[Freedombox-discuss] Backdoor in military chips may also be in Freedombox
freebirds at hushmail.com
freebirds at hushmail.com
Thu Jun 28 15:57:31 UTC 2012
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
US military chips have a preinstalled backdoor. "This backdoor has
a key, which we were able to extract. If you use this key, you can
disable the chip or reprogram it at will, even if locked by the
user with their own key. This particular chip is prevalent in many
systems, from weapons [and] nuclear power plants to public
transport. In other words, this backdoor access could be turned
into an advanced Stuxnet weapon to attack potentially millions of
systems," Skorobogatov said in the research paper. . . .
California-based Actel inserted the backdoor, not as a malicious
activity but rather as a built-in debugging interface.. . . and is
a common debugging practice.. . .Whether you call this a security
feature to prevent others from hacking the chip through JTAG or a
secret backdoor available only to the manufacturer, is open to
interpretation," Graham said"
http://www.techspot.com/news/48817-china-not-responsible-for-us-
military-chip-backdoor.html
Regardless whether physical access is necessary to exploit the
debugger, do not underestimate the effectiveness of a debugger
functioning as backdoor. Government, hackers and abusers can break
into offices, homes, cars and wherever else a PC or small
FreeddomBox may be at. Furthermore, I doubt physical access is
really required.
Please ask Marvell and ARM if there is a debugger. If so, please
ask them to remove it.
-----BEGIN PGP SIGNATURE-----
Charset: UTF8
Note: This signature can be verified at https://www.hushtools.com/verify
Version: Hush 3.0
wsBcBAEBAgAGBQJP7H7rAAoJEMry4TZLOfxmYHcH/2RBEpd+S+N7D/edOadg2G2+w6r/
zYzHUd/zlAMiO6o/Z2F2lOcIavB7q0X9sVvUojxFGqLVRHxWXcNiiyyW9Wag53zRByZ3
4Gc5DpBZCts/PcVLxi23USCN5MpgLDFkQ6/aNoE9pLzm4XnGlYxYupHhBqtgwBwZvnDX
xZ6rtmFFNsXCaUI4ObnaAYNHQ/08iWeJE96U8YdEJI5b/wEW+oa2J9VRgBUYxblUmCHX
AZTz5mVCuxdKjFlCVYns7Dq8ICwUheVz4fMvF2Wdu+X87rv1xvh07+YhfearlDMNv2NH
wzraVV2iUfCCJJDkthp0Vgyq4NfMAkBEx0ZL+sHVswc=
=Vd0v
-----END PGP SIGNATURE-----
More information about the Freedombox-discuss
mailing list