How to detect and defeat hardware backdoors and wiretaps?

A network card

How nice. The FCC wants "a "back door" be built into all Internet-communications hardware and software to provide access for law enforcement agencies".

This and similar horror scenarios for the freedom and privacy of the people are nothing unusual these days.

A more general (and more paranoid) question:

How do we know whether our software or hardware is backdoored/wiretapped? We all know that using a certain OS from Redmond opens a lot of security holes in itself. Add to that all the now-public attempts of agencies and companies ranging from the FBI, NSA, Sony to antivirus-software vendors who install backdoors on your PC, and you've got some very good reasons to never trust any closed-source software again.

This is not a problem for most of us using Free Software and free operating systems (Linux, *BSD, etc.). Theoretically, we can read the source code of almost every single instruction being executed on our hardware, and verify that the software doesn't do any funny things like phoning home, logging keystrokes, opening backdoors and so on.

However, how can we know whether or not our hardware has been backdoored/wiretapped/trojaned (or whatever you want to call it)? Given that almost all devices we own nowadays (PDA, iPod, cell phone, hardware VOIP phone, and all the other gadgets) as well as most parts of our PCs and laptops have some sort of microcontrollers on them, how can we be sure that there is no secret code hidden in there which spies on us or provides hidden backdoors to them (whoever that may be)?

With some devices you can dump the firmware and analyze that, but most parts are probably not easily analyzable by mere mortals. Think network cards, builtin wireless cards, sound cards, bluetooth chips and so on. IMHO, a good first step in the right direction are things like OpenBIOS (Free Software firmware/BIOS) and OpenEZX (Free Software GSM phones). Alas, I think DRM will pose a major threat here in future, as we probably cannot easily replace custom firmware/software anymore if DRM in the worst form becomes reality.

So, how would you go about to ensure that your hardware has not been backdoored? How can we detect such things? How can we defend against such things? How can we remove backdoors if we find any? Do you know of any relevant research, papers, documents, HOWTOs? Any cases you know of where such things happened? Any practical tips or advice?

The Underhanded C Contest - Results

Being too busy sucks. I didn't even have the time to blog about the Underhanded C Contest, whose results have now been announced.

Quick reminder: the goal of the contest is to

write innocent-looking C code implementing malicious behavior. In many ways this is the exact opposite of the Obfuscated C Code Contest: in this contest you must write code that is as readable, clear, innocent and straightforward as possible, and yet it must fail to perform at its apparent function. To be more specific, it should do something subtly evil.

I blogged about the contest earlier, but only later decided to take part in the contest myself (together with Daniel Reutter). After some initial brainstorming we hacked together our solution in roughly one day.

Although we didn't win (damn, no beer for us ;-), we managed to submit one of the simplest solutions (ca. 34 lines of code), i.e., it's very hard to embed any malicious but innocent-looking code in there... Our solution exploits an array bounds overrun, with an extra equals sign ("<=" instead of "<").

I have yet to look at the two winning entries by M. Joonas Pihlaja and Paul V-Khuong (team submission), as well as Natori Shin. Congratulations guys! Also, I noticed the Slashdot story about the contest results, but didn't get around to read that article, either. Sigh...

Syndicate content