Some of the obvious backdoors are easy to circumvent. e.g. If a Linux distribution is your operating system of choice, you automatically bypass that Lenovo backdoor.
I can't find the link now, but I also remember something about ISP-provided Huawei USB modems having backdoors as well, and I assume it's the same for ZTE. This post seems to confirm that:
So, hypothetically speaking, say a laptop firmware has an SMM backdoor, how does using Linux bypass it in any way?
Such firmware could for example scan system memory for cryptographic keys and send them over wifi or ethernet connection, without main OS even knowing.
SMM code is going to be executed at arbitrary times at highest possible privileges regardless of operating system.
Also any microcontrollers inside laptop manufacturers' ASICs can also do pretty much anything the manufacturer wants them to do (or possibly even some other party compromises them to do).
Manufacturer itself might not even be aware they're shipping compromised systems.
My Linux remark applied solely to the backdoor that used a ACPI table to make Windows install malware on every boot, which I had linked. It did not claim that installing Linux protected you from anything else.
That ACPI table payload is conditional and obviously OS dependent. Overall not a huge threat.
SMM interrupt code comes from the very same BIOS image and is executed at arbitrary times regardless of operating system. SMM code can do pretty much anything it pleases, it runs at the highest privilege and priority level possible.
Discussion of SMM interrupt code is irrelevant to the observation that installing Linux protects you from a Windows specific backdoor. That was not a claim that Linux provided safety against every possible backdoor. You seem to be trying to debunk a claim that no one made.
I think it's UEFI mounting the Windows partition and dropping some files there before booting the OS. ACPI executes on a virtual machine inside the kernel and afaik it's not supposed to be able to write to files.
Phones, like antiviruses, modems, cloud provider etc increasing feel like a case of "pick which nation state's backdoor you feel more comfortable with." I find myself occasionally thinking (we work on human rights topics), well I don't really piss off the USA or EU so I will buy say an antivirus from there but I do piss off XYZ so I won't buy a product from there. What a mad world we live in that software/hardware purchasing has a geostrategic component. It always has done for government etc but now it does for the consumer.
Wait until people start buying self-driving cars from China in droves. That ought to be "fun".
Even if nobody from China intends to kill you, those backdoors will be used by other spy agencies/drug cartels/criminals, too, whether China intends for it to happen or not. At the very least they may be used for ransomware that asks for $1,000 to unlock your car - or not drive you off a cliff.
Is there any evidence for a government having a backdoor in Cyanogen or another Android OS fork? Or, for that matter, a backdoor into iOS?
As far as the geostrategic component of telecommunications choice, when was it not like this? Postal letter: address logging, letter opening; telegram: logging, transcription; land telephone: call logs and wiretapping; wireless telephone: call logs and wiretapping; email (without STARTTLS): metadata logging and interception; social network: government search order.
The modern encrypted methods of communication (iMessage, PGP, Signal) are the first methods where one could feel comfortable about the local government having extreme difficulty intercepting your communication.
I think it is essential to consider geography when deciding telecommunications hardware, software, and service. There may have been a local maximum in the early-mid 2000s, but this is only part of a long-term trend of improving privacy in telecommunications.
They honestly won't have to if they have a backdoor in the baseband modem, which even in the most OSS friendly phones is still controlled by a large binary blob from the manufacturer. Who's to say state agencies (NSA/GHCQ/etc) haven't found bugs in it just like they have in hard drive firmwares to persist APTs indefinitely?
Wasn't Apple's "goto fail" bug a partial backdoor into iOS? Considering how long it took for it to be discovered, is it really so improbably that there are similar, or more serious, backdoors in other software, even if open source?
"goto fail" certainly could be used as a way of subverting iOS security but it provided indiscriminate access in a way that seems more like a vulnerability caused by a bug.
Maybe some actor did add the goto fail for nefarious reasons, but it can quite easily be explained by a merge error.
It's not easy to explain this particular backdoor as anything but a backdoor. From the article:
"The binary responsible for the firmware OTA update operations also includes code to hide its presence from the Android OS, along with two other binaries and their processes. A developer looking at active Android processes won't be able to tell when there's an update coming to his phone."
I do that too, but I wonder if it really matters. Does China care about what I as a citizen of Germany say about their five year Plan? Maybe. Enough for them to take Action? Doubtful.
They care about what you do for work. Do you use your phone to discuss proprietary information? Might that be of value to a Chinese competitor, supplier, or customer? Do you take your phone places where the camera or microphone might pick up something of value, even if left in your pocket or on your desk? Do you take your phone near wireless networks that might be hackable? If so, China does care about you.
If a device downloads updates over a non-secured channel, it doesn't automatically mean that it will execute the update unconditionally. For example, a package might be signed with vendor's key, the public part of which is shipped with the device. If the sig is missing or invalid, the device will discard the package.
Ugh. I almost bought a Blu because they're super cheap and I thought I would need to bridge a 10 day gap between a phone dying and the replacement arriving.
It's really past time for Google to take control of Android and stop crap like this.
If you understood the difference the choice is clear. Those aren't just two different words (country |company), but two entirely different ways of looking at and living life.
The identified affected devices are listed in the provided CERT article. [0] There are similar devices affected by this issue and the ADUPS spyware, potentially a cross-section of BLU devices.
Here's a vulnerability which completely owns the phones it runs on. This is the kind of thing which a few years ago would have been the scandal that would destroy companies - the pre-SP1 Windows XP Microsoft vulnerabilities were much, much less serious than this and yet Gates saw them as an existential threat to the company.
But apparently vulnerabilities now are so common that - even when they are deliberately put in - the company neglected to pay the ~$20/year to make sure they kept access.
Additionally, for all the talk of how state-sponsored agencies are continually grabbing every resource they could, here is one where they could have taken over a large number of phones and yet failed to.
Additionally, for all the talk of how organized the PLA is.. clearly this wasn't them.
How does Hanlon's Razor explain the surreptitious nature of the firmware?
"Little is known about the Ragentek firmware. BitSight researchers said code in the firmware goes out of its way to conceal the presence of the underlying binary file. For example, it deliberately attempts to remain excluded from the list of running processes returned by the Linux PS command."
A lot of consumer hardware is assembled in China, but modern technology is "made" from globally sourced components and talking about a country of origin is disingenuous. And the software for Western brands is made in Western countries, not in China.
http://www.techworm.net/2015/08/lenovo-pcs-and-laptops-seem-...
Even the ISP provided routers are backdoored:
http://www.computersolutions.cn/blog/2014/09/hacking-shangha...
Some of the obvious backdoors are easy to circumvent. e.g. If a Linux distribution is your operating system of choice, you automatically bypass that Lenovo backdoor.