Hi, On 19/06/18 19:01, Rohan McLeod via luv-talk wrote:
Assembled cognoscenti;
in the context of the current national security concerns,
regarding ZTE and Huawei.
Any hardware from any supplier is suspect; Intel ME, Spectre, Meltdown .... that's just for starters. Most mobile phones are built on a "base" that the normal OS doesn't have access to as well (like Intel ME). You might have the most secure setup of Android, but still have that underlying layer that we cannot control and which may be vulnerable -- just like the mobile phone network (SS7 vulnerabilities for starters there). With chips (silicon), geting so small, it can hide all sorts of things that can't be detected without super magnification. Heck, with port knocking type of behaviour, a "backdoor" hardware component may be kept completely inactive until a specific set of operations (electrically) pass through it's pins on the motherboard, or even specific NFC type interaction with a close by device. Yep, we've been there, but how far do you want to go? The only secure machine is one that has no microphones, speakers, display or any kind of Internet connection and that still might not be enough due to side channel attacks just listening to the CPU and/or other components and the exact power usage patterns. So, even very much disconnected devices can have very stealth methods of backdoor access with the opportunity to betray it's owner. And none of this is science fiction these days. Oh and then you have implants, like fake USB keybaords or even cables with embedded components. Heck, even changing your touch screen with a third party supplied one could implant new vulnerabilities because the components are so tiny.... Perhaps we need much more dumb devices that can't give our secrets away and betray us in some weird and strange way. Have fun. Cheers AndrewM