Kaspersky Lab, the well respected Russian based security people, have recently released a report documenting what could be an NSA (Equation Group) developed virus that infects your hard drive. This is not your normal everyday infection. This one replaces the firmware with malicious code that runs at a level well below the operating system. That means it is platform independent. Any device with a hard drive can be infected, monitored, and altered in behavior. If you think that doing a secure wipe of your hard drive and reinstalling the operating system from scratch is the cure, you are wrong. The infection is at the firmware level of a system's component. It is immune to normal techniques of cleansing.
Most computers have more than one processor. Take your graphics card as an example. It's a computer onto itself that never gets scanned for malware. Infections within the subsystems can take total control of the main system unchallenged. Nobody is currently looking into this although it is a well known vulnerability.
The linked article is an interesting read with dire implications that some kind of massive government sponsored surveillance network is possible. They point out the irony that one country outside the major technology bloc has uncovered a new form of malware, further suggesting that all this is happening at a high level of government (military?) sponsorship.
READ IT AND WEEP: https://www.eff.org/deeplinks/2015/02/r ... tion-group
Equation Group Infections
Re: Equation Group Infections
Excellent read Yogi!
Looking at the problem from another angle. I didn't keep any of the links to refer back to them, but some software companies who deal with malware, etc. are trying to build a program to check all the components of your computer on the day of install, and notify you if any of the internal hardware's built-in programs have changed since the last time you checked. Many devices allow users to install firmware upgrades, such as video cards, but normally not things like hard drives.
Rather than talking about what is going on in the world on ways to hack your computer, they focused mainly on checking to make sure some outside influence has not installed something to a computers internal devices or peripherals.
One area of emphasis was on Printers. Both LAN and USB printers are susceptible to firmware alterations without the knowledge of the user. Malware in the printer could rewrite itself into inaccessible areas of your computer not seen by virus protection programs. They didn't expound on what damage could be caused or where, only on ways to check that your firmware has not changed since the last test the user ran on their system.
Interesting stuff!
Looking at the problem from another angle. I didn't keep any of the links to refer back to them, but some software companies who deal with malware, etc. are trying to build a program to check all the components of your computer on the day of install, and notify you if any of the internal hardware's built-in programs have changed since the last time you checked. Many devices allow users to install firmware upgrades, such as video cards, but normally not things like hard drives.
Rather than talking about what is going on in the world on ways to hack your computer, they focused mainly on checking to make sure some outside influence has not installed something to a computers internal devices or peripherals.
One area of emphasis was on Printers. Both LAN and USB printers are susceptible to firmware alterations without the knowledge of the user. Malware in the printer could rewrite itself into inaccessible areas of your computer not seen by virus protection programs. They didn't expound on what damage could be caused or where, only on ways to check that your firmware has not changed since the last test the user ran on their system.
Interesting stuff!
Re: Equation Group Infections
My current printer has a web server built into it so that I don't even need a computer to use it. While this is handy for printing from tablets and mobile devices, I never read in any of the description of this printer how their software is protected against malware and virus attacks. The scary part about the Equation Group Infections is precisely what you are talking about. Malware can be installed in subsystems and nobody is looking for that kind of thing these days.
Doing a zero day check and saving the checksums for future reference is good in theory, but in practice I have changed firmware on several devices: my BIOS, my router, and my NAS to name a few. The firmware and associated checksums are no longer what they were at the first turn on, and that is by choice. As the article implies, the burden of protection is squarely on the shoulders of the equipment manufacturers. Presently they provide no way to verify the integrity of their hardware. Checking it after the fact is like looking for known viruses. It's too late to prevent trouble if the virus is known. The damage has already been done by that time.
Doing a zero day check and saving the checksums for future reference is good in theory, but in practice I have changed firmware on several devices: my BIOS, my router, and my NAS to name a few. The firmware and associated checksums are no longer what they were at the first turn on, and that is by choice. As the article implies, the burden of protection is squarely on the shoulders of the equipment manufacturers. Presently they provide no way to verify the integrity of their hardware. Checking it after the fact is like looking for known viruses. It's too late to prevent trouble if the virus is known. The damage has already been done by that time.
Re: Equation Group Infections
When I remodeled our kitchen, all of the major appliances can talk over a cell-phone. This was handy when I wanted the service department to reprogram the dryer, and check it for an error.
It uses sounds above our and pets hearing ranges to communicate.
Saw an article on-line a few months ago "How Safe is your Coffee Pot?"
I would have ignored it if it were not for the sub-catchphrase. "Mine is eavesdropping on family phone conversations."
I didn't understand most of what I read, because it was loaded with abbreviations.
The poster was a communications service technician and had a CEC (Consumer Electronic Control) testing unit out of his kit to replace the rechargeable battery pack.
Every time someone came into the kitchen with a cell-phone, his coffee pot would come alive sending some type of data stream the CEC unit picked up but could not decipher.
I was totally lost on the rest of the article. TMDS, using API and OPP Layer, communicating over OBEX, etc. All Greek to me, hi hi... He knew some appliances could be serviced using a cell-phone, but they brag about the feature. The Coffee Maker had no indication of same on the box or in the advertisements. A person buying the device would not know it contained communications capabilities. He considered the hidden device as an invasion of privacy. His other appliances do not turn themselves on, it must be done manually, but the coffee maker did so automatically.
If not Big Brother, who is monitoring the cell-phone calls in their house? Or are they using the in-use cell-phone to listen to ambient daily conversation via the coffee maker?
A second post under the first said he disassembled the coffee maker and the device is part of the control board itself, not something added later, not a separate module as he first thought. It is the control board itself which contains the communications features. Scary Thought Friends!
I often wonder about the things we buy and what is in them we don't know about. I use a simple flip-phone, but I'm sure it has tracking info built inside the unit, even though I have no access to it. The frau's Schmartz-Fone has all kinds of things in it. She takes a picture and it shows her latitude and longitude of where the image was taken. Not on the phone, but if she sends me the picture and I view the appended data sent with it using a program like GIMP or a Metadata Reader.
The few times I've posted an image on-line, taken with a camera or phone, I first convert it to BMP to remove all Metadata, then save it as a JPG with a blank Metadata file. The frau posts directly from her Schmartz-Fone, even though I showed her all the private data included with the upload.
Way too much personal information is being shared on-line by almost everyone, and most have no idea it is happening.
TTUL
Gary
It uses sounds above our and pets hearing ranges to communicate.
Saw an article on-line a few months ago "How Safe is your Coffee Pot?"
I would have ignored it if it were not for the sub-catchphrase. "Mine is eavesdropping on family phone conversations."
I didn't understand most of what I read, because it was loaded with abbreviations.
The poster was a communications service technician and had a CEC (Consumer Electronic Control) testing unit out of his kit to replace the rechargeable battery pack.
Every time someone came into the kitchen with a cell-phone, his coffee pot would come alive sending some type of data stream the CEC unit picked up but could not decipher.
I was totally lost on the rest of the article. TMDS, using API and OPP Layer, communicating over OBEX, etc. All Greek to me, hi hi... He knew some appliances could be serviced using a cell-phone, but they brag about the feature. The Coffee Maker had no indication of same on the box or in the advertisements. A person buying the device would not know it contained communications capabilities. He considered the hidden device as an invasion of privacy. His other appliances do not turn themselves on, it must be done manually, but the coffee maker did so automatically.
If not Big Brother, who is monitoring the cell-phone calls in their house? Or are they using the in-use cell-phone to listen to ambient daily conversation via the coffee maker?
A second post under the first said he disassembled the coffee maker and the device is part of the control board itself, not something added later, not a separate module as he first thought. It is the control board itself which contains the communications features. Scary Thought Friends!
I often wonder about the things we buy and what is in them we don't know about. I use a simple flip-phone, but I'm sure it has tracking info built inside the unit, even though I have no access to it. The frau's Schmartz-Fone has all kinds of things in it. She takes a picture and it shows her latitude and longitude of where the image was taken. Not on the phone, but if she sends me the picture and I view the appended data sent with it using a program like GIMP or a Metadata Reader.
The few times I've posted an image on-line, taken with a camera or phone, I first convert it to BMP to remove all Metadata, then save it as a JPG with a blank Metadata file. The frau posts directly from her Schmartz-Fone, even though I showed her all the private data included with the upload.
Way too much personal information is being shared on-line by almost everyone, and most have no idea it is happening.
TTUL
Gary
Re: Equation Group Infections
It's called The Internet of Things and it is totally missing any form of security whatsoever. Can you image some North Korean hacker turning off every coffee pot in the United States? Think about the catastrophic effects of our citizens not having their daily fix of caffeine.
That's a humorous scenario but it points to the fact that there are major gaps in the security of networked appliances. My electric company just installed a smart meter so that they don't have to send out a meter reader, thus saving them money. But what if that crazed North Korean decided to shut off all the power on the grid some day? Now that would not be funny.
Cell phones are intrinsically vulnerable just because of what they must do to work. Geolocation information is mandatory for the network to identify what phones are where. It's like the IP address of your router. The router is useless if nobody knows where it is. Thus things like routers and cell phones must broadcast location data merely to stay alive.
Ever wonder why the battery on your dumb phone might not last as long as your wife's smart phone? It has nothing to do with display technology or the processor(s) inside. The cell network is constantly polling all the phones it knows about to be sure they know how to rout calls properly. If your network is not as efficient as your wife's network, then your phone gets polled more often. That is what drains the battery. You typically have no indication of said communications between your phone and it's base station. It's automatic. That blinking LED is merely a visual key to let you know the phone is on. It's not an indication of transmissions.
The big trend is to make "things" Internet accessible (isn't it ironic that Linux is making this easier?). For the most part it is a convenience feature that makes life easier for you and the service technicians. There is no conspiracy behind it all. It's just a lot of stupidity going on for the sake of luxury. The concept of privacy has been modified and/or eliminated long ago. Fighting to maintain your anonymity is futile. But, is the invasion of privacy bad? I'm not sure about that.
That's a humorous scenario but it points to the fact that there are major gaps in the security of networked appliances. My electric company just installed a smart meter so that they don't have to send out a meter reader, thus saving them money. But what if that crazed North Korean decided to shut off all the power on the grid some day? Now that would not be funny.
Cell phones are intrinsically vulnerable just because of what they must do to work. Geolocation information is mandatory for the network to identify what phones are where. It's like the IP address of your router. The router is useless if nobody knows where it is. Thus things like routers and cell phones must broadcast location data merely to stay alive.
Ever wonder why the battery on your dumb phone might not last as long as your wife's smart phone? It has nothing to do with display technology or the processor(s) inside. The cell network is constantly polling all the phones it knows about to be sure they know how to rout calls properly. If your network is not as efficient as your wife's network, then your phone gets polled more often. That is what drains the battery. You typically have no indication of said communications between your phone and it's base station. It's automatic. That blinking LED is merely a visual key to let you know the phone is on. It's not an indication of transmissions.
The big trend is to make "things" Internet accessible (isn't it ironic that Linux is making this easier?). For the most part it is a convenience feature that makes life easier for you and the service technicians. There is no conspiracy behind it all. It's just a lot of stupidity going on for the sake of luxury. The concept of privacy has been modified and/or eliminated long ago. Fighting to maintain your anonymity is futile. But, is the invasion of privacy bad? I'm not sure about that.
Re: Equation Group Infections
Hi Yogi
I think you have the battery charge backwards. My old dumb-fone only needed charged once a month, the new one about once every two weeks.
While the frau's Schmartz-Fone has to be charged daily or every other day.
My bro-in-law keeps his cell-phone physically turned off, unless he needs to make a call.
He will check to see if he has a voice message at lunchtime, around 3pm and again at 6 or 7 pm, whenever he gets home from work.
FWIW: We've had remote reading water meters back home since the 1980s.
Our water meters are inside the basement in most homes, and they had a box on the outside of the house they plugged into to read the meter. Then they plugged some electronic gizmo into this and they could read it from the street, inside their van as they passed by.
Shortly before I moved south, they changed the transmitter box to something they connected with our telephone line. It didn't mess up our phone, but had a good side too it. Excessive water usage was instantly reported, so they could call and tell us to check our house for a water leak. Sure enough, an outside line was turned on and left on. By them reporting it in two days, it saved me from having a month and a half of water usage charges.
I've heard a little about the Schmartz electric meters, but doubt we will see them down here in east podunk in my lifetime. Back home they changed out water meters at least once every five years. Here, we are still using the one installed in 1954. Same with the electric meter, it is the original installed on the house when it was electrified.
Our telephone lines are from the late 1940s, never upgraded since the subdivision was built.
Water lines were replaced, and the sewer lines just had new plastic liners installed inside a few weeks ago.
They are not too quick down here to change anything, unless they can profit from it after the Poly-TICK-ians take their cut of the bribe.
I'll bet the government is behind a lot of this snooping!
Trying to find more things to tax us for, hi hi...
TTUL
Gary
I think you have the battery charge backwards. My old dumb-fone only needed charged once a month, the new one about once every two weeks.
While the frau's Schmartz-Fone has to be charged daily or every other day.
My bro-in-law keeps his cell-phone physically turned off, unless he needs to make a call.
He will check to see if he has a voice message at lunchtime, around 3pm and again at 6 or 7 pm, whenever he gets home from work.
FWIW: We've had remote reading water meters back home since the 1980s.
Our water meters are inside the basement in most homes, and they had a box on the outside of the house they plugged into to read the meter. Then they plugged some electronic gizmo into this and they could read it from the street, inside their van as they passed by.
Shortly before I moved south, they changed the transmitter box to something they connected with our telephone line. It didn't mess up our phone, but had a good side too it. Excessive water usage was instantly reported, so they could call and tell us to check our house for a water leak. Sure enough, an outside line was turned on and left on. By them reporting it in two days, it saved me from having a month and a half of water usage charges.
I've heard a little about the Schmartz electric meters, but doubt we will see them down here in east podunk in my lifetime. Back home they changed out water meters at least once every five years. Here, we are still using the one installed in 1954. Same with the electric meter, it is the original installed on the house when it was electrified.
Our telephone lines are from the late 1940s, never upgraded since the subdivision was built.
Water lines were replaced, and the sewer lines just had new plastic liners installed inside a few weeks ago.
They are not too quick down here to change anything, unless they can profit from it after the Poly-TICK-ians take their cut of the bribe.
I'll bet the government is behind a lot of this snooping!
Trying to find more things to tax us for, hi hi...
TTUL
Gary