[cryptography] evidence for threat modelling -- street-sold hardware has been compromised

ianG iang at iang.org
Tue Jul 30 07:07:44 EDT 2013


It might be important to get this into the record for threat modelling. 
  The suggestion that normally-purchased hardware has been compromised 
by the bogeyman is often poo-pooed, and paying attention to this is 
often thought to be too black-helicopterish to be serious.  E.g., recent 
discussions on the possibility of perversion of on-chip RNGs.

This doesn't tell us how big the threat is, but it does raise it to the 
level of 'evidenced'.



http://www.afr.com/p/technology/spy_agencies_ban_lenovo_pcs_on_security_HVgcKTHp4bIA4ulCPqC7SL

Computers manufactured by the world’s biggest personal computer maker, 
Lenovo, have been banned from the “secret” and ‘‘top secret” ­networks 
of the intelligence and defence services of Australia, the US, Britain, 
Canada, and New Zealand, because of concerns they are vulnerable to 
being hacked.

Multiple intelligence and defence sources in Britain and Australia 
confirmed there is a written ban on computers made by the Chinese 
company being used in “classified” networks.

The ban was introduced in the mid-2000s after intensive laboratory 
testing of its equipment allegedly documented “back-door” hardware and 
“firmware” vulnerabilities in Lenovo chips.

...


More information about the cryptography mailing list