Difference between revisions of "Backdoor"

From Wikispooks
Jump to navigation Jump to search
(pictures)
 
(3 intermediate revisions by 2 users not shown)
Line 2: Line 2:
 
|wikipedia=https://en.wikipedia.org/wiki/Backdoor_(computing)
 
|wikipedia=https://en.wikipedia.org/wiki/Backdoor_(computing)
 
|image=Backdoor.jpg
 
|image=Backdoor.jpg
|constitutes=
+
|constitutes=Malware
 
|interests=
 
|interests=
 
|description=A covert means of gaining unauthorised and/or unmonitored access to a computing system.
 
|description=A covert means of gaining unauthorised and/or unmonitored access to a computing system.
Line 14: Line 14:
 
Smartphones connect to cell towers on a hardware level using a so called base band processor (not the CPU). The [[ccc]], a German computer club, has reported{{cn}} that (NSA) backdoors exist on this level. Arguably, the operating systems (Android and iOS) are designed on a system level (i.e. update functionality and API structure and tools for app development) as well as the application level (browsers, etc.) to spy and backdoor the user. A related type of backdoor was reported in [[Samsung]] mobiles in [[2014]].<ref>https://www.zdnet.com/article/backdoor-in-samsung-galaxy-devices-allows-remote-access-to-data/</ref><ref>https://redmine.replicant.us/projects/replicant/wiki/SamsungGalaxyBackdoor</ref>
 
Smartphones connect to cell towers on a hardware level using a so called base band processor (not the CPU). The [[ccc]], a German computer club, has reported{{cn}} that (NSA) backdoors exist on this level. Arguably, the operating systems (Android and iOS) are designed on a system level (i.e. update functionality and API structure and tools for app development) as well as the application level (browsers, etc.) to spy and backdoor the user. A related type of backdoor was reported in [[Samsung]] mobiles in [[2014]].<ref>https://www.zdnet.com/article/backdoor-in-samsung-galaxy-devices-allows-remote-access-to-data/</ref><ref>https://redmine.replicant.us/projects/replicant/wiki/SamsungGalaxyBackdoor</ref>
  
===Intel===
+
===Intel / AMD===
Modern chips from [[Intel]] all include the [[Intel Management Engine]] (IME), which is provides an extra feature set. This ''might'' be usable as a low level backdoor.<ref>https://blog.invisiblethings.org/2015/10/27/x86_harmful.html saved at [https://web.archive.org/web/20201111232540/https://blog.invisiblethings.org/2015/10/27/x86_harmful.html Archive.org]</ref> Although the lack of public documentation hinders its understanding, [[hackers]] have reverse engineered it to some extent. From a user perspective the IME ''"sounds like a bad joke, or a scene inspired by George Orwell's work"''<ref>
+
====Intel ME====
 +
Modern chips from [[Intel]] all include the Management Engine, which is provides an extra feature set. This can be used as a low level backdoor.<ref>https://blog.invisiblethings.org/2015/10/27/x86_harmful.html saved at [https://web.archive.org/web/20201111232540/https://blog.invisiblethings.org/2015/10/27/x86_harmful.html Archive.org]</ref> Although the lack of public documentation hinders its understanding, [[hackers]] have reverse engineered it to some extent. From a user perspective the IME ''"sounds like a bad joke, or a scene inspired by George Orwell's work"'' <ref>
 
   https://github.com/rootkovska/x86_harmful/blob/master/x86_harmful.md  
 
   https://github.com/rootkovska/x86_harmful/blob/master/x86_harmful.md  
 
   </ref>  
 
   </ref>  
 
because it is ''closed source'', exempt from power off, has full memory access, continuously runs in the background and embedded on the CPU core dye. From the perspective of deep state actors, this is another step toward a centralized deep point of control and manipulation shielded from public scrutiny.
 
because it is ''closed source'', exempt from power off, has full memory access, continuously runs in the background and embedded on the CPU core dye. From the perspective of deep state actors, this is another step toward a centralized deep point of control and manipulation shielded from public scrutiny.
 +
 +
====AMD PSP====
 +
The AMD Platform Security Processor (PSP) is a subsystem incorporated since about [[2013]] into AMD microprocessors and it is the equivalent to Intel ME. Critics worry it can be used as a backdoor and is a security concern. AMD has denied requests to open source the code that runs on the PSP.<ref>https://hothardware.com/news/amd-confirms-it-will-not-be-opensourcing-epycs-platform-security-processor-code</ref>
  
 
===UEFI===
 
===UEFI===
Line 24: Line 28:
  
 
===Deliberate design flaws===
 
===Deliberate design flaws===
It stands to reason that some "[https://www.wired.com/story/its-not-a-bug-its-a-feature/ bugs]" and design flaws in commercially available hardware are deliberate ("planned features"),<ref>https://www.theverge.com/2017/9/12/16294904/bluetooth-hack-exploit-android-linux-blueborne saved at [https://web.archive.org/web/20170912155804/https://www.theverge.com/2017/9/12/16294904/bluetooth-hack-exploit-android-linux-blueborne Archive.org] and [http://archive.is/tRSh8 Archive.is]</ref><ref>https://arstechnica.com/information-technology/2021/01/hackers-are-exploiting-a-backdoor-built-into-zyxel-devices-are-you-patched/ saved at [http://web.archive.org/web/20210301075311/https://arstechnica.com/information-technology/2021/01/hackers-are-exploiting-a-backdoor-built-into-zyxel-devices-are-you-patched/ Archive.org]</ref><ref>https://www.schneier.com/blog/archives/2021/01/backdoor-in-zyxel-firewalls-and-gateways.html saved at [http://web.archive.org/web/20210801030448/https://www.schneier.com/blog/archives/2021/01/backdoor-in-zyxel-firewalls-and-gateways.html Archive.org]</ref> to give state actors speedy access to any system. This has been demonstrated to be the case with the manufacturer [[Sercomm]].<ref>https://www.synacktiv.com/ressources/TCP32764_backdoor_again.pdf saved at [https://web.archive.org/web/20140420023502/http://www.synacktiv.com/ressources/TCP32764_backdoor_again.pdf Archive.org]</ref>
+
It stands to reason that some "[https://www.wired.com/story/its-not-a-bug-its-a-feature/ bugs]" and design flaws in commercially available hardware are deliberate ("planned features"),<ref>https://www.theverge.com/2017/9/12/16294904/bluetooth-hack-exploit-android-linux-blueborne saved at [https://web.archive.org/web/20170912155804/https://www.theverge.com/2017/9/12/16294904/bluetooth-hack-exploit-android-linux-blueborne Archive.org] and [http://archive.is/tRSh8 Archive.is]</ref><ref>https://arstechnica.com/information-technology/2021/01/hackers-are-exploiting-a-backdoor-built-into-zyxel-devices-are-you-patched/ saved at [http://web.archive.org/web/20210301075311/https://arstechnica.com/information-technology/2021/01/hackers-are-exploiting-a-backdoor-built-into-zyxel-devices-are-you-patched/ Archive.org]</ref><ref>https://www.schneier.com/blog/archives/2021/01/backdoor-in-zyxel-firewalls-and-gateways.html saved at [http://web.archive.org/web/20210801030448/https://www.schneier.com/blog/archives/2021/01/backdoor-in-zyxel-firewalls-and-gateways.html Archive.org]</ref> to give state actors speedy access to any system. This has been demonstrated to be the case with the manufacturer [[Sercomm]].<ref>https://www.synacktiv.com/ressources/TCP32764_backdoor_again.pdf saved at [https://web.archive.org/web/20140420023502/http://www.synacktiv.com/ressources/TCP32764_backdoor_again.pdf Archive.org]</ref> Gigabyte mainboards had a design flaw (or possible backdoor) in their firmware that enabled an attacker to take over the systems if they were running [[Windows]].<ref>https://www.cpomagazine.com/cyber-security/firmware-backdoor-discovered-in-gigabyte-motherboards-hundreds-of-models-affected/</ref>
  
 
==Hardware backdoors by intelligence agencies==
 
==Hardware backdoors by intelligence agencies==
Line 49: Line 53:
 
{{SMWQ
 
{{SMWQ
 
|text=Every year, we learn about some issue in WhatsApp that puts everything on their users' devices at risk. Which means it's almost certain that a new security flaw already exists there. Such issues are hardly incidental – they are planted backdoors. If one backdoor is discovered and has to be removed, another one is added
 
|text=Every year, we learn about some issue in WhatsApp that puts everything on their users' devices at risk. Which means it's almost certain that a new security flaw already exists there. Such issues are hardly incidental – they are planted backdoors. If one backdoor is discovered and has to be removed, another one is added
|subjects=Malware, Spyware, Mass surveillance, Smartphone
+
|subjects=Malware, Spyware, Mass surveillance, Smartphone, WhatsApp, Facebook
 
|authors=Pavel Durov
 
|authors=Pavel Durov
 
|date=05 October 2022
 
|date=05 October 2022

Latest revision as of 17:59, 20 June 2023

Concept.png Backdoor 
(Malware)Rdf-entity.pngRdf-icon.png
Backdoor.jpg
Interest ofDragos Ruiu
A covert means of gaining unauthorised and/or unmonitored access to a computing system.

A backdoor to a computing system is a means intended to provide unauthorised access. Zero day exploits may be used to plausibly deny that a backdoor was deliberately installed and abused. The extent to which modern electronic equipment is routinely backdoored is matter of speculation, but there are examples that clearly show that some pieces of hardware are manufactured with backdoors and the intention to keep the vulnerability, even if it is reported as a bug.[1]

Hardware backdoors by manufacturers

Although there are countless brands of computers, the differences between them are superficial; almost all modern computing devices rely on CPUs from a very small number of manufacturers. Some design flaws may be deliberate, or after discovery are kept secret for as long as possible.[2]

Smartphones

Smartphones connect to cell towers on a hardware level using a so called base band processor (not the CPU). The ccc, a German computer club, has reported[citation needed] that (NSA) backdoors exist on this level. Arguably, the operating systems (Android and iOS) are designed on a system level (i.e. update functionality and API structure and tools for app development) as well as the application level (browsers, etc.) to spy and backdoor the user. A related type of backdoor was reported in Samsung mobiles in 2014.[3][4]

Intel / AMD

Intel ME

Modern chips from Intel all include the Management Engine, which is provides an extra feature set. This can be used as a low level backdoor.[5] Although the lack of public documentation hinders its understanding, hackers have reverse engineered it to some extent. From a user perspective the IME "sounds like a bad joke, or a scene inspired by George Orwell's work" [6] because it is closed source, exempt from power off, has full memory access, continuously runs in the background and embedded on the CPU core dye. From the perspective of deep state actors, this is another step toward a centralized deep point of control and manipulation shielded from public scrutiny.

AMD PSP

The AMD Platform Security Processor (PSP) is a subsystem incorporated since about 2013 into AMD microprocessors and it is the equivalent to Intel ME. Critics worry it can be used as a backdoor and is a security concern. AMD has denied requests to open source the code that runs on the PSP.[7]

UEFI

Computers use an inbuilt low level system to load a full operating system (such as Windows). Previous referred to as BIOS, modern computers use UEFI, which can support remote diagnostics and repair of computers, even with no operating system installed.[8] It may have design flaws and harbour backdoors.[citation needed]

Deliberate design flaws

It stands to reason that some "bugs" and design flaws in commercially available hardware are deliberate ("planned features"),[9][10][11] to give state actors speedy access to any system. This has been demonstrated to be the case with the manufacturer Sercomm.[12] Gigabyte mainboards had a design flaw (or possible backdoor) in their firmware that enabled an attacker to take over the systems if they were running Windows.[13]

Hardware backdoors by intelligence agencies

USA

In 2014 it was revealed via Edward Snowden that the NSA routinely backdoors networking hardware exported from the USA.[14] Rewriting the firmware of hard drives as part of an attack has been reported by Kaspersky in 2015.[15][16][17][18]

China

Chinese intelligence has attached tiny chips, mainly to Supermicro boards, since at least 2008.[19][20]

Guardian laptops

The peculiar destruction of Laptops from The Guardian that held part of the Snowden archive, which was reported about by Privacy International in 2014,[21] showed that GCHQ targeted specific chips on the mainboard and related components, while it could have chosen to instead/or in addition shred the whole hardware to conceal this very specific action. Intelligence agencies, when they get initial access to a system through a browser may choose,[22] depending on the capability and value of a target, to not write the data for their surveillance tools on the hard drive where it could more or less easily be found, but on these very chips whose firmware can likely be rewritten, as it is known to be the case with all USB components.[23] This would make it possible to bypass all security monitoring and measures initiated on the level of the operating system running on the device. It is not clear if the restitution by GCHQ, the way it was done, was deliberate to communicate this very fact, or by mistake.

Bad bios

Bad bios was a complex malware that IT security researcher Dragos Ruiu reported about in 2013, which had the hallmarks of a very advanced attack that aims at persistence in the hardware.[24][25][26][27][28] According to his account back then, the malware could infect computers via USB, could get persistence in the system while not using the regular storage space and it communicated with other infected devices via inaudible sound.[29][30][31][32][33][34][35][36] All attack angles and "features" have at the time already been proven as possible by security researchers, the reporting however was never followed up on and Ruiu made no further comment.[37]

Operating system

Full article: Operating system

Open source operating systems, by definition, allow public access to the source code, which allows for the discovery of backdoors. The most widely used open source operating system is Linux, generally reckoned to be less vulnerable to backdoors than closed source alternatives. Although Microsoft is not known to have made a formal admission, the discovery of a debugging symbol name "_NSAKEY" in Windows 98 is by some interpreted as evidence of an NSA backdoor in that system.

Software

I dont always patch backdoors.webp
Full article: Stub class article Software

Some operating systems routinely ship with pre-installed malware and/or manufacturers' software of dubious pedigree. This applies not only to closed source OS, but also Android.[38][39]

“Every year, we learn about some issue in WhatsApp that puts everything on their users' devices at risk. Which means it's almost certain that a new security flaw already exists there. Such issues are hardly incidental – they are planted backdoors. If one backdoor is discovered and has to be removed, another one is added”
Pavel Durov (05 October 2022)  [40]

Installation

Installation of backdoors is a common payload of malware. Exodus is piece of spyware that eSurv produced to order for the Italian government. It was revealed to permanently create backdoors, lowering the security of the devices on which it was installed. Since this is illegal under Italian law, once this was publicised, the Italian police began an investigation into eSurv.

External links


Many thanks to our Patrons who cover ~2/3 of our hosting bill. Please join them if you can.



References

  1. https://www.synacktiv.com/ressources/TCP32764_backdoor_again.pdf saved at Archive.org
  2. https://www.theverge.com/2017/9/12/16294904/bluetooth-hack-exploit-android-linux-blueborne saved at Archive.org and Archive.is
  3. https://www.zdnet.com/article/backdoor-in-samsung-galaxy-devices-allows-remote-access-to-data/
  4. https://redmine.replicant.us/projects/replicant/wiki/SamsungGalaxyBackdoor
  5. https://blog.invisiblethings.org/2015/10/27/x86_harmful.html saved at Archive.org
  6. https://github.com/rootkovska/x86_harmful/blob/master/x86_harmful.md
  7. https://hothardware.com/news/amd-confirms-it-will-not-be-opensourcing-epycs-platform-security-processor-code
  8. https://web.archive.org/web/20130626000135/http://h30565.www3.hp.com/t5/Feature-Articles/The-30-year-long-Reign-of-BIOS-is-Over-Why-UEFI-Will-Rock-Your/ba-p/198
  9. https://www.theverge.com/2017/9/12/16294904/bluetooth-hack-exploit-android-linux-blueborne saved at Archive.org and Archive.is
  10. https://arstechnica.com/information-technology/2021/01/hackers-are-exploiting-a-backdoor-built-into-zyxel-devices-are-you-patched/ saved at Archive.org
  11. https://www.schneier.com/blog/archives/2021/01/backdoor-in-zyxel-firewalls-and-gateways.html saved at Archive.org
  12. https://www.synacktiv.com/ressources/TCP32764_backdoor_again.pdf saved at Archive.org
  13. https://www.cpomagazine.com/cyber-security/firmware-backdoor-discovered-in-gigabyte-motherboards-hundreds-of-models-affected/
  14. http://www.theguardian.com/books/2014/may/12/glenn-greenwald-nsa-tampers-us-internet-routers-snowden
  15. https://web.archive.org/web/20150219013840/http://www.geek.com/apps/nsa-malware-found-hiding-in-hard-drives-for-almost-20-years-1615949/
  16. https://web.archive.org/web/20150218125008/http://www.kaspersky.com/about/news/virus/2015/equation-group-the-crown-creator-of-cyber-espionage
  17. https://web.archive.org/web/20100216214123/https://securelist.com/blog/research/68750/equation-the-death-star-of-malware-galaxy/
  18. https://web.archive.org/web/20150216214123/https://securelist.com/files/2015/02/Equation_group_questions_and_answers.pdf
  19. https://www.breitbart.com/national-security/2021/02/12/report-china-used-computer-chips-spy-american-pc-systems/
  20. https://www.bloomberg.com/news/features/2018-10-04/the-big-hack-how-china-used-a-tiny-chip-to-infiltrate-america-s-top-companies
  21. http://archive.today/2014.05.22-200639/https://www.privacyinternational.org/blog/what-does-gchq-know-about-our-devices-that-we-dont
  22. https://medium.com/@nweaver/how-the-nsa-could-hack-almost-any-browser-1b5ab05ac74e saved at Archive.is
  23. https://www.wired.com/2014/07/usb-security/ saved at Archive.org saved at Archive.is
  24. https://heavy.com/tech/2013/10/badbios-virus-dragosr-what-is/
  25. https://web.archive.org/web/20161029014619/http://www.bleepingcomputer.com/forums/t/590983/how-do-i-know-the-bad-bios-exists-and-how-to-save-my-computer/
  26. https://arstechnica.com/information-technology/2013/10/meet-badbios-the-mysterious-mac-and-pc-malware-that-jumps-airgaps/
  27. https://threatpost.com/dragos-ruiu-on-the-badbios-saga/102823/ saved at Archive.org saved at Archive.is || Archive of MP3
  28. http://archive.today/2019.08.29-062629/https://en.wikipedia.org/wiki/BadBIOS
  29. https://blog.trendmicro.com/badbios-sometimes-bad-really-bad/
  30. https://news.softpedia.com/news/BadBIOS-Malware-Reality-or-Hoax-396177.shtml
  31. https://nakedsecurity.sophos.com/2013/11/01/the-badbios-virus-that-jumps-airgaps-and-takes-over-your-firmware-whats-the-story/
  32. https://security.stackexchange.com/questions/44750/malware-that-can-survive-bios-re-flashing
  33. https://www.techspot.com/news/54560-badbios-the-unstoppable-malware-that-infects-firmware-jumps-airgaps.html
  34. https://blog.erratasec.com/2013/10/badbios-features-explained.html
  35. https://securityaffairs.co/wordpress/20182/hacking/malware-inaudible-audio-signals.html
  36. https://www.csoonline.com/article/2609678/nsa-s-backdoors-are-real----but-prove-nothing-about-badbios.html?page=2
  37. https://web.archive.org/web/20161029014619/http://www.bleepingcomputer.com/forums/t/590983/how-do-i-know-the-bad-bios-exists-and-how-to-save-my-computer/
  38. https://news.drweb.com/show/?lng=en&i=11749&c=5
  39. https://www.extremetech.com/mobile/304577-malware-spotted-on-government-subsidized-android-phone
  40. https://t.me/durov/196