Recently, I read many papers about cybersecurity attack, and none of these papers mention any harmful hardware, but most attacks require backdoor / malware, regardless it is covert channel attack, or side channel attack.
imo, the papers i read, can be categorized into 2 categories:
- covert channel attack: attack that create capability to transfer information by piggybacking existing processes. References: 1, 2, 3, 4, 5, 6, 7, 8
- side channel attack: attack based on information gained from the implementation of a computer system, rather than weaknesses in the algorithm itself. References: 1, 2, 3, 4, 5, 6, 7
Below are some interesting finding i found from the references above.
Papers related to side channel attack, mention that all attacks require malware infection. Please kindly inform if there is any side channel attack, that doesn’t require malware infection.
In papers related to covert channel attack, what is considered harmful,
is not hardware, but firmware-carrying architecture, because:
- laptop components that carry firmware, is not read only, so it is write-able, so can be infected.
- firmware carried by laptop components, are not open firmware, so maybe contain backdoor.
- IIRC, also mention that the architecture is not open hardware.
what laptop components carry firmware ?
- SPI flash chip, Embedded Controller (EC), discrete devices (wifi card, bluetooth module), hard disk
- mic, speaker, cam, audio card, disk controller, gpu, usb controller, NICs
- all maybe backdoor-ed / can be infected by malware
- what can BIOS malware actually do ? everything
if firmware-carrying component, is not only SPI chip, and all firmware can be backdoor-ed / infected, then does it mean, flashing BIOS only is not enough ?
x86 firmware has many vulnerabilities, but little movement to patch. IIRC, the attached references above, were published around 2010 - 2015, but until now, so far i know, there is no any single stateless architecture being produced, then what should we do, to make those proposal come true ?
Security gap possibilities:
- BIOS malware does exist. Snowden’s leaks of classified information, have shown that the NSA, had BIOS infection capabilities, since at least 2008.
- Firmware attacks don’t require physical access, or hardware modification.
- Malware can infect firmware via software that runs inside OS.
- Malware can infect firmware over remote connection.
- Malicious firmware due to backdoor-ed by vendor / during shipment.
- Software can attack secure boot mechanism.
- Conspiring vendor / during shipment can subvert the hardware.
- Malware can use speaker to communicate with other devices, then exfiltrate low-bandwidth information.
- if the mic, cam, speaker’s firmware is backdoor-ed / infected by malware, then adversary can use those for video / audio recording.
- EC (embedded controller) is responsible for keyboard. Backdoor-ed / infected EC can sniff keystroke.
- adversary can send packets over the network to the network adapter, then take full control of the adapter, add backdoor in the OS kernel by using DMA accesses, attack other peripherals, key-logging keyboard, eavesdrop data on the network card.
- adversary can remotely execute code on the network card, then do everything they want, ie replacing the firmware, etc
however you still in luck because they are not skilled adversary
it is saddening, to know that, i don’t have enough power, capacity, and capability, to protect my right, and now, after spending so much time and hard work, maybe i still have to depend on luck. But bad things happen already, and now what important is, what i can learn from this.
Below are some things that i learn, maybe i can share,
but maybe it doesn’t apply for everyone, because maybe we have different reality.
- build security before being targeted, because delaying until being targeted, then maybe is too late. Before, i have never thought, that one day i will be targeted, until then suddenly i’m being targeted.
- help someone who’s being targeted, before we are being targeted, so that we can learn how to improve our security.
- BIOS malware and backdoor do exist, so if anyone have budget, then buy and support secure hardware product, ie librem purism, system 76, nitrokey, insurgo, etc
- choose best solution for security, ie Qubes OS, tails, whonix, etc
- Be part of movement / activity / community, to protect human right, in technology area, so that it doesn’t produce system, or architecture, that violating human right, and indirectly we also protect our right.
- use and support open source product, to protect ourselves from massive surveillance, because:
- surveillance is about control and power, tolerating surveillance means tolerating our freedom / market freedom, slowly being taken, day by day.
- try our best to avoid big tech product, to avoid control, monopoly, and massive surveillance by big tech.
- massive surveillance can be switched into active surveillance at anytime.
- massive surveillance will continuously collect our data, and it can be misused by adversary or anyone, to disadvantage us at anytime, either directly, or indirectly.
- maybe we think, being targeted, at the root of trust, requires big problem, but in my experience, I don’t even know, what exactly the problem is. Kind of random excuse, after clarifying one, they will come with another random excuse.
- maybe we think, being targeted, at the root of trust, requires high profile person, but i’m just a random low profile person.
- maybe we think, being targeted, at the root of trust, requires high expert skilled adversary, or high rank in power adversary, but in my reality, it is not necessary, because they can seek help from expert, ISP, government people, someone in power, and even nation states.
- maybe we think, being targeted, at the root of trust, requires benefit for adversary, but in my reality, what motivate adversary to target us, is not always benefit, but also anger, disappointment, hatred, control, intolerance, insecurity, false belief, misunderstanding, being manipulated by others, etc