(PGP)Encryption and BIOS or Firmware attacks

Hardware tips and talk

Moderators: b1o, jkerr82508

User avatar
viking60
Über-Berserk
Posts: 9279
Joined: 14 Mar 2010, 16:34

(PGP)Encryption and BIOS or Firmware attacks

Postby viking60 » 01 Feb 2016, 15:40

We have security distros like Tails that use the Tor system and comes with DNScrypt and DNSMasq set up. And the Encryption part is in place too.
The PGP encryption cannot withstand a BIOS or Firmware attack.

Since Major companies deliver the firmware and can be instructed by governments; it is highly questionable if there is such thing as privacy on the internet.

The encryption keys in Tails are easily revealed if you can access the firmware - and you can! This is not limited to Intel, Microsoft or other Silicon Valley big shots.

Have a look here :
:A


This requires some hardware setup and physical access so you can just close the door. The parties responsible for updating your Bios do not need physical access so if the Government should decide that every computer should have a backdoor for them - for any given reason - then they will get it.

At least the governments that control the Companies in question.

Since former NSA leaders have claimed that the NSA should no more require backdoors: this could mean two things:

1 They are concerned about the future of safe computing and privacy.
2. They already have systems in place to avoid all encryption.


The likelihood that the latter is in place in most Computer hardware is an absolute possibility; already when you buy the computer. And the remote flashing of your Bios is no big problem if you should have an old system.

So is there such a thing as a secure Internet? Do we simply need to realize that the Internet is not safe by "nature".

Is the illusion of the safe internet simply a marketing campaign to enable our elected Peeping Toms or a necessity to fight terror?

Digital rights - is that only a thing to make profit for corporations?

Have you ever experienced that your Bios is behaving strangely after a reboot?

I have:

Years ago I bought this fairly decent computer that now only runs on Linux. This computer came with a small Bios program that lets you send mail and surf the internet super fast - before the standard OS is Loaded.

I had to deactivate this to make Linux boot correctly and suddenly the other day I booted and the computer jumped into that program again... :confused
This should only be possible by altering the Bios settings.

Now this could be caused by a regular update or...something else (It has been deactivated for years).

Given the events in the latter years: How unlikely is it that it was something else?

What really bothers me about this is that I have no way of finding out :berserk2
Manjaro 64bit on the main box -Intel(R) Core(TM) i7 CPU 920 @ 2.67GHz and nVidia Corporation GT200b [GeForce GTX 275] (rev a1. + Centos on the server - Arch on the laptop.
"There are no stupid questions - Only stupid answers!"

Return to “Hardware”