us/geforce/forums/game-ready-drivers/13/242954/seems-the-new-nvidia-telemetry-spying-policy-is-a/ https://www.nvidia.com/en-us/geforce/forums/geforce-experience/14/285175/why-does-nvidia-need-to-spy-on-me-35000-times-a-da/
Before Qubes, I was using Windows, and I’m being targeted.
From the symptom, I assumed, that it is either RAT (remote access trojan), or keylogger.
Because the targeter can see everything I do in my system,
including on off-line software, such as notepad, or word.
I used several anti virus to scan my system, but it is clean.
Manually analyzing each file, also sending report for analysis, but it is clean.
Strengthen any security possible on Windows. But no effect.
After wasting months of time, effort, and energy, without any finding,
then I assumed maybe Windows got backdoor. Which then I use Qubes.
On Qubes, I have never attached anything to dom0, sys-net, or sys-firewall.
Even rarely accessing dom0, except copying screenshot to other VM.
Often use disposable VM, and delete recreate VM whenever needed.
Created vault VM, or VM with no internet, to store data. 3 password to login.
So, I don’t see any way, for Qubes, to be compromised / infected.
But still being targeted. And the targeter can see everything,
including any activity in vault VM, kind of screen shared.
Now, since Qubes is not being compromised, nor OS backdoor.
The possibility left are backdoor, related to BIOS, firmware, Nvidia Geforce, and driver.
So, what can we do to overcome this threat ?
Please kindly help, and thank you.