[Cryptography] Anyone else seen some odd shipping delays?

Ray Dillinger bear at sonic.net
Fri Dec 4 18:26:37 EST 2015 


On 12/03/2015 06:27 PM, Phillip Hallam-Baker wrote:
> Twice in the past week, I have ordered a computer and it has been subject
> to odd shipping delays and the UPS data makes no sense.
> 
> I don't think it is seasonal, other stuff arrives fine. Only computers seem
> to be held up.
> 
> So anyone have ideas for checking over a QNAP box to see what surprises
> might have been planted in the firmware?
> 

Oooh, interesting!

If you approach any of a number of researchers, I'm willing to bet
they'd offer to swap you a computer from some store near you which
someone buys that very afternoon, for your presumably-trojanned box,
straight across.

It's win-win; you get something clean (assuming something clean is
what's at the local store which didn't know you were going to be the
one using it) and some grad student with a masters thesis to write
and lots of electronic hardware gets to crack into the latest
exploit!

What's your specific region?  Someone may be able to recommend a
few specific people to contact who are near enough to come do a
swap in person.

That said, the biggest targets in modern computer hardware are
the disk controller (integrated into the hard drive), the USB
controller (on the motherboard), the nonvolatile BIOS (on the
mobo but usually with an update channel that depends on the USB
controller), the network controller (usually on-board these days
with its own nonvolatile BIOS), and DSP controllers (possibly
on the mobo but these days usually on upgradeable video cards).

Nothing that can be fixed by wiping the OS and reinstalling is
still a target.

Of these the BIOS or disk controller are usually preferred if
the goal is to ensure persistent access or access to encrypted
files, the network card is preferred if the goal is access to
communications, and the USB controller is preferred if the goal
is to gain access to additional machines.  The video controller
can extend any of of these capabilities with communications
to nearby "airgapped" machines if those machines are also
compromised, or make radio-frequency signals that are much
easier to monitor than the usual TEMPEST style remote screen-
reading tricks.

I haven't yet heard of any microcode (in-CPU) compromises yet,
but that would seem like the obvious next place to go if you
want access to encrypted material in general.

				Bear

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20151204/69d3e29e/attachment.sig>

More information about the cryptography mailing list