Has a government agency ever used IME/PSP as a backdoor?

6 réponses [Dernière contribution]
Lef
Lef
Hors ligne
A rejoint: 11/20/2021

Title.

I'm aware there have been various exploits for IME, but I have been unable to find any example of a government agency using it as a backdoor.

Of course, that it's not reported doesn't mean they don't or can't, and even if they didn't the primary problem with IME isn't security but freedom, but I am curious if it's ever occured.

jxself
Hors ligne
A rejoint: 09/13/2010

"I am curious if it's ever occurred."

How would we ever know? Especially given the prior thing you mention.

"I have been unable to find any example of a government agency using it as a backdoor."

Of course - It's not like the NSA (or other agency from any other country) is going to say "Hey, we did this thing" - That's not how they work. Those that don't know can talk all they want; it doesn't matter - The ones would know the operational details of what and how things are being done aren't talking.

But we do know that that the NSA is hoarding vulnerability information (one example: https://www.schneier.com/blog/archives/2016/08/the_nsa_is_hoar.html). It would, in my view, be a mistake to assume that the information includes or excludes any particular vulnerability. Despite the leaks (like Shadow Brokers) we members of the public just don't know the full scale or scope. And, again, those that do know aren't talking.

Lef
Lef
Hors ligne
A rejoint: 11/20/2021

> How would we ever know? Especially given the prior thing you mention.

...the way we know about other government based attacks?

https://www.theguardian.com/technology/2020/jan/21/amazon-boss-jeff-bezoss-phone-hacked-by-saudi-crown-prince
https://citizenlab.ca/2022/01/project-torogoz-extensive-hacking-media-civil-society-el-salvador-pegasus-spyware/
https://citizenlab.ca/2016/08/million-dollar-dissident-iphone-zero-day-nso-group-uae/
https://googleprojectzero.blogspot.com/2019/08/a-very-deep-dive-into-ios-exploit.html
https://www.bloomberg.com/features/2021-supermicro/ <--This one is huge in my opinion.
https://diginomica.com/how-chinese-hackers-exploited-linux-servers-undetected-eight-years
https://www.bleepingcomputer.com/news/security/chinese-state-hackers-target-linux-systems-with-new-malware/
https://en.wikipedia.org/wiki/Democratic_National_Committee_cyber_attacks#Hacking_the_DNC
https://thehackernews.com/2022/04/russian-hackers-tried-attacking.html
https://en.wikipedia.org/wiki/Stuxnet
https://en.wikipedia.org/wiki/Flame_(malware)
https://en.wikipedia.org/wiki/Regin_(malware)

Though I might have found a fairly recent example of a Russian state adjacent group targeting the IME:
https://eclypsium.com/2022/06/02/conti-targets-critical-firmware/
So far as I can tell Conti (aka Wizard Spider) is at the very least an ally of the Russian government, though this exploit of theirs does not yet seem to have been found in the wild yet. We will probably see it start popping up soonTM.

I would say eventually we are going to have to have a talk with computing companies about their toys, but I remembered one of the reasons for IME/PSP is DRM, so we can continue to expect these black boxes on all consumer hardware indefinitely.

jxself
Hors ligne
A rejoint: 09/13/2010

"...the way we know about other attacks?"

Right, so the only way is if someone says.

andyprough
Hors ligne
A rejoint: 02/12/2015

A good question might be, "has a government ever NOT used IME/PSP as a backdoor?"

I think the answer would be "yes, there are times when the NSA/CIA/MI6/Mossad/KGB (GU)/MSS/BND/DGSE/DGSI etc have not used IME/PSP".

A follow-up question might be, "why do governments NOT ALWAYS use IME/PSP as a backdoor?"

I think the answer would be "because they have better backdoors for the spying they are attempting to accomplish". For instance, if they have physical access and root access already to your computer, there's no reason to use a complicated backdoor. Similarly, if you quickly and easily fell for a spearphishing scam and clicked their email link and installed their rootkit, they may have a better backdoor on your system with superior command and control capability.

A follow-up question might be, "why do governments SOMETIMES use IME/PSP as a backdoor?"

I think the answer would be, "if your opsec has generally been pretty good and they don't have a better/easier way into your system".

And then the big question would be, "do governments ALWAYS use backdoors like IME/PSP to spy on everyone?"

Answer: based on the Snowden revelations and the revelations of mass spying on all cell phone lines, all Google/Facebook traffic, all undersea cables - "Probably yes, if it is easily available".

Legimet
Hors ligne
A rejoint: 12/10/2013

I suggest using me_cleaner if you haven't already. It removes as much of the IME firmware as possible without breaking the system.

PublicLewdness
Hors ligne
A rejoint: 03/15/2020

You would have to be way more of an optimist than I am to believe that the alphabet agencies haven't been able to use things like the ME and PSP to their advantage. Even if you can't find clear evidence that they did they are too huge a vulnerability to leave yourself open to be exploited by them if you can afford to ditch them.