How to detect and defeat hardware backdoors and wiretaps?

A network card

How nice. The FCC wants "a "back door" be built into all Internet-communications hardware and software to provide access for law enforcement agencies".

This and similar horror scenarios for the freedom and privacy of the people are nothing unusual these days.

A more general (and more paranoid) question:

How do we know whether our software or hardware is backdoored/wiretapped? We all know that using a certain OS from Redmond opens a lot of security holes in itself. Add to that all the now-public attempts of agencies and companies ranging from the FBI, NSA, Sony to antivirus-software vendors who install backdoors on your PC, and you've got some very good reasons to never trust any closed-source software again.

This is not a problem for most of us using Free Software and free operating systems (Linux, *BSD, etc.). Theoretically, we can read the source code of almost every single instruction being executed on our hardware, and verify that the software doesn't do any funny things like phoning home, logging keystrokes, opening backdoors and so on.

However, how can we know whether or not our hardware has been backdoored/wiretapped/trojaned (or whatever you want to call it)? Given that almost all devices we own nowadays (PDA, iPod, cell phone, hardware VOIP phone, and all the other gadgets) as well as most parts of our PCs and laptops have some sort of microcontrollers on them, how can we be sure that there is no secret code hidden in there which spies on us or provides hidden backdoors to them (whoever that may be)?

With some devices you can dump the firmware and analyze that, but most parts are probably not easily analyzable by mere mortals. Think network cards, builtin wireless cards, sound cards, bluetooth chips and so on. IMHO, a good first step in the right direction are things like OpenBIOS (Free Software firmware/BIOS) and OpenEZX (Free Software GSM phones). Alas, I think DRM will pose a major threat here in future, as we probably cannot easily replace custom firmware/software anymore if DRM in the worst form becomes reality.

So, how would you go about to ensure that your hardware has not been backdoored? How can we detect such things? How can we defend against such things? How can we remove backdoors if we find any? Do you know of any relevant research, papers, documents, HOWTOs? Any cases you know of where such things happened? Any practical tips or advice?

Comments

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.

Open Hardware?

We are doing Open Hardware (sorry, for now in Russian only). It's still just an idea now, but some results already achieved and we are looking forward to have open devices to run our open software.

omg russian people you rock

omg russian people you rock keep up with the good work :-)))

bye

hardware backdoors - exist for several years at least

Hardware backdoors is built in most laptops, many desktops for several years at least. I am Russian having worked in US federal institution on short contracts several times. First I noticed that all my data are transparent, stred trying to put firewalls, all usual tricks, and it all came to the point when a computer (ASUS laptop) with wifi and bluetooth removed , with all network cards disabled any possible way, was remotely administered. There are many details - very subtle, but recognizable. Actually I guess somebody wanted a leak. For example I was "forbidden" to install firewall, moved other place, installed firewall - then it was damaged - it's driver just destroyed. All on itself. And many other, more subtle manifestations. And actually I've seen the people who did it. I'm not computer expert, but my feeling is that not only network cards have built in backdoors, other devices can have them too, particularly video- , may be sound cards. Distance of administration (it's not peep-holes, it's full administrative tools) ca 100 m. I changed several laptops in a row - all the same, got used 4-years old Pentium III Compaq - it works on-line unplugged. So it's well developed industry. There is very obvious way to check it all - take apart any laptop, e.g. ASUS, Acer, Compaq, HP, etc. - and test ALL its hardware features. Only it should be done without any governmental institution body. Because not only US services use it - in other countries situation is the same, including GErmany. I understand that when that technology was not so widespread, it was possible to silence al those who got knowledge of it (mostly they were recruited). But it seems that there too many talks about it already, so it's surfacing soon. Germany could be good place to test some US-made laptop. By the way, Fujitsu-Siemens is no exclusion..

Hm... Can you provide some

Hm... Can you provide some more technical details about what you observed? Sure there could be some backdoors of various kinds an flavor, but the scenario you describe (judging from the very few bits of technical information) sounds highly unlikely to me...

Uwe.

How about something like

How about something like this:

http://theinvisiblethings.blogspot.com/2009/06/more-thoughts-on-cpu-backdoors.html

Just think of the trigger and data as beeing transmitted by a radiofrequency channel. Theoretically it would be possible to implement a covert radiofrequency channel in these highly complex processors. Especially if using not well known transmission by non-sinusoidal waves.
Look at e.g.

www.tronland.org/cryptron/jvk.htm

especially the TEMPEST part, and the explanation that the theory of non-sinusoidal waves has completely disappeared from any publically available research (still verifiable today).

Thus such a device would not be detectable by publicly known theory and technique.

Now we could conclude that it theoretically is possible to design and implement such a device in processors. The only question is if we believe that there are people powerful and evil enough to do such a thing. Let your conscience be your guide.

Anonymous