Hacker News new | past | comments | ask | show | jobs | submit login

Which doesnt help against silicon-level backdoors, which for all we know, exist and get exploited :/

edit: this includes so called "undocumented features" like maintenance access etc.




That's my least concern to be honest. My rice cooker could have a spy device installed without me knowing. I think the first priority is software exploits and backdoors because they are the easiest to implement and the cheapest to operate with.


Actually, it's sort of a myth that hardware is fundamentally harder than software. The toolsets simply haven't been as powerful until recently.

Hardware can be thought of as hardcoded software. But it's no longer the case that hardware is hardcoded. Hardware is becoming increasingly sophisticated, especially in their ability to be reprogrammed on the fly.


> "Hardware.. ability to be reprogrammed on the fly."

Um.. that's not hardware.


FPGAs are pretty much hardware. And they're reprogrammable, as in "re-wireable".


Interesting. I did not know that.


The line is a little fuzzy, but I'd consider EEPROM to be essentially programmable hardware. x86 has dozens of nonstandard but functional opcodes; how do you know that none of them does something unfortunate?


You don't even need that. You could even just have a completely ordinary, run of the mill, valid opcode do something unexpected when given "magic" data. Like if you mov the value 0xDEADBEEFBAADF00D, the code also jmp's to the top of the stack, as an easter egg.


Yeah, firmware. Programmable hardware. And these days, everyone and their dog is programmable...


Regarding hardware reprogrammed on the fly. That sounds like something FPGA is really good at for powerful computation, except, you can't make a sensor detector unless there is already a physical sensor detector attached. It would be cool to make hardware to make hardware :)


That's true, but network equipment, including mobile baseband processors, are silicon as well. Exploiting them would need help from the network operator, but I think mobile carriers are not very protective of their customers against government inquiries (or at all).


Why go to the network operator? Simply fire up your own, the hardware is sub-$1000 these days and the software open source.


True. Nevertheless, silicon backdoors tend to be way more expensive to exploit and often require physical access.

This is in opposition to software backdoors which allow someone sitting in a room 4000km away to own you with no outlay of money or resources on their part.

One problem at a time. Once we get the software stack open, then we can start going after the hardware stack.


That's exactly right.

Also, maintenance access is one of the easiest backdoors to exploit. The Target credit card breach was done through the maintence access in the HVAC system.




Consider applying for YC's Spring batch! Applications are open till Feb 11.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: