Hiding Backdoors In Hardware

quartertime writes "Remember Reflections on Trusting Trust, the classic paper describing how to hide a nearly undetectable backdoor inside the C compiler? Here's an interesting piece about how to hide a nearly undetectable backdoor inside hardware. The post describes how to install a backdoor in the expansion ROM of a PCI card, which during the boot process patches the BIOS to patch grub to patch the kernel to give the controller remote root access. Because the backdoor is actually housed in the hardware, even if the victim reinstalls the operating system from a CD, they won't clear out the backdoor. I wonder whether China, with its dominant position in the computer hardware assembly business, has already used this technique for espionage. This perhaps explains why the NSA has its own chip fabrication plant."

Re:Lojack for Laptops...

[Anonymous Coward]

I'm not sure that's a good example of a sentence...

Re:Undetectable?

[Anonymous Coward]

OMG, but what if THAT machine is infected, too?!

Re:The NSA

[H0p313ss]

undetectable backdoor inside hardware.

This perhaps explains why the NSA has its own chip fabrication plant.

If the NSA broke in and stuck a small device into an empty PCI slot in your computer, would you notice?

Now here's a good reason to use an iPad or macbook.

Re:Undetectable?

[Anonymous Coward]

Then you need a turtle.

Re:proprietary firmware

[abigor]

Yours is probably the best post I've read in a month.

Re:Not bad but..

[PitaBred]

The magic words are "this will make it faster"