Tuesday, October 16, 2018

[huzzisbb] Thwarting interdiction

A state intelligence agency intercepts a computer or phone during shipping from the manufacturer/dealer to the customer, implants a surveillance device or backdoor, packs it back up and ships it the rest of the way to the customer.  This is standard practice by intelligence agencies (Snowden).

It's surprising we don't see more efforts to prevent this kind of attack.  There are a whole bunch of technologies, some ancient (e.g., wax seal), that would make things at least a little bit more difficult.  Nobody likes to be spied upon.

On one hand, interdiction is already difficult and expensive, so small efforts to prevent it will be defeated without much relative extra effort by the attacker.  On the other hand, it seems the defender has a tremendous advantage if all we want is tamper-evident.

Of course, if you buy your electronics at a high-volume big box store, it's unlikely the attacker has compromised every item on the shelves.  Or else it's no longer called interdiction but seeding.

Inspired as a response to "How China used a Tiny Chip to Infiltrate U.S. Companies".  It wants us to be concerned that a formerly theoretical attack, seeding, has happened for real, but that seems like something you should be concerned about only after you've already fully defended yourself from interdiction.  Have sensitive organizations already done the latter?

Interdiction of a computer part between a part manufacturer and the computer assembler feels somewhat in between interdiction and seeding.  Will the assembled computer with the compromised part reach the target customer?

No comments :