[Cryptography] programable computers inside our computers (was: Hasty PRISM proofing considered harmful)
Tom Ritter
tom at ritter.vg
Tue Oct 22 12:29:33 EDT 2013
On 22 October 2013 05:24, Ruben Pollan <meskio at sindominio.net> wrote:
> Quoting Viktor Dukhovni (2013-10-22 06:50:38)
>> I am much more concerned about the proliferation of miniature programmable
>> computers inside our computers (CPUs and programmable firmware in disk
>> controllers, battery controllers, BMC controllers, with opaque binary firmware
>> update blobs, and complex supply chains) that about secp256r1 vs secp521r1.
>>
>> We thought embedded devices were for physical infrastructure
>> engineers to worry about, but now they are proliferating inside
>> our general purpose computers. The next Stuxnet will run on one
>> of the invisible computers inside your computer.
>
> At the OHM there was a good talk about this topic, showing the what kind of
> things you can do with the embedded CPUs of the hard disks:
> http://wipkip.nikhef.nl/events/OHM/video/d2-t1-13-20130801-2300-hard_disks_more_than_just_block_devices-sprite_tm.m4v
And to add another, there was a presentation on ARM TrustZone, the OS
inside your CPU, that's seems so designed for backdoors that ARM
actually gives tips for running TrustZone invisible to the normal OS.
https://www.hackinparis.com/sites/hackinparis.com/files/Slidesthomasroth.pdf
These are increasingly worrying me as well. The Secure Element on
Android can at least (if you root and edit the .xml file) be queried
to learn identifiers of what is installed there, if not directly
interact with them.
-tom
More information about the cryptography
mailing list