If you're a target of a major intelligence agency, I think that you have to assume that all of your computers are irretrievably compromised. From Vault 7, we know that the CIA has long developed implants to infect both the EFI and hard drive firmware that load before any potential code that could detect them. These could be made arbitrarily hard to detect without physically opening the computer and dumping these flash devices and comparing them against a known good image. Who knows what other embedded processors with a little bit of flash lurk in various peripherals in your laptop that they've figured out how to wheedle their way into... If the flash is integrated into the microcontroller itself, there may not even be an easy way of reliably dumping its contents.
I think you are absolutely correct with your assessment. I recall Alan Cox (welsh bloke, big beard, Linux kernel hacker (well: simply hacker in general will do)) posting on G+ about someone booting enough Linux on a hard disc to get a prompt. No not the disc itself, off the firmware on the controller.
You may also like to consider that nearly all modern server systems have an iLO/iDRAC or whatever that can do all sorts of things, and at least one internal USB interface. PCs can have the Intel ME and other horrors. The best you can hope for is that it is only your local intel. agency that potentially have routine access to your system.
Could all firmware be on WORM chips? Which can't be rewritten, no matter what an adversary does. Updates would require switching chips. But at least driveby implants would be impossible.
Most computers have an Embedded Controller (with integrated flash) that does a lot of motherboard/system specific stuff like power management, flashing leds and even scanning the keyboard matrix on laptops.
If you care about this, then put the laptop in a tamper-evident bag. Those are necessarily imperfect too; but there's work making tamper-evident seals to resist up to state-level attacks, since that's relevant in stuff like enforcement of nuclear weapons treaties. That succeeds to the extent that you can find a physical effect that's easy to create and measure, but hard to recreate deterministically. (In concept, dump a pile of glitter over your thing. The effort to dump the glitter, take two pictures, and compare is small. The effort to recreate a given glitter distribution flake by flake is large. Likewise for laser speckle from random rough surfaces, and many other effects.)
You could check a laptop for malware later by reading out literally every bit of nonvolatile state, including the BIOS and stuff, and confirming that all changes had expected form (to files you meant to work on, etc.). Of course, then you have to trust the equipment you use for that...
A little weird that he ran the experiment. Did he really suspect that malware was routinely getting installed by attackers with physical access to laptops during business travel? If yes, then why didn't someone notice it calling home or whatever?
> If you care about this, then put the laptop in a tamper-evident bag.
How does this procedure work for multiday evil maid situations? The first day while you're out the maid replaces your collection of plastic disposable tamper-evident bags with faulty ones that open with a particular chemical but otherwise look identical. The second day the maid tampers with your laptop and you don't notice. Do you just have to take the whole box of additional bags with you everyday? That seems prohibitively inconvenient.
A border agent would just open that bag right in front of you, making it not a particularly useful measure of being tampered with.
I suppose a large amount of the problem could be solved just by taking checksums of all non-volatile memory on the device - however that doesn't check for, for example, hardware keyloggers which might be inserted without your consent, and then a thorough evaluation of the hardware would be necessary. However that still doesn't tell you if somebody has simply tried to copy data off of your device - so maybe in this case you need something which physically marks the device in the case that the hard drive is removed and presumably accessed outside your computer, like those dye traps they use in banks and when transporting money.
Did he really suspect that malware was routinely getting installed by attackers with physical access to laptops during business travel? If yes, then why didn't someone notice it calling home or whatever?
I doubt it but his job is to suspect all sorts of things. If you are going to attempt to quantify risk then some experimentation is in order rather than simple speculation. As to "notice it calling home", it is surprising how much is missed. For example, Meltdown n Spectre were predicted many, many years ago ...
It builds up a concept of "Colour" as describing information about a thing (distinct from metadata / tagging) which is not necessarily derivable from the thing itself. Most frequently it uses the term to describe provenance, but is careful not to limit the concept. To quote the ansuz' essay above in relation to the linked article:
When we use Colour like that to protect ourselves against viruses or malicious input, we're using the Colour to conservatively approximate a difficult or impossible to compute function of the bits. Either our operating system is infected, or it is not. A given sequence of bits either is an infected file or isn't, and the same sequence of bits will always be either infected or not. Disinfecting a file changes the bits. Infected or not is a function, not a Colour. The trouble is that because any of our files might be infected including the tools we would use to test for infection, we can't reliably compute the "is infected" function, so we use Colour to approximate "is infected" with something that we can compute and manage - namely "might be infected". Note that "might be infected" is not a function; the same file can be "might be infected" or "not (might be infected)" depending on where it came from. That is a Colour.
Once you've left your computer alone with a potential adversary, it has the might-be-compromised Colour. Proving whether it definitely has or has not been compromised is easy for devices which do not have this Colour, but as described in the linked-to article, very difficult or impossible once it has this Colour.
Let's be honest here. None of the more cutting edge attacks are going to be risked by attacking. as hard a target as this guy. The level of sophistication of attack the author is starting to reach is going to be reserved for state-level persons-of-interest.
Espionage is a game of judging capabilities, and cracking some security researcher's laptop telegraphs to the rest of the world that you can. As a national actor you don't actually WANT to flex your spy muscles in obvious ways unless the payoff is JUST THAT CRITICAL. It removes the veil of the unknown, and gives potential adversaries/persons-of-interest that much better a chance of successfully applying tradecraft to hide what you actually want to monitor because they have more accurate knowledge of what your capabilities are. Contrary to popular belief, most organiztions capable of pulling an evil maid attack simply won't because of the revelation of capability already mentioned, and the PRISM problem. Too much information/access in general lends itself to becoming useless due to the difficulty of separating the tasty bits from the mundane.
Kudos to the guy for actually trying the experiment, but it doesn't really tell anyone anything we didn't already know 20 years ago.
Computers are inherently insecure. Every form of "security" is insecure at some point. Computers haven't changed anything except for making a person's computer a juicy target to get some juicy financial information/passwords for non-state actors, or making surveillance potentialities so much more horrifying on account of the ubiquity of networked cameras, sensors, and microphones on the ground waiting to be exploited.
Forget about laptop evil maid attacks. Start thinking about the ticking time bomb of 'poisoned' hardware rife with 'tailored access' whereby state actors can push a button and have every device with a camera/microphone within a certain set of GPS coordinates start silently acting as an input sensor. Combine that data stream with the right neural networks, and you'll see a world that no one in their right mind wants, but is well within our manufacturing capabilities to create.
Or stop worrying, go outside, and make a friend. It's way better for your mental health.
While this is focused on hardware and physical access, it would seem that it's the same for software. You don't know if someone has control over it remotely, through any number of means (browser, downloaded software, installed professional software with backdoors, software with unreleased vulnerabilities, etc.). Even airgapped machines can be compromised (Stuxnet, TEMPEST).
Even if you built all the binaries from scratch from the official repos, you'd still be at risk of security bugs like heartbleed, or a compromised compiler.
In the end, I think security is always a numbers game. Someone can always get to your protected resources, it's just a matter of how much the attacker wants it.
"But given that current defenses against detecting processor-level backdoors wouldn’t spot their A2 attack, they argue that a new method is required: Specifically, they say that modern chips need to have a trusted component that constantly checks that programs haven’t been granted inappropriate operating-system-level privileges. Ensuring the security of that component, perhaps by building it in secure facilities or making sure the design isn’t tampered with before fabrication, would be far easier than ensuring the same level of trust for the entire chip."
They admit that implementing their fix could take time and money. But without it, their proof-of-concept is intended to show how deeply and undetectably a computer’s security could be corrupted before it’s ever sold. “I want this paper to start a dialogue between designers and fabricators about how we establish trust in our manufactured hardware,” says Austin. “We need to establish trust in our manufacturing, or something very bad will happen.”
Thesis: it is possible that someone may access your laptop without you knowing if you leave it unattended.
Experiment: after having gone through a number of - some meaningless[1] - attempts to be able to proof that this happened, there was no evidence it happened.
Doubt: did it happen nonetheless without leaving any trace
ot it din't actually happened at all?
Bonus: the experimenter learned that NVRAM exists in the stupid UEFI firmware
Conclusion: None worth mentioning, but be very aware of what the terrible evil maids can do, and do use the recommended Android app to defend against them.
[1] Hashing a whole hard disk is only a "positive" proof, if the hashes correspond nothing changed, but it is very possible that the hashes change because of any filesystem or disk issue if the system is used, so the method is pointless in the real world, where people bring with them a laptop in order to use it.
>Thesis: it is possible that someone may access your laptop without you knowing if you leave it unattended.
This is known to be true, this experiment was about seeing if anyone would access this laptop. Which also addresses what you view as meaningless, real world scenarios are trying to avoid their laptop being compromised while the author was hoping that it would.
I run a dual-boot Debian + Windows 7 laptop, but my default position is to assume the Windows partition is exploitable, so for secure activities I boot Debian.
That boots using an unencrypted /boot partition, but everything else running on luks (one big partition, LVM'd down). I have a VeraCrypt partition which is for files that I want to work on from both operating systems. Works really well, crypted disks doesn't materially impact performance, and gives peace of mind.
The most likely scenario for theft is someone after the hardware, and they'll not spend much effort trying to break into the file system.
I'd be wary if the machine was stolen and then returned, but restoring mbr & /boot partition should be sufficient in that instance.
I've travelled to regions that I considered dubious, if not especially technically sophisticated. I haven't done this, however research suggested the best way of confirming your laptop hasn't been opened is to use a sparkling nail varnish. Dab a small amount on some or all of the case screws, take a close-up photo, store that photo somewhere safe. After the event, take photos of the screws again, and compare. The random patterns are effectively impossible to replicate.
Combined with disabling USB booting, and BIOS admin password, and keeping the OS in sleep -- it should be possible to prove your laptop hasn't been hacked via physical intrusion.
> The adjective trusted, in trusted boot, means that the goal of the mechanism is to somehow attest to a user that only desired (trusted) components have been loaded and executed during the system boot. It's a common mistake to confuse it with what is sometimes called secure boot, whose purpose is to prevent any unauthorized component from executing.
Computers that support “secure boot” or “verified boot,” such as Chromebooks and Windows laptops with BitLocker, aren’t vulnerable to this. The BIOS can detect if the unencrypted part of your disk has been tampered with, and if it has, it will refuse to boot. MacBooks and laptops that run Linux could potentially be attacked in this way.
Really?
(Search terms used: "secure boot linux" and "secure boot macbook")
The first company that makes a truly open source, security vetted computer will be very rich. When I say open source, I mean open source circuit design, bootloader, OS etc. The complete stack. The surveillance state is here and we need the tools to fight it!
Right now every national "security" agency(usa, china, uk) is racing to create a truly comprehensive suite of tools to monitor its citizens en masse[0][1]. Exploits for every router, iphone built in backdoor, etc. Pretty much anything that would give the government access to the most intimate details of your life. With the current political climate it's just going to get worst.
If you care about your privacy AND security, become informed and vote for privacy advocates. Visit fightforthefuture.org and eff.org to learn more.
DISCLAIMER: I am in no way affiliated with either of these foundations or their members.
The best defense is being someone too uninteresting to bother. Once you're interesting so some resourceful adversary, it's very hard to avoid devices being hacked, and virtually impossible to determine if they've been hacked.
Or not be a coward and be interesting, speak up, and not back down. If more of us do that than not then they will at least have a very difficult time in tracking us all.
A simple thing to make evil maids job harder is to just apply plenty of instant glue. This way it takes much more effort to open the laptop or switch components. Also fill in ports you don’t need.
For practical security it is also important to have some physical things on the laptop body that allow you to identify your hardware. Otherwise somebody will just replace it with their own hardware to collect your password. Obviously pretty much anything can be replicated, but absolute security is anyways impossible to achieve so you can only try to make things harder for them.
. . . so, you either leave your laptop at home (assuming you've a sufficient degree of certainty it won't be hacked there) or you keep it with you at all times, with all wireless technologies disabled.
With regards to my checked luggage - no electronics there - when traveling to/from/in the US, I always save those 'Inspected by TSA' placards, and place one prominently atop my clothes prior to closing and locking my bag.
Based on various physical telltales I utilize, the success rate of placing a used 'Inspected by TSA' placard in one's bag to deter searches is 100%, at least in my experience.
Since I started doing this, I haven't received any new 'Inspected by TSA' placards, either. So, that's another indicator of the technique's probable success rate.
I think you have got a bit confused here. For example Fermat's Last Theorem is effectively "a negative": "no three positive integers a, b, and c satisfy the equation an + bn = cn for any integer value of n greater than 2"
This is true without perfect observation. In math you have perfect observation (sometimes), so you can do something like Fermat's Last Theorem. Once you enter the physical world, not so much.
> But due to various time-consuming and annoying issues related to Windows updates, I eventually chose to abandon Windows altogether and just run Debian on my honeypot laptop
You know things are bad when people are annoyed by an operating system they dont even use!
I sometimes think there may be a gap for simpler technology where it's easier to ensure nothing's hacked. Like if you have a raspberry pi zero with software on a flash drive and check the hash on all the stuff in the flash drive.
I wonder if it’s practical to make a laptop suitcase where all external edges are touch sensitive? Have a serial number etched into each surface as well.
Edit-the case could have additional logic and wireless charging for power.
Just get one of those fancy metal attaché cases, attach a capacitive sensor to it with some sort of ground plane inside the case, and wire it to some logging microcontroller. Add a gyro chip to boot. Honestly the embedded gyro should be enough, the MEMS chips in phones are CRAZY sensitive, and would easily detect being shifted by a cm.
[+] [-] cameldrv|8 years ago|reply
[+] [-] gerdesj|8 years ago|reply
You may also like to consider that nearly all modern server systems have an iLO/iDRAC or whatever that can do all sorts of things, and at least one internal USB interface. PCs can have the Intel ME and other horrors. The best you can hope for is that it is only your local intel. agency that potentially have routine access to your system.
[+] [-] mirimir|8 years ago|reply
[+] [-] andrewcchen|8 years ago|reply
[+] [-] tripletao|8 years ago|reply
You could check a laptop for malware later by reading out literally every bit of nonvolatile state, including the BIOS and stuff, and confirming that all changes had expected form (to files you meant to work on, etc.). Of course, then you have to trust the equipment you use for that...
A little weird that he ran the experiment. Did he really suspect that malware was routinely getting installed by attackers with physical access to laptops during business travel? If yes, then why didn't someone notice it calling home or whatever?
[+] [-] zx2c4|8 years ago|reply
How does this procedure work for multiday evil maid situations? The first day while you're out the maid replaces your collection of plastic disposable tamper-evident bags with faulty ones that open with a particular chemical but otherwise look identical. The second day the maid tampers with your laptop and you don't notice. Do you just have to take the whole box of additional bags with you everyday? That seems prohibitively inconvenient.
[+] [-] orf|8 years ago|reply
[+] [-] captainbland|8 years ago|reply
I suppose a large amount of the problem could be solved just by taking checksums of all non-volatile memory on the device - however that doesn't check for, for example, hardware keyloggers which might be inserted without your consent, and then a thorough evaluation of the hardware would be necessary. However that still doesn't tell you if somebody has simply tried to copy data off of your device - so maybe in this case you need something which physically marks the device in the case that the hard drive is removed and presumably accessed outside your computer, like those dye traps they use in banks and when transporting money.
[+] [-] gerdesj|8 years ago|reply
I doubt it but his job is to suspect all sorts of things. If you are going to attempt to quantify risk then some experimentation is in order rather than simple speculation. As to "notice it calling home", it is surprising how much is missed. For example, Meltdown n Spectre were predicted many, many years ago ...
[+] [-] archon810|8 years ago|reply
[+] [-] benevol|8 years ago|reply
Do you have URLs to products that are big enough for say 17'' laptops?
[+] [-] chias|8 years ago|reply
It builds up a concept of "Colour" as describing information about a thing (distinct from metadata / tagging) which is not necessarily derivable from the thing itself. Most frequently it uses the term to describe provenance, but is careful not to limit the concept. To quote the ansuz' essay above in relation to the linked article:
When we use Colour like that to protect ourselves against viruses or malicious input, we're using the Colour to conservatively approximate a difficult or impossible to compute function of the bits. Either our operating system is infected, or it is not. A given sequence of bits either is an infected file or isn't, and the same sequence of bits will always be either infected or not. Disinfecting a file changes the bits. Infected or not is a function, not a Colour. The trouble is that because any of our files might be infected including the tools we would use to test for infection, we can't reliably compute the "is infected" function, so we use Colour to approximate "is infected" with something that we can compute and manage - namely "might be infected". Note that "might be infected" is not a function; the same file can be "might be infected" or "not (might be infected)" depending on where it came from. That is a Colour.
Once you've left your computer alone with a potential adversary, it has the might-be-compromised Colour. Proving whether it definitely has or has not been compromised is easy for devices which do not have this Colour, but as described in the linked-to article, very difficult or impossible once it has this Colour.
[+] [-] salawat|8 years ago|reply
Let's be honest here. None of the more cutting edge attacks are going to be risked by attacking. as hard a target as this guy. The level of sophistication of attack the author is starting to reach is going to be reserved for state-level persons-of-interest.
Espionage is a game of judging capabilities, and cracking some security researcher's laptop telegraphs to the rest of the world that you can. As a national actor you don't actually WANT to flex your spy muscles in obvious ways unless the payoff is JUST THAT CRITICAL. It removes the veil of the unknown, and gives potential adversaries/persons-of-interest that much better a chance of successfully applying tradecraft to hide what you actually want to monitor because they have more accurate knowledge of what your capabilities are. Contrary to popular belief, most organiztions capable of pulling an evil maid attack simply won't because of the revelation of capability already mentioned, and the PRISM problem. Too much information/access in general lends itself to becoming useless due to the difficulty of separating the tasty bits from the mundane.
Kudos to the guy for actually trying the experiment, but it doesn't really tell anyone anything we didn't already know 20 years ago.
Computers are inherently insecure. Every form of "security" is insecure at some point. Computers haven't changed anything except for making a person's computer a juicy target to get some juicy financial information/passwords for non-state actors, or making surveillance potentialities so much more horrifying on account of the ubiquity of networked cameras, sensors, and microphones on the ground waiting to be exploited.
Forget about laptop evil maid attacks. Start thinking about the ticking time bomb of 'poisoned' hardware rife with 'tailored access' whereby state actors can push a button and have every device with a camera/microphone within a certain set of GPS coordinates start silently acting as an input sensor. Combine that data stream with the right neural networks, and you'll see a world that no one in their right mind wants, but is well within our manufacturing capabilities to create.
Or stop worrying, go outside, and make a friend. It's way better for your mental health.
[+] [-] SpaceEncroacher|8 years ago|reply
[+] [-] djrogers|8 years ago|reply
[+] [-] cbanek|8 years ago|reply
Even if you built all the binaries from scratch from the official repos, you'd still be at risk of security bugs like heartbleed, or a compromised compiler.
In the end, I think security is always a numbers game. Someone can always get to your protected resources, it's just a matter of how much the attacker wants it.
It's easier to attack a resource than defend it.
https://en.wikipedia.org/wiki/Stuxnet https://en.wikipedia.org/wiki/Tempest_(codename) https://en.wikipedia.org/wiki/Heartbleed
[+] [-] jensv|8 years ago|reply
They admit that implementing their fix could take time and money. But without it, their proof-of-concept is intended to show how deeply and undetectably a computer’s security could be corrupted before it’s ever sold. “I want this paper to start a dialogue between designers and fabricators about how we establish trust in our manufactured hardware,” says Austin. “We need to establish trust in our manufacturing, or something very bad will happen.”
https://www.wired.com/2016/06/demonically-clever-backdoor-hi...
[+] [-] jlgaddis|8 years ago|reply
[+] [-] jaclaz|8 years ago|reply
Experiment: after having gone through a number of - some meaningless[1] - attempts to be able to proof that this happened, there was no evidence it happened.
Doubt: did it happen nonetheless without leaving any trace ot it din't actually happened at all?
Bonus: the experimenter learned that NVRAM exists in the stupid UEFI firmware
Conclusion: None worth mentioning, but be very aware of what the terrible evil maids can do, and do use the recommended Android app to defend against them.
[1] Hashing a whole hard disk is only a "positive" proof, if the hashes correspond nothing changed, but it is very possible that the hashes change because of any filesystem or disk issue if the system is used, so the method is pointless in the real world, where people bring with them a laptop in order to use it.
[+] [-] boomboomsubban|8 years ago|reply
This is known to be true, this experiment was about seeing if anyone would access this laptop. Which also addresses what you view as meaningless, real world scenarios are trying to avoid their laptop being compromised while the author was hoping that it would.
[+] [-] Jedd|8 years ago|reply
That boots using an unencrypted /boot partition, but everything else running on luks (one big partition, LVM'd down). I have a VeraCrypt partition which is for files that I want to work on from both operating systems. Works really well, crypted disks doesn't materially impact performance, and gives peace of mind.
The most likely scenario for theft is someone after the hardware, and they'll not spend much effort trying to break into the file system.
I'd be wary if the machine was stolen and then returned, but restoring mbr & /boot partition should be sufficient in that instance.
I've travelled to regions that I considered dubious, if not especially technically sophisticated. I haven't done this, however research suggested the best way of confirming your laptop hasn't been opened is to use a sparkling nail varnish. Dab a small amount on some or all of the case screws, take a close-up photo, store that photo somewhere safe. After the event, take photos of the screws again, and compare. The random patterns are effectively impossible to replicate.
Combined with disabling USB booting, and BIOS admin password, and keeping the OS in sleep -- it should be possible to prove your laptop hasn't been hacked via physical intrusion.
[+] [-] transpute|8 years ago|reply
> The adjective trusted, in trusted boot, means that the goal of the mechanism is to somehow attest to a user that only desired (trusted) components have been loaded and executed during the system boot. It's a common mistake to confuse it with what is sometimes called secure boot, whose purpose is to prevent any unauthorized component from executing.
[+] [-] gerdesj|8 years ago|reply
Really?
(Search terms used: "secure boot linux" and "secure boot macbook")
https://www.linuxjournal.com/content/take-control-your-pc-ue...
https://www.macworld.com/article/3246208/macs/how-apples-sta...
[+] [-] indemnity|8 years ago|reply
Rather less likely to be lugging that through customs :)
[+] [-] agorabinary|8 years ago|reply
[+] [-] efp|8 years ago|reply
https://spritesmods.com/?art=hddhack
[+] [-] wpdev_63|8 years ago|reply
Right now every national "security" agency(usa, china, uk) is racing to create a truly comprehensive suite of tools to monitor its citizens en masse[0][1]. Exploits for every router, iphone built in backdoor, etc. Pretty much anything that would give the government access to the most intimate details of your life. With the current political climate it's just going to get worst.
If you care about your privacy AND security, become informed and vote for privacy advocates. Visit fightforthefuture.org and eff.org to learn more.
DISCLAIMER: I am in no way affiliated with either of these foundations or their members.
[0]: https://www.theverge.com/2018/4/5/17203806/china-chinese-qin...
[1]: https://wikileaks.org/ciav7p1/
[+] [-] mirimir|8 years ago|reply
[+] [-] dredmorbius|8 years ago|reply
So that's not a particularly viable option.
[+] [-] mrschwabe|8 years ago|reply
[+] [-] wglb|8 years ago|reply
This is what I call "defense by presumed motive" and is flawed.
[+] [-] jpalomaki|8 years ago|reply
For practical security it is also important to have some physical things on the laptop body that allow you to identify your hardware. Otherwise somebody will just replace it with their own hardware to collect your password. Obviously pretty much anything can be replicated, but absolute security is anyways impossible to achieve so you can only try to make things harder for them.
[+] [-] mordant|8 years ago|reply
With regards to my checked luggage - no electronics there - when traveling to/from/in the US, I always save those 'Inspected by TSA' placards, and place one prominently atop my clothes prior to closing and locking my bag.
Based on various physical telltales I utilize, the success rate of placing a used 'Inspected by TSA' placard in one's bag to deter searches is 100%, at least in my experience.
Since I started doing this, I haven't received any new 'Inspected by TSA' placards, either. So, that's another indicator of the technique's probable success rate.
[+] [-] jonathonf|8 years ago|reply
[+] [-] gerdesj|8 years ago|reply
[+] [-] ReverseCold|8 years ago|reply
[+] [-] ebullientocelot|8 years ago|reply
[+] [-] andrewaylett|8 years ago|reply
[+] [-] HIPisTheAnswer|8 years ago|reply
You know things are bad when people are annoyed by an operating system they dont even use!
[+] [-] _bxg1|8 years ago|reply
[+] [-] tim333|8 years ago|reply
[+] [-] ianai|8 years ago|reply
Edit-the case could have additional logic and wireless charging for power.
[+] [-] kortex|8 years ago|reply