Author Topic: GCHQ goons so clueless they think DC/DC converters are a security risk  (Read 9005 times)

0 Members and 1 Guest are viewing this topic.

Offline mikeselectricstuff

  • Super Contributor
  • ***
  • Posts: 12105
  • Country: gb
    • Mike's Electric Stuff
 :palm: :palm: :palm: :palm: :palm:
Quote

Surprisingly, however, GCHQ were not just interested in hard drives nor did they destroy whole devices. An examination of the targeted hardware by Privacy International, with cooperation from the Guardian, has found the whole episode to be more troubling and puzzling than previously believed. 1
 
During our invesitgation, we were surprised to learn that a few very specific components on devices, such as the keyboard, trackpad and monitor, were targeted along with apparently trivial chips on the main boards of laptops and desktops. Initial consultation with members of the technology community supported our identification of the components and that the actions of GCHQ were worth analyzing further.
 
In light of GCHQ's actions, we have asked hardware manufacturers to explain what these elements actually do: what information can be stored on a device, how much information it can retain, and for how long.

https://www.privacyinternational.org/blog/what-does-gchq-know-about-our-devices-that-we-dont

The scary thing is that people supposedly in charge of national security are so stupid.
Youtube channel:Taking wierd stuff apart. Very apart.
Mike's Electric Stuff: High voltage, vintage electronics etc.
Day Job: Mostly LEDs
 

Offline tom66

  • Super Contributor
  • ***
  • Posts: 3619
  • Country: gb
  • Electron Fiddler, FPGA Hacker, Embedded Systems EE
Inductors can store a permanent magnetic field. Perhaps they could remember the previous CPU stage in the magnetic field and be used to extract data. (cue CSI music... "YEAHHHHHHHH")
« Last Edit: May 23, 2014, 10:47:05 am by tom66 »
 

Offline G0HZU

  • Super Contributor
  • ***
  • Posts: 2576
  • Country: gb
The link doesn't work for me but I found parts of the article online.
I don't know what DCDC converter is referred to in the full text but some DCDC converter chips are programmable. eg via I2C.  I assume there will be at least a few bytes of user OTP memory onboard in addition to the basic programmable settings.
 

Offline dannyf

  • Super Contributor
  • ***
  • Posts: 8229
  • Country: 00
Quote
GCHQ goons so clueless they think DC/DC converters are a security risk

Risk means *****potential****** harm, not harm of certainty.

So from that perspective, it is PRUDENT to look for the POSSIBILITY that mundane devices like a converter as a security threat.
================================
https://dannyelectronics.wordpress.com/
 

Offline FrankBuss

  • Supporter
  • ****
  • Posts: 2313
  • Country: de
    • Frank Buss
Maybe it was a joke, to create some more conspiracy theories. But judging from many spy movies, British agents don't joke, only Felix from CIA :)

But I could imagine that someone could implant some flash memory in a DC-DC converter IC and save information on it, if it has I2C, like modern mainboards may use for setting the voltage. Of course, very unlikely for the LT3580 which the article describes was destroyed. It could have some electronics for power analysis, but this requires much more computing power than what is possible within a small DC-DC converter IC to get some useful data.
So Long, and Thanks for All the Fish
Electronics, hiking, retro-computing, electronic music etc.: https://www.youtube.com/c/FrankBussProgrammer
 

Offline mamalala

  • Supporter
  • ****
  • Posts: 777
  • Country: de
Keep in mind that spy agencies can implant devices, and have harmless looking components with implants built-in at their disposal. Did you see how they make ethernet jacks with builtin implants? USB cables with implants?



I can easily imagine some stuff, assuming that the computers in question had implants, that could be going on. A DC/DC converter for a backlight could be modified. Use the enable/disable pin so that when a higher frequency signal is applied it modulates the backlight. That would make a neat device to transmit information, the backlight itself would act as the antenna. Screens have large surfaces...

Controller chips in keyboards and mice/mousepads can be used to intercept whatever is typed, mouse movements and clicks, etc. Keep in mind that the bus they are connected to is bidirectional. If there is some flash storage available, that could be used as mid-/long-term buffer.

It's easy to see that, given the possibility, they would try and destroy such implants before they can be found by others.

The sad thing is that even we know very little from the Snowden leaks, it already is enough to make such things very plausible.

Greetings,

Chris
 

Offline retrolefty

  • Super Contributor
  • ***
  • Posts: 1619
  • Country: us
  • measurement changes behavior
Back in the 60s the military/government had a program called "Tempest" that was to protect classified information handled by electronic/electro-mechanical equipment (mostly teletype/crypto stuff) from detection of unprotected plain text information via remote monitoring of the generated EMI emissions of the equipment.

 Lots of money and manpower went into shielding, lowering signal levels, etc to make such 'attacks' more difficult, and new equipment had to be designed and build with these new requirements.



 

Offline Rory

  • Frequent Contributor
  • **
  • Posts: 408
  • Country: us
I was thinking the same thing as the OP, why destroy a switching converter? Then it occurred to me that emitted/conducted radiation from the oscillator on this chip could be received, any signals on the rails could modulate the switching frequency.

Wasn't there an article out recently talking about this method?
 

Offline SirNick

  • Frequent Contributor
  • **
  • Posts: 589
While I don't doubt that some of the tactics discussed here are possible, and we as a species are technically advanced enough to put a scary amount of computing power into the smallest of places, the scope of that effort seems way too broad to make any sense here.

I mean, c'mon... Were the notebooks acquired before the leak?  If so, is Apple making these things -- or someone retrofitting shrink-wrapped goods -- on the off chance that it will land in the hands of someone that has information valuable enough to make it worth such a shotgun approach?  Also, while you can fit a small computer in a tiny IC, the sheer amount of data processed by a modern laptop or desktop would make it an unenviable task to determine what is valuable information, and what is not.

OK, not that I have any experience in espionage to back up my stupid opinions, but it seems to me that this kind of thing would have to be a targeted attack to be feasible.  Much easier to go old-skool spy and plant a bug in the office ferns than to unleash an army of voyeuristic MacBooks in the vague hope that one will fall into the hands of a newspaper that will receive copies of confidential documents that the backlight inverter will then modulate in such a way that the NSA can pick it up with a pair of bunny ears.  Ditto with the i2c controller or 2KB of flash in a trackpad.
 

Offline mamalala

  • Supporter
  • ****
  • Posts: 777
  • Country: de
I mean, c'mon... Were the notebooks acquired before the leak?  If so, is Apple making these things -- or someone retrofitting shrink-wrapped goods -- on the off chance that it will land in the hands of someone that has information valuable enough to make it worth such a shotgun approach?  Also, while you can fit a small computer in a tiny IC, the sheer amount of data processed by a modern laptop or desktop would make it an unenviable task to determine what is valuable information, and what is not.

From the Snowden documents it has become clear that they do intercept packages and bug the equipment therein. It is easy for them to get hold of shipments to a targeted person, manipulate the contents, and have it continue to ship to the destination. It's not unthinkable that certain reporters/newspapers became a target, given the previous leaks.

OK, not that I have any experience in espionage to back up my stupid opinions, but it seems to me that this kind of thing would have to be a targeted attack to be feasible.  Much easier to go old-skool spy and plant a bug in the office ferns than to unleash an army of voyeuristic MacBooks in the vague hope that one will fall into the hands of a newspaper that will receive copies of confidential documents that the backlight inverter will then modulate in such a way that the NSA can pick it up with a pair of bunny ears.  Ditto with the i2c controller or 2KB of flash in a trackpad.

As mentiooned, it easy for them to intercept specific parcels. Have you seen the video that i linked to? They are quite sophisticated when it comes to implants. Also, the BIOS of a computer makes a really good target to plant bugs. And, if for a moment we assume that they did intercept the delivery of a machine, what makes you think that the flash still has only 2KB? Let it have a few MB and that is enough storage to sniff keyboard input during the times the machine has no network connection, only to be sent out once it is connected again.

Really, take a look at what is already published from these documents. It's not hard to find. You can also download a PDF for free that contains a selection of these documents, on Glen Greenwald's site about the new book he just released:

http://glenngreenwald.net/

What they do goes way beyond "just" sniffing on someone, with bunny-ears. And keep in mind that so far only a tiny fraction of documents have been written about or released. But that is already enough to make it clear that such a scenario is far from fantasy, or hard to accomplish for them. Combine that with the sheer dimension of their senseless spying and intercepting, and you get the idea. Heck, they even actively manipulate equipment that is at the core of the network infrastructure.

Greetings,

Chris
 

Offline Tinkerer

  • Frequent Contributor
  • **
  • Posts: 346
Quote
What they do goes way beyond "just" sniffing on someone, with bunny-ears. And keep in mind that so far only a tiny fraction of documents have been written about or released. But that is already enough to make it clear that such a scenario is far from fantasy, or hard to accomplish for them. Combine that with the sheer dimension of their senseless spying and intercepting, and you get the idea. Heck, they even actively manipulate equipment that is at the core of the network infrastructure.
This is what happens when they have unlimited funding to do stuff. The day before 9/11, Dick Cheney reported to congress that $1 trillion had gone missing from the pentagon budget. Then 9/11 happened and everyone seemingly forgot. Since then, more budgeting issues have been discovered and in general book keeping is a total disaster. Just something that never gets addressed. But the point is that when you got the funding...
 

Offline Dave Turner

  • Frequent Contributor
  • **
  • Posts: 439
  • Country: gb
All security people have to be paranoid - it's the nature of the job. They know someone's out to get them.

Hmm do all routers and firewalls have backdoors built in?

The only secure computer never connects to the internet and is only accessible by one person.
 ;D
 

Offline dannyf

  • Super Contributor
  • ***
  • Posts: 8229
  • Country: 00
Quote
only accessible by one person.

Mr. Snowden?
================================
https://dannyelectronics.wordpress.com/
 

Offline SirNick

  • Frequent Contributor
  • **
  • Posts: 589
From the Snowden documents ...

Greetings,

Chris

Speaking of paranoia, I think in the interest of my ability to retain a security clearance when and if I ever require one again, I won't go pursuing leaked classified documents.  But otherwise, I shall consider myself appropriately chagrined after reading your post.

I confess, I am probably still a teensy bit naive when it comes to understanding how far people and governments will go.
 

Online T3sl4co1l

  • Super Contributor
  • ***
  • Posts: 14735
  • Country: us
  • Expert, Analog Electronics, PCB Layout, EMC
    • Seven Transistor Labs
Probably, those devices contain some storage (volatile or otherwise) that could be suspected of containing information.  How it would get there I don't know, but...

Recall that all these devices are stateful, usually linked to the greater system via I2C or SMBus or whatever.  There are probably registers that could store information; perhaps undocumented or configuration regions that would be of particular interest to spooks.

Tim
Seven Transistor Labs, LLC
Electronic design, from concept to prototype.
Bringing a project to life?  Send me a message!
 

Offline CrosseyeJack

  • Contributor
  • Posts: 25
  • Country: gb
Last years GCHQ's public "Hack this and join us" comp (to be fair they got a 3rd party to run it) was easily defected by brute forcing the site. But no, if you didn't do it their way they didn't accept the submission.


So I'm not surprised in the least.
 

Offline rexxar

  • Frequent Contributor
  • **
  • Posts: 439
  • Country: us
    • Forever Tinkering
Probably, those devices contain some storage (volatile or otherwise) that could be suspected of containing information.  How it would get there I don't know, but...

Recall that all these devices are stateful, usually linked to the greater system via I2C or SMBus or whatever.  There are probably registers that could store information; perhaps undocumented or configuration regions that would be of particular interest to spooks.

Tim

Yeah, but across all three you might have enough to store "GCHQ sucks lol"

I guess you could nuke the actual firmware on the chip and get a few kB, but it'd be easier for a person to memorize that amount of information than to do that sort of hackery.
 

Online chicken

  • Regular Contributor
  • *
  • Posts: 221
  • Country: us
  • Rusty Coder
Methinks someone is projecting their own actions onto others. I.e. GCHQ's version of "We patch up Cisco gear, therefore Huawei gear must have backdoors too"

What is Psychological Projection? http://en.wikipedia.org/wiki/Psychological_projection

« Last Edit: May 24, 2014, 01:59:08 am by chicken »
 

Offline TVman

  • Frequent Contributor
  • **
  • Posts: 260
  • Country: us
  • Life is A bunch of people staring at computers. ;)
And guess what?!?
They are putting CAMERAS And A microphone in Tv boxes. :palm: |O
By installing Cameras and hidden microphones inside our all but mandatory digital boxes, the government and whatever corporate entities get a slice of the pie, have direct access to our living rooms.  >:( :palm:
http://www.propagandamatrix.com/articles/february2009/021809_spy_camera.htm
So evil! >:( >:D
Yeah, I play Minecraft!
But I'm on here more because I learn more. :D
 

Offline Monkeh

  • Super Contributor
  • ***
  • Posts: 6159
  • Country: gb
Convenient how that video is so blurred you can't actually see anything.. like any contact between the 'camera' and the PCB! The 'microphone' is in an interesting spot, too.

Don't believe everything you see on the internet.

If you open up a normal one, you know what you find in place of the 'microphone'?



A TO-92! And I'll bet that it's a TL431, too, I wonder what a TL431 could be doing there? No real purpose right in the middle of the feedback for the PS- oh, right.
« Last Edit: May 24, 2014, 03:45:14 am by Monkeh »
 

Offline TVman

  • Frequent Contributor
  • **
  • Posts: 260
  • Country: us
  • Life is A bunch of people staring at computers. ;)
« Last Edit: May 24, 2014, 03:54:14 am by TVman »
Yeah, I play Minecraft!
But I'm on here more because I learn more. :D
 

Offline Monkeh

  • Super Contributor
  • ***
  • Posts: 6159
  • Country: gb
This is the search I did...
http://www.google.com/cse?cx=002683415331144861350%3Atsq8didf9x0&q=camera+in+tv+spying&ie=utf-8&sa=Search


How many times are you going to edit the link to 'the search you did'?

Wake up, kiddo, the internet is full of BS.
 

Offline TVman

  • Frequent Contributor
  • **
  • Posts: 260
  • Country: us
  • Life is A bunch of people staring at computers. ;)
because the link was searching for camera in dvr not camera in tv box.
Yeah, I play Minecraft!
But I'm on here more because I learn more. :D
 

Offline dannyf

  • Super Contributor
  • ***
  • Posts: 8229
  • Country: 00
Quote
I mean, c'mon...

For the security folks, they think in terms of what's possible, not what's probable.
================================
https://dannyelectronics.wordpress.com/
 

Offline G7PSK

  • Super Contributor
  • ***
  • Posts: 3682
  • Country: gb
  • It is hot until proved not.
They most likely wanted to make sure that the bugs they had planted were removed, I expect that most newspapers are bugged to buggery by the various "intelligence" agency's.
 


Share me

Digg  Facebook  SlashDot  Delicious  Technorati  Twitter  Google  Yahoo
Smf