HomeLatest ThreadsGreatest ThreadsForums & GroupsMy SubscriptionsMy Posts
DU Home » Latest Threads » Forums & Groups » Main » General Discussion (Forum) » Expert Says NSA Have Back...

Wed Jul 31, 2013, 02:56 AM

Expert Says NSA Have Backdoors Built Into Intel And AMD Processors

CHRISTOPHER JOYE AND PAUL SMITH

One of Silicon Valley’s most respected technology experts, Steve Blank, says he would be “surprised” if the US National Security Agency was not embedding “back doors” inside chips produced by Intel and AMD, two of the world’s largest semiconductor firms, giving them the possibility to access and control machines.

...

The claims come after The ­Australian Financial Review revealed that computers made by Chinese firm Lenovo are banned from the “secret” and “top secret” ­networks of the intelligence and defence services of Australia, the US, Britain, Canada and New Zealand because of concerns they are vulnerable to being hacked.

If correct, the allegations would raise the stakes in a growing cyber cold war, and fuel claims that US snooping leaves the Chinese in the shade.

http://www.afr.com/p/technology/intel_chips_could_be_nsa_key_to_ymrhS1HS1633gCWKt5tFtI

Another expert, Jonathan Brossard, who works in the field of Penetration Testing says he has demonstrated proof of this concept and proved what is almost an undetectable and incurable back door. He did so at last years black hat conference and has arrived at the same conclusion as Steve Blank. This is all made possible by the fact Intel and AMD can update the microcode on the small reprogrammable part of the CPU which gets updated every time a Microsoft update is installed. Thus the NSA can theoretically be part of this microcode and could be involved in exploiting it since they work so closely with Microsoft and other technology companies.

http://www.eteknix.com/expert-says-nsa-have-backdoors-built-into-intel-and-amd-processors/

This means that encryption is meaningless. They have pre-encryption access to everything.

The hits just keep on coming.

43 replies, 6562 views

Reply to this thread

Back to top Alert abuse

Always highlight: 10 newest replies | Replies posted after I mark a forum
Replies to this discussion thread
Arrow 43 replies Author Time Post
Reply Expert Says NSA Have Backdoors Built Into Intel And AMD Processors (Original post)
AgingAmerican Jul 2013 OP
PowerToThePeople Jul 2013 #1
AgingAmerican Jul 2013 #2
Agschmid Jul 2013 #39
AgingAmerican Jul 2013 #40
Th1onein Jul 2013 #3
intaglio Jul 2013 #7
longship Jul 2013 #4
napoleon_in_rags Jul 2013 #9
longship Jul 2013 #10
PowerToThePeople Jul 2013 #19
joshcryer Jul 2013 #22
PowerToThePeople Jul 2013 #25
joshcryer Jul 2013 #26
AgingAmerican Jul 2013 #38
napoleon_in_rags Jul 2013 #37
Waiting For Everyman Jul 2013 #11
joshcryer Jul 2013 #16
Waiting For Everyman Jul 2013 #32
joshcryer Jul 2013 #33
Waiting For Everyman Jul 2013 #34
joshcryer Jul 2013 #13
leveymg Jul 2013 #5
Th1onein Aug 2013 #43
DeSwiss Jul 2013 #6
cantbeserious Jul 2013 #8
bemildred Jul 2013 #12
joshcryer Jul 2013 #14
bemildred Jul 2013 #15
joshcryer Jul 2013 #17
bemildred Jul 2013 #18
joshcryer Jul 2013 #20
bemildred Jul 2013 #21
bemildred Jul 2013 #23
joshcryer Jul 2013 #24
bemildred Jul 2013 #27
whttevrr Jul 2013 #28
bemildred Jul 2013 #30
joshcryer Jul 2013 #29
bemildred Jul 2013 #31
Xithras Jul 2013 #35
1-Old-Man Jul 2013 #36
MineralMan Jul 2013 #41
SlipperySlope Jul 2013 #42

Response to AgingAmerican (Original post)

Wed Jul 31, 2013, 03:11 AM

1. little bit fud

There is a concern. But, if you are that concerned, there are hardware and software choices you can make to avoid the potentials you are bringing up.

Reply to this post

Back to top Alert abuse Link here Permalink


Response to PowerToThePeople (Reply #1)

Wed Jul 31, 2013, 03:27 AM

2. Yes

Don't use Intel or AMD chips and DONT use Microsoft, Apple or Google products.

Reply to this post

Back to top Alert abuse Link here Permalink


Response to AgingAmerican (Reply #2)

Wed Jul 31, 2013, 12:24 PM

39. I don't have time to build my own computer...

Reply to this post

Back to top Alert abuse Link here Permalink


Response to Agschmid (Reply #39)

Wed Jul 31, 2013, 12:34 PM

40. Install Linux Mint

Just got a laptop for my daughter for her 20th birthday. It had Windows 8 on it. She dinked around with it for about an hour (took her ten minutes to figure out how to close an Internet Explorer window...etc.). She gave up and asked me to install linux on it. Put Mint on it. She had used it on my netbook, so she was somewhat used to it. No complaints from her. She says it does everything she needs it to do.

Problem solved.

Reply to this post

Back to top Alert abuse Link here Permalink


Response to AgingAmerican (Original post)

Wed Jul 31, 2013, 03:29 AM

3. The hits just keep on coming? Yeah, it's a regular hit parade. Asshats.

Reply to this post

Back to top Alert abuse Link here Permalink


Response to Th1onein (Reply #3)

Wed Jul 31, 2013, 05:27 AM

7. This report is bullcarp

A hardware back door would be vulnerable to analysis and use by any country that manufactures such chips. Software back doors have been alleged ever since Windows 1 back in the 1980s and also shown to be nitrogenous fertilizer

"Black hat" hackers or attendees at the conference of the same name would have been all over such a back doors like maggots on a corpse. What is more do you honestly think that China (or Japanese businesses) would let that pass?

Edit to add, there is (or was) a back door into the random number generators of ATMs and fruit machines but not the CPU - hence ATM hacks.

Reply to this post

Back to top Alert abuse Link here Permalink


Response to AgingAmerican (Original post)

Wed Jul 31, 2013, 03:38 AM

4. I call bullshit on this.

Technology isn't magic. And there are many people who know this stuff. But people still want to make shit up like this. Oh! Apple and Microsoft have backdoors to the NSA government spying networks!!!

Meanwhile there are projects like Linux which is open and available for anybody to see, review, contribute to. If there were hardware back doors to the processor chips, those dudes would know about it and it would be common knowledge.

This is nothing but tin foil hat bullshit.

Reply to this post

Back to top Alert abuse Link here Permalink


Response to longship (Reply #4)

Wed Jul 31, 2013, 07:02 AM

9. You seem to have a mix up with hardware and software.

Okay, first software back doors, in the code. Every time a critical security update or patch comes out for an OS, its because a back door or security hole (often times accidental in origin) has been found. So there are constant flaws being discovered, backdoors are the art of intentional flaws that are unlikely to be found.

Now as far as hardware back doors, that's utterly invisible. No on in OSS community could see them, because they lay inside microscopic chipsets, not in the source code. They could lie dormant for years, but be activated by processing instructions for render a jpg with certain qualities, (for instance) and inject stored code to be run.

Reply to this post

Back to top Alert abuse Link here Permalink


Response to napoleon_in_rags (Reply #9)

Wed Jul 31, 2013, 07:20 AM

10. And my mother was the queen of Romania.

What code is activated on my Linux boxes?

You speak rubbish. Utter rubbish.

Reply to this post

Back to top Alert abuse Link here Permalink


Response to longship (Reply #10)

Wed Jul 31, 2013, 09:15 AM

19. here is some microcode that could be activated

Reply to this post

Back to top Alert abuse Link here Permalink


Response to PowerToThePeople (Reply #19)

Wed Jul 31, 2013, 09:20 AM

22. You can disable microcode on Linux boxes.

Not so much Microsoft.

Reply to this post

Back to top Alert abuse Link here Permalink


Response to joshcryer (Reply #22)

Wed Jul 31, 2013, 09:29 AM

25. true.

I think on most, you have to specifically install it.

http://packages.ubuntu.com/source/precise/intel-microcode

I may have AMD micro-code on one of my boxes. I will have to check it out.

Reply to this post

Back to top Alert abuse Link here Permalink


Response to PowerToThePeople (Reply #25)

Wed Jul 31, 2013, 09:39 AM

26. Check your BIOS updates, too, it may be applying them.

It ain't easy being free (as in freedom)...

Reply to this post

Back to top Alert abuse Link here Permalink


Response to PowerToThePeople (Reply #25)

Wed Jul 31, 2013, 12:23 PM

38. Cool this

NT

Reply to this post

Back to top Alert abuse Link here Permalink


Response to longship (Reply #10)

Wed Jul 31, 2013, 11:48 AM

37. All you need to do is read the Lenovo story:

http://www.geek.com/chips/spy-agencies-shun-lenovo-finding-backdoors-built-into-the-hardware-1563801/

Its inside the hardware:

Apparently, the ban stems from concerns that Lenovo, which is partially owned by the Chinese government’s Academy of Sciences, has built “malicious circuits” into their machines.

...

One possible use for a chip of that kind would be to make a Kill Switch, to remotely shut down a computer at will, or to establish back doors for even more nuanced infiltration.


None of this need have anything to do with code. A certain series of unique steps a processor could execute would trigger the shutdown for instance, and its hard wired in.

Reply to this post

Back to top Alert abuse Link here Permalink


Response to longship (Reply #4)

Wed Jul 31, 2013, 08:40 AM

11. It isn't necessarily true that an Intel chip backdoor would be found.

.
...
Since 2000, Intel has put out 29 microcode updates to their processors. The microcode is distributed by 1) Intel or by 2) Microsoft integrated into a BIOS or 3) as part of a Windows update. Unfortunately, the microcode update format is undocumented and the code is encrypted. This allows Intel to make sure that 3rd parties can’t make unauthorized add-ons to their chips. But it also means that no one can look inside to understand the microcode, which makes it is impossible to know whether anyone is loading a backdoor into your computer.

The Dog That Never Barked

The NSA has been incredibly thorough in nailing down every possible way to tap into communications. Yet the one company’s name that hasn’t come up as part of the surveillance network is Intel. Perhaps they are the only good guys in the entire Orwellian mess.Slide07

Or perhaps the NSA, working with Intel and/or Microsoft, have wittingly have put backdoors in the microcode updates. A backdoor is is a way of gaining illegal remote access to a computer by getting around the normal security built-in to the computer. Typically someone trying to sneak malicious software on to a computer would try to install a rootkit (software that tries to conceal the malicious code.) A rootkit tries to hide itself and its code, but security conscious sites can discover rootkits by tools that check kernel code and data for changes.

But what if you could use the configuration and state of microprocessor hardware in order to hide? You’d be invisible to all rootkit detection techniques that checks the operating system. Or what if you can make the microprocessor random number generator (the basis of encryption) not so random for a particular machine? (The NSA’s biggest coup was inserting backdoors in crypto equipment the Swiss sold to other countries.)

Rather than risk getting caught messing with everyone’s updates, my bet is that the NSA has compromised the microcode update signing keys giving the NSA the ability to selectively target specific computers. (Your operating system ensures security of updates by checking downloaded update packages against the signing key.) The NSA then can send out backdoors disguised as a Windows update for “security.” (Ironic but possible.)

That means you don’t need backdoors baked in the hardware, don’t need Intel’s buy-in, don’t have discoverable rootkits, and you can target specific systems without impacting the public at large.

Two Can Play the Game

A few months ago these kind of discussions would have been theory at best, if not paranoia. Slide09The Prism disclosures prove otherwise – the National Security Agency has decided it needs the ability to capture all communications in all forms. Getting inside of a target computer and weakening its encryption or having access to the plaintext of encrypted communication seems likely. Given the technical sophistication of the other parts of their surveillance net, the surprise would be if they haven’t implemented a microcode backdoor.

The downside is that 1) backdoors can be hijacked by others with even worse intent. So if NSA has a microcode backdoor – who else is using it? and 2) What other pieces of our infrastructure, (routers, smartphones, military computers, satellites, etc) use processors with uploadable microcode?

And that may be why the Russian president is now using a typewriter rather than a personal computer.


http://steveblank.com/2013/07/15/your-computer-may-already-be-hacked-nsa-inside/

Reply to this post

Back to top Alert abuse Link here Permalink


Response to Waiting For Everyman (Reply #11)

Wed Jul 31, 2013, 09:11 AM

16. A backdoor can be discovered, but non-trivially.

Several ways:

1) If Intel is in on it, then you'd have to compare CPU operation of CPUs whose microcode is updated and who has its microcode off. You should be able to reverse engineer what the microcode is doing by running an instruction set test suite. This would at least tell you what is broken and what it is intending to fix. If you find something broken you can write your own software side work arounds, which while they won't be microcode level, at least then you have a working CPU, without having to have a signed microcode.

2) If Intel isn't in on it then you can check the microcode at boot time against the microcode that Intel provides, if there's a mismatch, then you're looking at microcode that may be compromised (and that would indicate that someone other than Intel has the 2048-bit RSA key, which would be a hell of a lawsuit right there).

Reply to this post

Back to top Alert abuse Link here Permalink


Response to joshcryer (Reply #16)

Wed Jul 31, 2013, 10:22 AM

32. What about this one?

Affecting anything from military weapons, to infrastructure like damns, to phones...

Breakthrough silicon scanning discovers backdoor in military chip
http://www.csmonitor.com/USA/2012/0607/Report-Hackers-could-access-US-weapons-systems-through-vulnerable-chip

Apparently it's a recent research discovery from Cambridge, UK.

Something tells me the NSA should've been minding its own business better, instead of snooping on the innocent public. It also might've been smart not to outsource our weapons components.

Reply to this post

Back to top Alert abuse Link here Permalink


Response to Waiting For Everyman (Reply #32)

Wed Jul 31, 2013, 10:30 AM

33. I'm amused by the idea that it was a maybe a 'bug.'

From your linked article:

More likely, it might be merely an overlooked feature left over from a period of early development, some say.


You don't have an AES key back door during development.

Indeed, the paper even says this:

One could possibly argue that the backdoor we discovered is a bug or something overlooked by the developers. However, this is not the case as we performed intensive investigation into this problem and found proof that the backdoor was deliberately inserted and even used as a part of the overall security scheme. The backdoor feature was designed as a part of the JTAG security protection mechanism and traces can be found in the Actel’s Libero FPGA design software. Anyone with this free software installed on their Microsoft Windows machine can go to the Search option in the Start menu and search for one of the fuse names taken from Actel generated STAPL file. For example, search for the word ULUWE in all files. This will return all STAPL files together with templates and algorithm description files. Inside some of those files there is a proof of the designed backdoor feature.

Reply to this post

Back to top Alert abuse Link here Permalink


Response to joshcryer (Reply #33)

Wed Jul 31, 2013, 10:38 AM

34. That was reaching pretty far to come up with an explanation, alright.

Even I didn't believe that one.

Reply to this post

Back to top Alert abuse Link here Permalink


Response to longship (Reply #4)

Wed Jul 31, 2013, 08:57 AM

13. Yeah, microcode is boot level, it is not a rewrite.

It only gets applied as the OS boots. This is an OS compromise, not a hardware compromise.

Reply to this post

Back to top Alert abuse Link here Permalink


Response to AgingAmerican (Original post)

Wed Jul 31, 2013, 04:19 AM

5. Hasn't that been everyone's assumption, all along? Same w/commercially available encryption?

Reply to this post

Back to top Alert abuse Link here Permalink


Response to leveymg (Reply #5)

Fri Aug 2, 2013, 02:27 AM

43. Sorry, I had at least ONE illusion left.

Reply to this post

Back to top Alert abuse Link here Permalink


Response to AgingAmerican (Original post)

Wed Jul 31, 2013, 04:29 AM

6. K&R

“Authority, when first detecting chaos at its heels, will entertain the vilest schemes to save its orderly facade.”

~V for Vendetta

Reply to this post

Back to top Alert abuse Link here Permalink


Response to AgingAmerican (Original post)

Wed Jul 31, 2013, 05:35 AM

8. Nothing Would Surprise Me

eom

Reply to this post

Back to top Alert abuse Link here Permalink


Response to AgingAmerican (Original post)

Wed Jul 31, 2013, 08:54 AM

12. Microsoft again. nt

Reply to this post

Back to top Alert abuse Link here Permalink


Response to bemildred (Reply #12)

Wed Jul 31, 2013, 09:01 AM

14. Microcode can be implemented in any OS.

It is a boot level rewrite of how the CPU works (typically to fix bugs in the CPUs design). On Linux microcode is applied with modprobe, which will search and see if the Linux Kernal requires a microcode update for a faulty processor.

Reply to this post

Back to top Alert abuse Link here Permalink


Response to joshcryer (Reply #14)

Wed Jul 31, 2013, 09:03 AM

15. "which gets updated every time a Microsoft update is installed" nt

Reply to this post

Back to top Alert abuse Link here Permalink


Response to bemildred (Reply #15)

Wed Jul 31, 2013, 09:12 AM

17. Or whenever a Linux microcode patch is released...

Reply to this post

Back to top Alert abuse Link here Permalink


Response to joshcryer (Reply #17)

Wed Jul 31, 2013, 09:13 AM

18. Are you saying Linux uses Microsoft microcode patches? nt

Reply to this post

Back to top Alert abuse Link here Permalink


Response to bemildred (Reply #18)

Wed Jul 31, 2013, 09:15 AM

20. The microcode is released by the CPU vendors.

Microsoft does not have the RSA keys to get the CPU to verify and apply the patch. Or they shouldn't, anyway. (Compare vendor microcode to MS microcode, see if they match, if not, then something is afoot.)

Reply to this post

Back to top Alert abuse Link here Permalink


Response to joshcryer (Reply #20)

Wed Jul 31, 2013, 09:17 AM

21. That could get interesting. Sort of like a grenade.

An opportunity for other CPU vendors.

Reply to this post

Back to top Alert abuse Link here Permalink


Response to joshcryer (Reply #20)

Wed Jul 31, 2013, 09:21 AM

23. FWIW, I have applied microcode patches to CPUs on numerous occasions.

And to various other things as well.

There are two cases here:

1.) Linux machines do not automatically do this: we have the status quo.
2.) Linux machines do this too: Linux will migrate to other CPUs. Microcode will get much more scrutiny.

Reply to this post

Back to top Alert abuse Link here Permalink


Response to bemildred (Reply #23)

Wed Jul 31, 2013, 09:28 AM

24. Same here.

It is disconcerting that we don't have an open solution.

The CPU vendors don't want anyone to have the keys for several reasons.

1) The grenade idea you mentioned, if a CPU vendors keys were in the wild, a nefarious group could put in the very kind of backdoor mentioned in the OP, trojans, viruses, who knows.

2) The vendors use microcode to actually artificially hide the fact that many CPUs are all from the same line, and their specs are not what they seem, so an end user may pay for a $150 CPU that has the same capabilities as a $500 CPU. The vendors cannot have the end user figuring that out because they want to keep the impression of yield issues and quality issues and such.

I myself have an unlocked Phenom II X4 that I bought as a AMD Athlon II X3. Turns out that AMD was churning out a huge mess of Athlon II X3s whose cores were artificially disabled, the yields were basically too good to be true and they had to meet demand for the X3 line.

Reply to this post

Back to top Alert abuse Link here Permalink


Response to joshcryer (Reply #24)

Wed Jul 31, 2013, 09:51 AM

27. You still have to have a network port.

If you use a 3rd-party card, disable the onboard ethernet, you could be inaccessible.

But if it's happening automatically that the CPU microcode is getting tweaked, that's a big deal. That's a hole to drive a truck through. The CPU vendors could sell software upgrades. We could have 3rd-party CPU upgrades. I'm trying to think of upstart CPU vendors I can invest in.

But in all cases, I think you would have to build it yourself to prevent this, as it stands. Once the microcode is there, it's there.

Reply to this post

Back to top Alert abuse Link here Permalink


Response to bemildred (Reply #27)

Wed Jul 31, 2013, 10:05 AM

28. Great...

Thanks guys...

Now I do need a tinfoil hat... WTF!?

microcode...

Does anyone know how I can make my own micro processor?

Uhm... it would be bad to wrap my motherboard in tinfoil, right?

Reply to this post

Back to top Alert abuse Link here Permalink


Response to whttevrr (Reply #28)

Wed Jul 31, 2013, 10:12 AM

30. Nothing to do at the moment, I'm not.

We are more discussing consequences in the commercial, open-source, and hacker worlds. You focus all that loose mental energy on something like this, things start to happen, and I would say that energy is about to get focussed. This is red meat to a hacker.

Reply to this post

Back to top Alert abuse Link here Permalink


Response to bemildred (Reply #27)

Wed Jul 31, 2013, 10:07 AM

29. Use Linux, disable the microcode, use OpenBIOS.

Closest thing you can get for now until we have open CPUs and open hardware and whatnot.

Reply to this post

Back to top Alert abuse Link here Permalink


Response to joshcryer (Reply #29)

Wed Jul 31, 2013, 10:16 AM

31. I have some quite ancient machines which can still surf well-enough too.

And the sources for a dozen old browsers.


But I've got nothing worth hiding from the government, so they can sneak in and look if they want, I suppose. I would feel flattered.

Reply to this post

Back to top Alert abuse Link here Permalink


Response to AgingAmerican (Original post)

Wed Jul 31, 2013, 11:09 AM

35. The "'spying" capabilities of microcode would be very, very limited.

Could a microcode hack be used to log a users activities on their computers? Theoretically yes, but CPU microcode has little to no access to other hardware on your machine, so it can't do much with it (or hold much of it). Really pulling this off would require that your computer either be specifically engineered for spying (so that every relevant chip was hacked to work together), or that a second hack be put in place at the OS level to collect the data from the CPU and store or forward it. Computers aren't magic, and it would take a massive amount of engineering to build a secondary data collection network inside of your computer purely at the hardware level, and it's entirely detectable if it's built at a software level.

And here's why you don't have to worry about it unless you're either a mobster or a foreign diplomat...there is no way they could implement this on a universal scale without detection. Possibility #1 would require the close cooperation of every engineer at every major computer manufacturer. Given the massive number of people we're talking about, and the fact that most of the boardmakers are overseas and have no particular allegiance to the United States, it's laughable to assume that universal backdooring could be pulled off without that information leaking. A far more probable scenario is this: A foreign diplomat, terrorist, or mobster orders a laptop from HP. The NSA intercepts the order and works closely with HP to send them back a "special" version with the backdoors built in just for them. That is ENTIRELY plausible, and it's the only practical way that particular backdoor could be pulled off.

Possibility #2 has a greater chance of being implemented on a global scale because, as the article points out, it could theoretically be implemented in an update patch, an otherwise benign installer, or through a staggering number of other vectors (and, to be clear, on ANY OS...this isn't a Windows thing, and it could just as easily be located in a gedit patch as in a Windows Update). But again, I doubt that they could get away with it...and you can thank hackers (of both the white and black hat variety) for that. Here's why: No matter how effectively they exploit your computer, the collected data still needs to be transmitted some way. Both the white and black hats are constantly on the hunt for new ways to exploit computers and networks, and network traffic/packets from Windows machines are one of the most closely scrutinized things out there. People examine them to locate private data, hijack networks, steal wifi, locate new exploits to gain machine access, etc. If unidentified new packets started showing up in the datastream, people WOULD notice, and they'd notice within hours of it starting.

So, yes, both of these exploit methods are possible in a lab, and they are even possible when used against specific targets, but the idea that the NSA is spying on all of our computers through microcode hacks is FUD...paranoid tin-hattery timed to take advantage of the very real abuses happening within the NSA.

Reply to this post

Back to top Alert abuse Link here Permalink


Response to AgingAmerican (Original post)

Wed Jul 31, 2013, 11:14 AM

36. I think this posting shows an utter lack of understanding of how the NSA works

No backdoor is necessary. Just look to the origin of the NSA and that should be painfully clear.

Reply to this post

Back to top Alert abuse Link here Permalink


Response to AgingAmerican (Original post)

Wed Jul 31, 2013, 12:53 PM

41. It's all very interesting, on an academic sort of basis.

But that's all. If such a thing exists and has been implemented, it will have been done in a way that can't be easily bypassed or even detected. While a few people are interested in such things and are looking for exploits, for whatever purpose, they may not be looking in the right places to begin with.

But that's not the real issue. The fact is that most PCs and other devices that are connected to the outside world, are used by people who don't understand what's going on inside them in any way. They have Microsoft updating their equipment, or the cell service, or HP or whoever, automatically or they simple accept any update sent their way. The opportunities for trusted vendors to insert stuff into these devices are endless and ubiquitous.

And corporations probably wouldn't cringe at the highest levels at including some government-mandated tweak in an update. In fact, they'd be likely to cooperate if there was any inducement at all, and inducements are many.

Many, many years ago, when I was testing dial-up communications software for the PC for a round-up review of such software for a major magazine, one of the programs I tested was a communications program from Hayes. I was using a "Hayes-compatible" modem in the machine used to test the software. For some reason, it simply would not autodial with the Hayes software. I could send a dialing string manually through the software to force the "Hayes-Compatible" modem to pick up and dial, but the software wouldn't do it. That program was the only modem communications program that wouldn't work perfectly with my modem. Odd, huh, that a communications software program published by a modem manufacturer wouldn't work with compatible modems from another manufacturer.

Well, I was reviewing all of these programs, so I had to figure this out. I was going to write that the Hayes software wouldn't work with some "Hayes-compatible" modems, but I thought I'd dig in further.

Well, it turned out that the software was querying the modem to check whether it was a genuine Hayes modem. I found that out by monitoring the serial port and logging everything that went in and out of that port. Sure enough, I found the query to the modem, which returned a code identifying it. On any "Hayes-compatible" modem that didn't return the right code, the program would not send the correct dialing string to the modem, but sent an erroneous string.

I called Hayes, which denied that they did that query from the software and limited the software in that way. So, I sent them the log of the serial data and said, "Really?" So, they finally admitted doing that. I wrote the review and trashed the software in one of the largest PC-related magazines at the time and explained why non-Hayes brand modem users should not purchase the Hayes software. Hayes complained bitterly to the magazine's publisher and threatened to pull all of their advertising. The publisher asked, "Was anything in the article incorrect?" Of course, there wasn't.

That was the end of that, and Hayes dropped the software after sales dropped dramatically. It was lousy communications software anyhow, but nevermind.

The point here is that companies do all sorts of stuff that users aren't aware of. Nothing would surprise me. So, does the government have a backdoor in your PC, phone, or other device? It could. It could even be silent and not findable unless triggered into going active. It could be completely undetectable until some agency decided to activate it. That wouldn't surprise me at all. And there is literally nothing that can be done by users about such a back door. If it's there, and someone has a reason to activate it, the likelihood that any PC owner would know about it is almost non-existent.

So, what to do? Disconnect the device? Not practical. The answer is to use the device in a way that doesn't attract any attention from some agency that might be able to switch on a silent backdoor. That's the only thing I can think of. Clearly, intelligence agencies, both here and elsewhere, could benefit from a backdoor they could activate on any device, if needed. Since the benefit is there, I assume that they would like to have such a backdoor available. Do they have the power to get such a thing into a device. Probably, and through a corporate partner, most likely.

So, is such a thing inside your device? I don't know. But I'd assume that it is, since it would be desirable by an agency capable of seeing that it was there. That's my assumption, anyhow. But, and here's the important part, I don't really care. The benefit of being connected is critical for me. So, it's an assumption that is really meaningless to me. I'll just count on nobody giving a shit what I'm doing and go on about my activities. I can't think of any other way to proceed.

Reply to this post

Back to top Alert abuse Link here Permalink


Response to AgingAmerican (Original post)

Wed Jul 31, 2013, 09:29 PM

42. I can provide one fact about the NSA and microprocessor companies.

I am a computer architect who was formerly employed for one of the "top 5" computer makers in the 1990s. This was the era before the whole computing world practically standardized on Intel processors. Back then the top computer makers each had their own internally designed CPUs, and there were three to four "independent" CPU makers like Intel.

I honestly never heard anything about the government asking us to put back doors into the processors we were building. We would have fought very hard against anything that provided a back door through customer's security, sooner or later things like that get found out and many of our customer's took their security very seriously.

HOWEVER... In the 1990s, while most of what the NSA did was secret, many in the computer industry had strong suspicions about what was going on. The NSA was the single largest purchaser of computers in the world so they weren't a customer who any computer maker wanted to upset. While I don't know that they ever requested a back door, I do know that they requested features be designed into our microprocessors to optimize them for certain mathematical operations; presumably these were mathematical operations that were of particular use in decryption and the NSA wanted them to run as fast as possible.

On a related note; I also knew that the printer makers were approached by multiple governments around the world who were asking for features be put into printers to make it harder to print counterfeit currency and to enable governments to track printed pages back to the printer they came from.

I think I've written before about what a tremendously disruptive technology the general-purpose microcomputer was in the hands of citizens. Governments have spent close to three decades trying to put that genie back into the bottle.

Reply to this post

Back to top Alert abuse Link here Permalink

Reply to this thread