Difference between revisions of "Backdoor"

From Wikispooks
Jump to navigation Jump to search
(separating section ===Deliberate design flaws===)
(china/supemicro)
Line 6: Line 6:
 
|description=A covert means of gaining unauthorised and/or unmonitored access to a computing system.
 
|description=A covert means of gaining unauthorised and/or unmonitored access to a computing system.
 
}}
 
}}
A '''backdoor''' to a computing system is a means intended to provide unauthorised access. It may be derived from a [[zero day]] exploit. The extent to which modern electronic equipment is routinely backdoored is matter of speculation, but there are examples that clearly show that some pieces of hardware are manufactured with backdoors and the intention to keep the vulnerability, even if it is reported a s a bug.<ref>https://www.synacktiv.com/ressources/TCP32764_backdoor_again.pdf saved at [https://web.archive.org/web/20140420023502/http://www.synacktiv.com/ressources/TCP32764_backdoor_again.pdf Archive.org]</ref>
+
A '''backdoor''' to a computing system is a means intended to provide unauthorised access. It may be derived from a [[zero day]] exploit. The extent to which modern electronic equipment is routinely backdoored is matter of speculation, but there are examples that clearly show that some pieces of hardware are manufactured with backdoors and the intention to keep the vulnerability, even if it is reported as a bug.<ref>https://www.synacktiv.com/ressources/TCP32764_backdoor_again.pdf saved at [https://web.archive.org/web/20140420023502/http://www.synacktiv.com/ressources/TCP32764_backdoor_again.pdf Archive.org]</ref>
  
 
==Hardware==
 
==Hardware==
Line 12: Line 12:
  
 
===Intel===
 
===Intel===
Modern chips from [[Intel]] all include the [[Intel Management Engine]] (IME), which is provides an extra feature set. This ''might'' be usable as a low level backdoor. Although the lack of public documentation hinders its understanding, [[hackers]] have reverse engineered it to some extent.
+
Modern chips from [[Intel]] all include the [[Intel Management Engine]] (IME), which is provides an extra feature set. This ''might'' be usable as a low level backdoor.<ref>https://blog.invisiblethings.org/2015/10/27/x86_harmful.html saved at [https://web.archive.org/web/20201111232540/https://blog.invisiblethings.org/2015/10/27/x86_harmful.html Archive.org]</ref> Although the lack of public documentation hinders its understanding, [[hackers]] have reverse engineered it to some extent.
  
 
===UEFI===
 
===UEFI===
 
Computers use an inbuilt low level system to load a full operating system (such as Windows). Previous referred to as [[BIOS]], modern computers use [[UEFI]], which is a not clearly supported by manufacturers, may have design flaws and harbour backdoors.{{cn}}
 
Computers use an inbuilt low level system to load a full operating system (such as Windows). Previous referred to as [[BIOS]], modern computers use [[UEFI]], which is a not clearly supported by manufacturers, may have design flaws and harbour backdoors.{{cn}}
  
===Hardware backdoors by intelligence agencies===
+
==Hardware backdoors by intelligence agencies==
 +
===USA===
 
In [[2014]] it was revealed via [[Edward Snowden]] that the [[NSA]] routinely [[backdoor]]s networking hardware exported from the USA.<ref>http://www.theguardian.com/books/2014/may/12/glenn-greenwald-nsa-tampers-us-internet-routers-snowden</ref>
 
In [[2014]] it was revealed via [[Edward Snowden]] that the [[NSA]] routinely [[backdoor]]s networking hardware exported from the USA.<ref>http://www.theguardian.com/books/2014/may/12/glenn-greenwald-nsa-tampers-us-internet-routers-snowden</ref>
 +
===China===
 +
[[Chinese intelligence]] has attached tiny chips, mainly to [[Supermicro]] boards, since at least [[2008]].<ref>https://www.breitbart.com/national-security/2021/02/12/report-china-used-computer-chips-spy-american-pc-systems/</ref><ref>https://www.bloomberg.com/news/features/2018-10-04/the-big-hack-how-china-used-a-tiny-chip-to-infiltrate-america-s-top-companies</ref>
  
===Deliberate design flaws===
+
==Deliberate design flaws==
It stands to reason that some "[https://www.wired.com/story/its-not-a-bug-its-a-feature/ bugs]" in commercially available hardware are deliberate design flaws<ref>https://www.theverge.com/2017/9/12/16294904/bluetooth-hack-exploit-android-linux-blueborne saved at [https://web.archive.org/web/20170912155804/https://www.theverge.com/2017/9/12/16294904/bluetooth-hack-exploit-android-linux-blueborne Archive.org] and [http://archive.is/tRSh8 Archive.is]</ref> or planned features<ref>https://www.synacktiv.com/ressources/TCP32764_backdoor_again.pdf saved at [https://web.archive.org/web/20140420023502/http://www.synacktiv.com/ressources/TCP32764_backdoor_again.pdf Archive.org]</ref> to give state actors speedy access to any system. The peculiar destruction of Laptops from [[The Guardian]] that held part of the [[Edward Snowden affair|Snowden]] archive, which was reported about by [[Privacy International]] in 2014,<ref>http://archive.today/2014.05.22-200639/https://www.privacyinternational.org/blog/what-does-gchq-know-about-our-devices-that-we-dont</ref> showed that [[GCHQ]] targeted specific chips on the mainboard and related components, while it could have chosen to instead/or in addition shred the whole hardware to conceal this very specific action. Intelligence agencies, when they get initial access to a system through a browser,<ref>https://medium.com/@nweaver/how-the-nsa-could-hack-almost-any-browser-1b5ab05ac74e saved at [http://archive.is/RMUps Archive.is]</ref> may choose, depending on the capability and value of a target, to not write the data for their surveillance tools on the hard drive where it could more or less easily be found, but on these very chips whose firmware can likely be rewritten, as it is known to be the case with all USB components.<ref>https://www.wired.com/2014/07/usb-security/ saved at [http://web.archive.org/web/20140731080052/http://www.wired.com/2014/07/usb-security/ Archive.org] saved at [http://archive.is/1jWax Archive.is]</ref> This would make it possible to bypass all security monitoring and measures initiated on the level of the [[operating system]] running on the device. It is not clear if the restitution by GCHQ, the way it was done, was deliberate to communicate this very fact, or by mistake.
+
It stands to reason that some "[https://www.wired.com/story/its-not-a-bug-its-a-feature/ bugs]" and design flaws in commercially available hardware are deliberate ("planned features"),<ref>https://www.theverge.com/2017/9/12/16294904/bluetooth-hack-exploit-android-linux-blueborne saved at [https://web.archive.org/web/20170912155804/https://www.theverge.com/2017/9/12/16294904/bluetooth-hack-exploit-android-linux-blueborne Archive.org] and [http://archive.is/tRSh8 Archive.is]</ref><ref>https://www.synacktiv.com/ressources/TCP32764_backdoor_again.pdf saved at [https://web.archive.org/web/20140420023502/http://www.synacktiv.com/ressources/TCP32764_backdoor_again.pdf Archive.org]</ref> to give state actors speedy access to any system.
 +
===Guardian laptops===
 +
The peculiar destruction of Laptops from [[The Guardian]] that held part of the [[Edward Snowden affair|Snowden]] archive, which was reported about by [[Privacy International]] in 2014,<ref>http://archive.today/2014.05.22-200639/https://www.privacyinternational.org/blog/what-does-gchq-know-about-our-devices-that-we-dont</ref> showed that [[GCHQ]] targeted specific chips on the mainboard and related components, while it could have chosen to instead/or in addition shred the whole hardware to conceal this very specific action. Intelligence agencies, when they get initial access to a system through a browser may choose,<ref>https://medium.com/@nweaver/how-the-nsa-could-hack-almost-any-browser-1b5ab05ac74e saved at [http://archive.is/RMUps Archive.is]</ref> depending on the capability and value of a target, to not write the data for their surveillance tools on the hard drive where it could more or less easily be found, but on these very chips whose firmware can likely be rewritten, as it is known to be the case with all USB components.<ref>https://www.wired.com/2014/07/usb-security/ saved at [http://web.archive.org/web/20140731080052/http://www.wired.com/2014/07/usb-security/ Archive.org] saved at [http://archive.is/1jWax Archive.is]</ref> This would make it possible to bypass all security monitoring and measures initiated on the level of the [[operating system]] running on the device. It is not clear if the restitution by GCHQ, the way it was done, was deliberate to communicate this very fact, or by mistake.
  
 
==Operating system==
 
==Operating system==
Line 34: Line 39:
 
Installation of backdoors is a common payload of [[malware]].  
 
Installation of backdoors is a common payload of [[malware]].  
  
[[Exodus]] is piece of [[spyware]] that [[eSurv]] produced to order for the Italian government. It was revealed to permanently create backdoors, lowering the security of the devices on which it was installed. Since this is illegal under Italian law, once this was publicised, the [[Italian police]] began an investigation into eSurv.
+
[[Exodus]] is piece of [[spyware]] that [[eSurv]] produced to order for the [[Italian]] government. It was revealed to permanently create backdoors, lowering the security of the devices on which it was installed. Since this is illegal under Italian law, once this was publicised, the [[Italian police]] began an investigation into eSurv.
  
 
{{SMWDocs}}
 
{{SMWDocs}}

Revision as of 15:22, 13 February 2021

Concept.png Backdoor Rdf-entity.pngRdf-icon.png
Interest ofDragos Ruiu
A covert means of gaining unauthorised and/or unmonitored access to a computing system.

A backdoor to a computing system is a means intended to provide unauthorised access. It may be derived from a zero day exploit. The extent to which modern electronic equipment is routinely backdoored is matter of speculation, but there are examples that clearly show that some pieces of hardware are manufactured with backdoors and the intention to keep the vulnerability, even if it is reported as a bug.[1]

Hardware

Although there are countless brands of computers, the differences between them are superficial; almost all modern computing devices rely on CPUs from a very small number of manufacturers. Some design flaws may be deliberate, or after discovery are kept secret for as long as possible.[2]

Intel

Modern chips from Intel all include the Intel Management Engine (IME), which is provides an extra feature set. This might be usable as a low level backdoor.[3] Although the lack of public documentation hinders its understanding, hackers have reverse engineered it to some extent.

UEFI

Computers use an inbuilt low level system to load a full operating system (such as Windows). Previous referred to as BIOS, modern computers use UEFI, which is a not clearly supported by manufacturers, may have design flaws and harbour backdoors.[citation needed]

Hardware backdoors by intelligence agencies

USA

In 2014 it was revealed via Edward Snowden that the NSA routinely backdoors networking hardware exported from the USA.[4]

China

Chinese intelligence has attached tiny chips, mainly to Supermicro boards, since at least 2008.[5][6]

Deliberate design flaws

It stands to reason that some "bugs" and design flaws in commercially available hardware are deliberate ("planned features"),[7][8] to give state actors speedy access to any system.

Guardian laptops

The peculiar destruction of Laptops from The Guardian that held part of the Snowden archive, which was reported about by Privacy International in 2014,[9] showed that GCHQ targeted specific chips on the mainboard and related components, while it could have chosen to instead/or in addition shred the whole hardware to conceal this very specific action. Intelligence agencies, when they get initial access to a system through a browser may choose,[10] depending on the capability and value of a target, to not write the data for their surveillance tools on the hard drive where it could more or less easily be found, but on these very chips whose firmware can likely be rewritten, as it is known to be the case with all USB components.[11] This would make it possible to bypass all security monitoring and measures initiated on the level of the operating system running on the device. It is not clear if the restitution by GCHQ, the way it was done, was deliberate to communicate this very fact, or by mistake.

Operating system

Full article: Operating system

Open source operating systems, by definition, allow public access to the source code, which allows for the discovery of backdoors. The most widely used open source operating system is Linux, generally reckoned to be less vulnerable to backdoors than closed source alternatives. Although Microsoft is not known to have made a formal admission, the discovery of a debugging symbol name "_NSAKEY" in Windows 98 is by some interpreted as evidence of an NSA backdoor in that system.

Software

Full article: Stub class article Software

Some operating systems routinely ship with pre-installed malware and/or manufacturers' software of dubious pedigree. This applies not only to closed source OS, but also Android.[12][13]

Installation

Installation of backdoors is a common payload of malware.

Exodus is piece of spyware that eSurv produced to order for the Italian government. It was revealed to permanently create backdoors, lowering the security of the devices on which it was installed. Since this is illegal under Italian law, once this was publicised, the Italian police began an investigation into eSurv.


Many thanks to our Patrons who cover ~2/3 of our hosting bill. Please join them if you can.



References