Submitted by a_perfect_map in freeAsInFreedom (edited )

Hello I want to talk about two computatoinal security blindspots that many people miss and are kind of kept on the down low to an extent. They are super important nonetheless.

The first is firmware, which is essentially the lowest level code in a computer. Stuff like BIOS, drivers, code that talks directly to hardware. Also, stuff like BIOS is the first thing that runs when a computer initially powers on. So firmware is indeed powerful as it is the first code to run on bootup, and it is practically hardware, so it absolutely has control over the OS, and can absolutely hide from the OS.

TL;DR - Things that run early have more potential power, things that run at a low level of abstraction have more potential power.

OK so what? Nothing infects firmware anyway.

Super wrong.

First of all there's Stuxnet, which is a payload delivered via USB drive firmware on plug in. Ask the Iranians about it. https://en.wikipedia.org/wiki/Stuxnet

Then there's malware which can totally infect a BIOS, Lighteater. https://betanews.com/2015/03/21/lighteater-malware-attack-places-millions-of-unpatched-bioses-at-risk/

There are definitely more frimware level attacks.

Defending against this: Update your BIOS (be careful not to brick it), use a computer with an open source BIOS, such as Libreboot (https://libreboot.org/), avoid using protocols that do Direct Memory Access and/or use a USB hardware firewall (https://globotron.nz/collections/all) and in all of your tool use only, only free and open auditable code. and hardware if possible.

OK firmware security is pretty terrible but guess what? All Intel CPUs since the late 2000s have a hardware backdoor in them. Called the Intel Active Management Engine, it is a tiny computer full of encrypted, closed source code lurking within. It can access the internet, read and write to system memory and even view the screen buffer.... https://www.fsf.org/blogs/licensing/intel-me-and-why-we-should-get-rid-of-me

We have a few choices to mitigate this very serious flaw. One is not using Intel. However, AMD has similar issues-

Libreboot on AMD:

"AMD Platform Security Processor (PSP)

This is basically AMD’s own version of the Intel Management Engine. It has all of the same basic security and freedom issues, although the implementation is wildly different.

The Platform Security Processor (PSP) is built in on all Family 16h + systems (basically anything post-2013), and controls the main x86 core startup. PSP firmware is cryptographically signed with a strong key similar to the Intel ME. If the PSP firmware is not present, or if the AMD signing key is not present, the x86 cores will not be released from reset, rendering the system inoperable."

Same issues as Management Engine essentially. Read more on AMD at: https://libreboot.org/faq.html#amd

ARM may be slightly better, but you would be drastically limiting your hardware choice and power.

A better option is Libreboot (https://libreboot.org/) which can install free and open firmware on just a few compatibile computers. This is the way to a 99% open source computer right now.

Another pretty good option is Qubes OS with the right hardware that supports IOMMU, a memory manager . Its like if everything in the OS was sandboxed from each other in its own VM, watched over by a Xen hypervisor. Pretty impressive work. https://www.qubes-os.org/

Another option in the works is RISC V, which is an open hardware computer processor. We are a ways off from seeing this in your desktop case. But it will happen and people are excited.

Another open hardware processor that exists now is Open POWER but it is really not useful to the average user.

I would like to close by encouraging you to never trust anything with a cellular modem as well. The firmware of every cellular baseband modem is closed source, it is written by AT&T or Verizon of some other big surveillance industrial complex. Furthermore, it can read and inject into your phone's RAM. Do not trust anything with a cellular modem ever. There is no secure phone. This is why stacks of latest gen ipod touches with Signal installed are common sight during police raids. https://www.devever.net/~hl/nosecuresmartphone

5

Comments

You must log in or register to comment.

kore wrote

there was a really good CCC talk about this, basically explaining that you need to verify your hardware at the silicon level to really ensure that it isnt comprimised.

https://youtu.be/Hzb37RyagCQ

5

a_perfect_map OP wrote

Yeaaaa what up CCC! Yes totally, supply chain security is a big deal. But it is also a map/territory problem. I'm not really sure you can ever solve hardware security, short of getting a shovel and mining semiconducting materials yourself, haha. That's OK because it is a misconception that anyone can actually have airtight security period; the best you can shoot for is reasonable mitigation of risk and cross your fingers.

1

kore wrote

i agree. i wonder what the risk level of hardware backdoors is for the average *nix user.

also, security culture can be kind of difficult to get into for people who dont have technical skills. i think its important for the people with technical skills to make barriers to entry very low. computing and especially hardware/networking is a very white cis male dominated field

you talk of libreboot, maybe something like a free (as in gratis) service for anarchist orgs so they can get a laptop to manage their organization with.

I plan on looking into coreboot for my T430. you make a good point about the intel AME, i have the so-called advanced settings bios and you can disable it there. I also have an X60 (libreboot compatible) but those things are slow for general purpose computing (i.e. modern web browsing) even my x200s cant really handle it. any good project ideas for how to repurpose an old laptop? obviously theres stuff like an mpd server but id want to do something more oriented towards organizing.

2

a_perfect_map OP wrote (edited )

Hard to say how bad exactly but hardware backdoors are a problem for the average user, as, like any unpatched exploit, criminals have started exploiting them remotely.

https://securityaffairs.co/wordpress/58656/hacking/intel-management-engine.html

Yeah the tech industry hates women, bunch of jerks really. I don't get it. And you're right, there's this problematic white male dominance in tech in general. Silicon Valley are a bunch of sociopaths too IMO, really toxic place.

Fundamental computational education is pretty bad in the US relative to say, India, I think that's a big barrier too.

Cool on coreboot, that contains mystery binary blobs but its a big improvemnt I'm sure.

Old laptop project? How about a dedicated I2P router? Or, depending on your location, a mesh network node? At any rate, I think an open firmware router would be very useful.

Pinebook looks pretty sweet too!

1

celebratedrecluse wrote

AMD processors are probably safest right now, compared to ARM and Intel. but we need to have more open source hardware. Thanks for the tip on libreboot

does anyone sauce on AMD vulnerabilities (comparable to the intel backdoor). i've heard them referred to but have not specifically been cited the actual info about it.

2

a_perfect_map OP wrote (edited )

Hi I've updated the original post, to expound on AMD; AMD is not safe, check out Platform Secure Processor (PSP). Links to source from Libreboot.

There is no safe x86 hardware without modification.

1

celebratedrecluse wrote

Ah, okay. Well, since the CPU is less abstract than the BIOS, wouldnt this risk be the same for virtually any device then? There aren't really any foss cpus, and libreboot would not resolve this. Unless i am mistaken?

1

a_perfect_map OP wrote (edited )

Check out RISC V as mentioned in OP.

Libreboot doesn't mean a FOSS processor but it is open BIOS, no more management engine, still a huge boost to security.

A related issue in processor hardware sec is Spectre/Meltdown and Rowhammer, which I'm thinking about making another post on if no one else has yet.

Additional info about making intel safer is best found from Joanna Rutkowska, leader of the amazing Qubes OS team and expert hardware hacker:

https://www.youtube.com/watch?v=S0TVw7U3MkE

2

celebratedrecluse wrote

Well, if risc v is several years from being functional in a desktop, let alone portable device, there doesnt really seem to be anything relevant that the end user can do to address the fundamental problem.

Are any of you aware of mitigation strategies for AMD PSP?

1

a_perfect_map OP wrote

About RISC V you are right.

If you are made out of monies you can buy IBM POWER systems: https://www.crowdsupply.com/raptor-computing-systems/talos-secure-workstation which I kind of forgot about, OPEN POWER 8 is in fact totally free hardware.They are beastly powerful! But that price.

Look into Qubes, if you have IOMMU you might be able to mitigate some issues. Also check Libreboot for which AMD processors/systems are compatible.

Other than that this is a serious problem in computation that is kind of just starting to be addressed :(

2

celebratedrecluse wrote

It seems only the wealthy can buy their way out of this problem. Seems like a feature of capitalism, rather than an accident. :(

1

a_perfect_map OP wrote

Yeah unfortunately it seems that way. Working as designed huh. Sad. But hey, this field is taking off and that's pretty cool that more people are concerned and doing something.

1

celebratedrecluse wrote

Definitely, it will be a game changer when something cheap and basic hits the foss processor market

1

nbdy wrote (edited )

I also wrote about heads (a secured coreboot derivative) and I would call it one of the more practical security steps I have taken. /f/security_culture/97199

2

a_perfect_map OP wrote

I've seen that! but I couldn't get it to boot on Libreboot, eventually gave up. Will check it out. I am worried about systemd too.

2

nbdy wrote (edited )

Ah yeah, it's its own thing and would have to replace libreboot. Plus it pretty much only works on the Thinkpad x230 so that's a downside. No systemd required though!

2

avbeav wrote

All Intel CPUs since the late 2000s have a hardware backdoor in them. Called the Intel Active Management Engine,

Obviously not perfect but it's possible to peel away some of the shite with me_cleaner.

1