19 Jun
2018
19 Jun
'18
7:01 p.m.
Assembled cognoscenti;
in the context of the current national security concerns,
regarding ZTE and Huawei.
1/ Does anyone know whether these relate to software eg OS or hardware ?
2/ To what extent do these also affect privacy and personal security ?
Given the hardware issues (previous thread) discovered in Samsung
Galaxy hardware,
by Lineage developers; not to mention the proprietary issues with
Android "spyware for Google";
might it not be useful to encourage ZTE and Huawei to start a campaign,
advertising privacy and security issues in the hardware and software of
mobile phones,
from non-chinese companies ?
regards Rohan McLeod
20 Jun
20 Jun
2:14 a.m.
Hi,
On 19/06/18 19:01, Rohan McLeod via luv-talk wrote:
Assembled cognoscenti;
in the context of the current national security concerns,
regarding ZTE and Huawei.
Any hardware from any supplier is suspect; Intel ME, Spectre, Meltdown
.... that's just for starters.
Most mobile phones are built on a "base" that the normal OS doesn't have
access to as well (like Intel ME). You might have the most secure setup
of Android, but still have that underlying layer that we cannot control
and which may be vulnerable -- just like the mobile phone network (SS7
vulnerabilities for starters there).
With chips (silicon), geting so small, it can hide all sorts of things
that can't be detected without super magnification. Heck, with port
knocking type of behaviour, a "backdoor" hardware component may be kept
completely inactive until a specific set of operations (electrically)
pass through it's pins on the motherboard, or even specific NFC type
interaction with a close by device.
Yep, we've been there, but how far do you want to go?
The only secure machine is one that has no microphones, speakers,
display or any kind of Internet connection and that still might not be
enough due to side channel attacks just listening to the CPU and/or
other components and the exact power usage patterns. So, even very much
disconnected devices can have very stealth methods of backdoor access
with the opportunity to betray it's owner. And none of this is science
fiction these days.
Oh and then you have implants, like fake USB keybaords or even cables
with embedded components. Heck, even changing your touch screen with a
third party supplied one could implant new vulnerabilities because the
components are so tiny....
Perhaps we need much more dumb devices that can't give our secrets away
and betray us in some weird and strange way.
Have fun.
Cheers
AndrewM
9:13 a.m.
Andrew McGlashan via luv-talk wrote:
Hi,
On 19/06/18 19:01, Rohan McLeod via luv-talk wrote:
Well it's not really how far I want to go;
if I was a multi-billion dollar company whose market share depends on
my credibility;
then when some government agency; wants to pressure me into inserting a
back-door,
into the hardware or software of my mobile phone design, then I am
gambling that
credibility against the possibility that some time in the future, it
will not be discovered,
-by a reverse design engineer in a opposition company
- by loose talk or whistle-blower in that government agency
- by the idle curiosity of some hardware or software hacker
......." are you feeling lucky punk ?:-)
regards Rohan McLeod
Assembled cognoscenti;
in the context of the current national security concerns,
regarding ZTE and Huawei.
Any hardware from any supplier is suspect; Intel ME,
Spectre, Meltdown
.... that's just for starters.
Most mobile phones are built on a "base" that the normal OS doesn't have
access to as well (like Intel ME). You might have the most secure setup
of Android, but still have that underlying layer that we cannot control
and which may be vulnerable -- just like the mobile phone network (SS7
vulnerabilities for starters there).
With chips (silicon), geting so small, it can hide all sorts of things
that can't be detected without super magnification. Heck, with port
knocking type of behaviour, a "backdoor" hardware component may be kept
completely inactive until a specific set of operations (electrically)
pass through it's pins on the motherboard, or even specific NFC type
interaction with a close by device.
Yep, we've been there, but how far do you want to go? 
10:25 a.m.
Rohan McLeod via luv-talk wrote:
if I was a multi-billion dollar company whose market
share depends on my credibility;
then when some government agency; wants to pressure me into inserting a back-door,
into the hardware or software of my mobile phone design, then I am gambling that
credibility against the possibility that some time in the future, it will
not be discovered,
At Enron, they called that "I'll be gone; you'll be gone."
Nowadays, multinationals can have enough money to just change people's minds
directly:
https://en.wikipedia.org/wiki/Reputation_management
...so they don't need to worry about "being caught" or "looking
bad".
3:11 p.m.
Trent W. Buck wrote:
Rohan McLeod via luv-talk wrote:
Yes; well we will just have to agree to disagree about the feasibility
of that;
to return to my original post :
"Given the hardware issues (previous thread) discovered in Samsung
Galaxy hardware,
by Lineage developers; not to mention the proprietary issues with
Android "spyware for Google";
might it not be useful to encourage ZTE and Huawei to start a campaign,
advertising privacy and security issues in the hardware and software of
mobile phones,
from non-chinese companies ? "
regards Rohan McLeod
if I was a multi-billion dollar company whose
market share depends on my credibility;
then when some government agency; wants to pressure me into inserting a back-door,
into the hardware or software of my mobile phone design, then I am gambling that
credibility against the possibility that some time in the future, it will
not be discovered,
At Enron, they called that "I'll be gone; you'll
be gone."
Nowadays, multinationals can have enough money to just change people's minds
directly:
https://en.wikipedia.org/wiki/Reputation_management
...so they don't need to worry about "being caught" or "looking
bad".
21 Jun
21 Jun
1:49 p.m.
Rohan McLeod wrote:
"Given the hardware issues (previous thread)
discovered in Samsung Galaxy
hardware,
__ by Lineage developers;__ not to mention the proprietary issues with
Android "spyware for Google";
_might it not be useful to encourage ZTE and Huawei to start a campaign,
advertising_ privacy and security issues in the hardware and software of
mobile phones,
_from_ non-chinese companies ? "
Useful to whom? I don't own shares in ZTE or Huawei.
3:05 p.m.
Trent W. Buck wrote:
Rohan McLeod wrote:
Useful to those who consider privacy a functional requirement of the
modern world;
rather than a something to be traded against national security.
Useful to those who want security holes and trapdoors prominently
advertised;
to the end of removing them.
.....united the phone manufactures stand; divided they fall !:-)
regards Rohan mCLeod
"Given the hardware issues (previous thread)
discovered in Samsung Galaxy
hardware,
__ by Lineage developers;__ not to mention the proprietary issues with
Android "spyware for Google";
_might it not be useful to encourage ZTE and Huawei to start a campaign,
advertising_ privacy and security issues in the hardware and software of
mobile phones,
_from_ non-chinese companies ? "
Useful to whom? I don't own shares in
ZTE or Huawei.
20 Jun
20 Jun
10:22 a.m.
Andrew McGlashan via luv-talk wrote:
The only secure machine is one that has no
microphones, speakers,
display or any kind of Internet connection and that still might not be
enough due to side channel attacks just listening to the CPU and/or
other components and the exact power usage patterns.
Not even then. You can make spyware out of wood:
https://en.wikipedia.org/wiki/Great_Seal_bug
1741
days inactive
1743
days old
7 comments
3 participants
participants (3)
-
Andrew McGlashan -
Rohan McLeod -
Trent W. Buck