dslreports logo
 
    All Forums Hot Topics Gallery
spc
uniqs
30
« I call bullsh*t
This is a sub-selection from Frightening

KodiacZiller
Premium Member
join:2008-09-04
73368

1 recommendation

KodiacZiller to El Quintron

Premium Member

to El Quintron

Re: Frightening

said by El Quintron:

said by FFH5:

The real risk to be worried about isn't phoning home. It is that, in a time of war, a signal could be sent that would cause the Chinese built hardware to self destruct, thereby turning off a huge part of US communications infrastructure.

This assumes that you're asking the same group of people to build both the hardware and software,

Uh, if you have subverted the hardware, then the software is inconsequential. Own the metal, you own the software too. If Intel put a backdoor into their chips, it wouldn't matter if you ran Windows, OSX, Linux, Unix, AIX, IRIX, whatever. It would still have ultimate control and could do all sorts of hard (or impossible) to detect things.

El Quintron
Cancel Culture Ambassador
Premium Member
join:2008-04-28
Tronna

El Quintron

Premium Member

said by KodiacZiller:

It would still have ultimate control and could do all sorts of hard (or impossible) to detect things.

Again I'm not a security expert, but, if I'm running a network and there's a bunch of encrypted layer 2 communications that I'm not familiar with happening on my network I'd be asking questions pretty quickly.

I'd also be communicating with the vendor to plug up those holes ASAP, if the vendor didn't cooperate then I'd be litigating the hell out of them.

Lastly wouldn't firmware updates (which is what I should've said when I was referring to software) resolve this irrespective of the original intent of the hardware?
BosstonesOwn
join:2002-12-15
Wakefield, MA

BosstonesOwn

Member

Nope, look at intel microcode updates as a prime example, they had to patch microcode to make up for some die errors at some points in production.

There is always the possability of an asic embedded in there to self destruct circuits and such and all it takes is a magic packet to wake it up.

El Quintron
Cancel Culture Ambassador
Premium Member
join:2008-04-28
Tronna

El Quintron

Premium Member

said by BosstonesOwn:

Nope, look at intel microcode updates as a prime example, they had to patch microcode to make up for some die errors at some points in production.

There is always the possability of an asic embedded in there to self destruct circuits and such and all it takes is a magic packet to wake it up.

Self-destruct is bad, but less so than continual harvesting of information. I'm glad someone confirmed that this would be possible.

It lends credence to a "known vendors" argument.
« I call bullsh*t
This is a sub-selection from Frightening