Hardware Hacking

  • Comments posted to this topic are about the item Hardware Hacking

  • Very interesting topic Steve.

    Could it be possible that there's a missing link in this part of the editorial?

    This piece talks about the problems with the

  • We want our own countries to grow and do well, and our companies to grow inside of our own borders.

    I don't see why we we have to be that narrow minded. I for one, would like all the countries to grow and prosper equally. As for companies, they are exploitative entities. The world's first company was East India Company formed to exploit India. So I am not a big fan of companies. I prefer small individual businesses. These are usually local.

  • Hmmm. Not sure there isn't a bit of beehive thinking going on here; you know, the idea that the entrance to the hive is protected, so if you're inside the hive then you're not a threat.

    Just because a product is "domestically produced" says very little about its true origins. After all, what constitutes a British company? Even if you insisted it can only be a UK registered company operating in UK premises and staffed 100% by British born nationals, you still have to remember we're a melting pot of just about every race on the planet, each with their own set of potentially split loyalties. "Domestic product" is a misnomer for all but taxation purposes, so any feeling of security it engenders is misplaced.

    It's also true that developing new technology is expensive, and any company indulging in these kinds of underhand activities is gambling their whole investment; if they're found to be untrustworthy, they'll lose their entire business overnight. That's a huge incentive toward at least limiting covert activity like this.

    Don't get me wrong, though. I'm not naive enough to suggest backdoors are not being or will never be engineered into hardware. What I do say, however, is that the answer to such a threat is not to lock down national borders.

    Semper in excretia, suus solum profundum variat

  • Very interesting article.

    I did microcontroller code for consumer and inductrial products before moving to 'PC' code, and it's very easy to add additional hidden 'features' to a hardware product. Never thought about it from a hacking standpoint, but adding diagnostics that the end customer would never see was a common practice.

    I can see how from a hardware or firmware point where someone could add something which could be harmful.

  • umailedit (8/8/2011)


    We want our own countries to grow and do well, and our companies to grow inside of our own borders.

    I don't see why we we have to be that narrow minded. I for one, would like all the countries to grow and prosper equally. As for companies, they are exploitative entities. The world's first company was East India Company formed to exploit India. So I am not a big fan of companies. I prefer small individual businesses. These are usually local.

    Small agrarian communities such as you are advocating cannot compete in a global marketplace such as exists today and will continue to exist in the future.

    Wherever there are winners there must be losers so we all can't "grow and prosper equally". That concept has been tried and has failed and is yet still being tried in countless countries around the globe and they are among the poorest and least advanced countries in the world. Your ideas sound so wonderfully utopian where we hold hands and sing cumbaya. Unfortunately it is not a formula for success in the world marketplace.

    The probability of survival is inversely proportional to the angle of arrival.

  • majorbloodnock (8/8/2011)


    It's also true that developing new technology is expensive, and any company indulging in these kinds of underhand activities is gambling their whole investment; if they're found to be untrustworthy, they'll lose their entire business overnight. That's a huge incentive toward at least limiting covert activity like this.

    There's also the possibility of the government where the plan is saying, "If you don't put this in we'll find a way to shut you down now." Faced with that versus a possibility of losing business later most will risk loosing business later.

  • sturner (8/8/2011)


    Small agrarian communities such as you are advocating cannot compete in a global marketplace such as exists today and will continue to exist in the future.

    Not only that but small companies don't normally have the resources to invest in some of the research that's going on.

  • cfradenburg (8/8/2011)


    majorbloodnock (8/8/2011)


    It's also true that developing new technology is expensive, and any company indulging in these kinds of underhand activities is gambling their whole investment; if they're found to be untrustworthy, they'll lose their entire business overnight. That's a huge incentive toward at least limiting covert activity like this.

    There's also the possibility of the government where the plan is saying, "If you don't put this in we'll find a way to shut you down now." Faced with that versus a possibility of losing business later most will risk loosing business later.

    Absolutely, but a company prepared to use those sorts of tactics will not limit itself. If Bill Gates had married a Chinese lady with family still resident in China, and China were inclined to use bully boy tactics, would that be so different from Microsoft operating out of China directly?

    I'm not saying companies won't do this; merely that they'd be gambling with huge stakes, so would need a huge incentive to do so. Anyone with that much of a vested interest is unlikely to stop at national boundaries, so assuming domestic=safe/foreign=suspect is a shaky hypothesis.

    Semper in excretia, suus solum profundum variat

  • From a security standpoint, this is a very real concern!

    It's happening right now - remember the digital picture frames from China with malware pre-installed? It's not just government-based, either - what about Sony's root-kit hacks on "enchanced" music CDs in the 90s?

    Even when it's discovered, the consequences for companies are minimal. Sony still exists, for example, and people still buy their music. The get caught, say, "I'm sorry, it won't happen again", and the cycle continues.

    This is bad enough in the private sector, but when you start talking about defense applications, it's absolutely chilling. Can the manufacturer of a radio-control chip send a signal that shuts it down? If such an exploit exists, that renders millions, billions of dollars of military hardware useless, or even dangerous.

    Even without hardware hacks, we'd be in almost as much trouble if a foreign company simply decided to stop selling us products (or was ordered by its government, or was shut down due to political/social instability...).

    Of course some of these things can happen domestically too, and like other posters have said, even a U.S. company can be owned or staffed by people with other loyalties.

    Hopefully our military-industrial complex is aware of these possibilities and is addressing them appropriately.

    On a final note, even if none of these hacks are ever activated, they are adding unnecessary complexity to the systems they are a part of. Imagine Sony adds a "diagnostic" chip to your TV that stores a log of what equipment you plug into the HDMI ports, and another chip that broadcasts that data over the internet once a week when the TV is connected to the 'net. You say, "So what? I don't connect my tv to the internet". Fine. But what if a flaw in that hardware causes your TV to fail because it wasn't rigorously tested?

  • I would be less worried about something incredibly complex like an Intel CPU being modified (what a feat that would be if it were pulled off) and more worried about simpler devices.

    I can't find the news articles now, but a few years ago I read about a group of cyber-criminals that changed the designs of a point-of-sale card reader being produced for American retail outlets. The re-designed card readers not only transmitted the card info to be processed by legitimate means, but also transmitted a copy to the bad guys. The modified card readers were in place and being used for about 18 months if I remember.

  • Ninja's_RGR'us (8/7/2011)


    Very interesting topic Steve.

    Could it be possible that there's a missing link in this part of the editorial?

    This piece talks about the problems with the

    Yes, link missing. Corrected, but here is the link: http://arstechnica.com/tech-policy/news/2011/06/spies-military-looking-for-hacker--backdoor-proof-circuits.ars

  • majorbloodnock (8/8/2011)


    Don't get me wrong, though. I'm not naive enough to suggest backdoors are not being or will never be engineered into hardware. What I do say, however, is that the answer to such a threat is not to lock down national borders.

    It's not locking down borders, but producing some of these items inside your borders can allow you more control, if you require those controls of the company doing the producing. Not sure how that works for all countries, but we could certainly implement some of this in the US. Perhaps require review of their plans/plants.

  • Steve Jones - SSC Editor (8/8/2011)


    Ninja's_RGR'us (8/7/2011)


    Very interesting topic Steve.

    Could it be possible that there's a missing link in this part of the editorial?

    This piece talks about the problems with the

    Yes, link missing. Corrected, but here is the link: http://arstechnica.com/tech-policy/news/2011/06/spies-military-looking-for-hacker--backdoor-proof-circuits.ars

    Edit : Corrected links (had a return that messed up the url)

  • Steve Jones - SSC Editor (8/8/2011)


    majorbloodnock (8/8/2011)


    Don't get me wrong, though. I'm not naive enough to suggest backdoors are not being or will never be engineered into hardware. What I do say, however, is that the answer to such a threat is not to lock down national borders.

    It's not locking down borders, but producing some of these items inside your borders can allow you more control, if you require those controls of the company doing the producing. Not sure how that works for all countries, but we could certainly implement some of this in the US. Perhaps require review of their plans/plants.

    I understand what you're saying, Steve, but with respect you're only really in a position to suggest that because you're an American. The UK, for instance, is certainly not a third world country (although with the recent rioting, you'd be forgiven for thinking so....), but we're nowhere near rich enough for large scale chip production within our borders to be realistic; we have to rely on foreign imports.

    Another thought. You're suggesting that the US require that chip manufacturers divulge their plans and plants to the government. What if they don't? Would they be shut down? If so, how is that different from a Far Eastern country applying similar pressure for slightly different ends? And if one of America's allies is also concerned about security in this area, should those chip plans be shared between friendly governments, or should the world just live with the fact we have to trust the US?

    I know I'm throwing up some Devil's Advocate questions, and rhetorical ones at that. I realise this is a valid security concern, that countries have to protect both their civil and military infrastructures, and that to do this requires manufacturers to allow governments greater visibility than would be afforded to other customers. However, the solution is just as complex as the problem, so we need to be wary of oversimplifying our judgements.

    Semper in excretia, suus solum profundum variat

Viewing 15 posts - 1 through 15 (of 21 total)

You must be logged in to reply to this topic. Login to reply