[Freedombox-discuss] Backdoor in military chips may also be in Freedombox
I wrote this article a few years ago about Intel's vPro. When it was published, I was called by the lead architect on the technology. He spent over 20 minutes trying to convince me that what I had written was not accurate, that no such abilities existed inside vPro, and that it would only be used for business uses.
Rick C. Hodgin
--- On Thu, 6/28/12, freebirds at hushmail.com <freebirds at hushmail.com> wrote:
> From: freebirds at hushmail.com <freebirds at hushmail.com>
> Subject: [Freedombox-discuss] Backdoor in military chips may also be in Freedombox
> To: freedombox-discuss at lists.alioth.debian.org
> Date: Thursday, June 28, 2012, 11:57 AM
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> US military chips have a preinstalled backdoor. "This
> backdoor has
> a key, which we were able to extract. If you use this key,
> you can
> disable the chip or reprogram it at will, even if locked by
> user with their own key. This particular chip is prevalent
> in many
> systems, from weapons [and] nuclear power plants to public
> transport. In other words, this backdoor access could be
> into an advanced Stuxnet weapon to attack potentially
> millions of
> systems," Skorobogatov said in the research paper.? . .
> California-based Actel inserted the backdoor, not as a
> activity but rather as a built-in debugging interface.. . .
> and is
> a common debugging practice.. . .Whether you call this a
> feature to prevent others from hacking the chip through JTAG
> or a
> secret backdoor available only to the manufacturer, is open
> interpretation," Graham said"
> Regardless whether physical access is necessary to exploit
> debugger, do not underestimate the effectiveness of a
> functioning as backdoor. Government, hackers and abusers can
> into offices, homes, cars and wherever else a PC or small
> FreeddomBox may be at. Furthermore, I doubt physical access
> really required.
> Please ask Marvell and ARM if there is a debugger. If so,
> ask them to remove it.
> -----BEGIN PGP SIGNATURE-----
> Charset: UTF8
> Note: This signature can be verified at https://www.hushtools.com/verify
> Version: Hush 3.0
> -----END PGP SIGNATURE-----
> Freedombox-discuss mailing list
> Freedombox-discuss at lists.alioth.debian.org