Announcement

Collapse
No announcement yet.

Using flash memory as an attack vector

Collapse
This topic is closed.
X
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

    #31
    Originally posted by SteveRiley View Post
    Indeed. SoCs are the reason why we can have so much computing power in so little space. x86 designs are moving in this direction, sort of. There are fewer chips on motherboards these days because Intel and AMD are consolidating functions.
    SoC's are what NSA is using for most of its spy tools ... the bug in the monitor cable, the chip in the keyboard connector, in the MicroSD's, the HD's and who knows what else. In some cases all they do is hit the device with microwaves and get a modulated reflected signal back.

    I considered popping open the tar ball that I looked at but I don't do risky things like that any more. The tarball you untarred appears to be for an Android 4.2.1 OS. Even after the tarball is opened and the files deployed, unless one can verify the binary by compiling its putative source and comparing the compiled output with the binary one cannot guarantee that spyware has not been planted in one of the *.so's or ELF binary executables.
    "A nation that is afraid to let its people judge the truth and falsehood in an open market is a nation that is afraid of its people.”
    – John F. Kennedy, February 26, 1962.

    Comment


      #32
      Originally posted by GreyGeek View Post
      SoC's are what NSA is using for most of its spy tools
      Indeed. The SoC (system-on-chip) architecture, while elegant, is also much easier to use for "black box"-type needs. One piece of tiny hardware, controlled by one binary blob.

      Originally posted by GreyGeek View Post
      I considered popping open the tar ball that I looked at but I don't do risky things like that any more. The tarball you untarred appears to be for an Android 4.2.1 OS. Even after the tarball is opened and the files deployed, unless one can verify the binary by compiling its putative source and comparing the compiled output with the binary one cannot guarantee that spyware has not been planted in one of the *.so's or ELF binary executables.
      It's the collection of vendor-specific binaries for Android 4.4.2 on a Nexus 4. These binaries are necessary if you want to take full advantage of the hardware. If you build AOSP for this phone and don't include these binary files, the result will be a phone that can't take pictures, orient itself in space, play audio and video, encrypt and decrypt data, locate GSM satellites, connect to wi-fi or Bluetooth, connect to USB ports, and engage the NFC.

      It has always been this way with smartphones. They contain proprietary hardware, controlled by proprietary binary drivers. The hardware manufacturers never make source code available.

      Comment


        #33
        More on SD cards and vulnerability...
        http://phys.org/news/2014-01-30c3-sd-card-mitm.html#ms
        Kubuntu 24.11 64bit under Kernel 6.12.3, Hp Pavilion, 6MB ram. Stay away from all things Google...

        Comment

        Working...
        X