[cryptography] evidence for threat modelling -- street-sold hardware has been compromised
marcus.brinkmann at ruhr-uni-bochum.de
Tue Jul 30 09:15:47 EDT 2013
On 07/30/2013 01:07 PM, ianG wrote:
> It might be important to get this into the record for threat modelling.
> The suggestion that normally-purchased hardware has been compromised by
> the bogeyman is often poo-pooed, and paying attention to this is often
> thought to be too black-helicopterish to be serious. E.g., recent
> discussions on the possibility of perversion of on-chip RNGs.
> This doesn't tell us how big the threat is, but it does raise it to the
> level of 'evidenced'.
Not much evidence in the article. This is the relevant part:
"Members of the British and Australian defence and intelligence
communities say that malicious modifications to Lenovo’s circuitry –
beyond more typical vulnerabilities or “zero-days” in its software –
were discovered that could allow people to remotely access devices
without the users’ knowledge. The alleged presence of these hardware
“back doors” remains highly classified."
If you trust anonymous leaks to the Financial Review by members of your
favourite spying agency network, then I guess its "evidence".
Reading the actual classified reports would be more useful.
More information about the cryptography