Hackers reverse-engineer NSA's leaked bugging devices

[planetdoc]

link
(highlights)

Quote:

RADIO hackers have reverse-engineered some of the wireless spying gadgets used by the US National Security Agency. Using documents leaked by Edward Snowden, researchers have built simple but effective tools that can be attached to parts of a computer to gather private information in a host of intrusive ways.

The technologies include fake base stations for hijacking and monitoring cellphone calls and radio-equipped USB sticks that transmit a computer's contents.

But the catalogue also lists a number of mysterious computer-implantable devices called "retro reflectors" that boast a number of different surreptitious skills, including listening in on ambient sounds and harvesting keystrokes and on-screen images.

One reflector, which the NSA called Ragemaster, can be fixed to a computer's monitor cable to pick up on-screen images. Another, Surlyspawn, sits on the keyboard cable and harvests keystrokes. Joshua Datko of Cryptotronix in Fort Collins, Colorado, will reveal a version of an NSA device he has developed that allows malware to be reinstalled even after being dealt with by antivirus software. It works by attaching its bug to an exposed portion of a computer's wiring system – called the I2C bus – on the back of the machine. "This means you can attack somebody's PC without even opening it up," says Ossmann.

Having figured out how the NSA bugs work, Ossmann says the hackers can now turn their attention to defending against them – and they have launched a website to collate such knowledge, called NSAPlayset.org. "Showing how these devices exploit weaknesses in our systems means we can make them more secure in the future," he says.

[DaveNull]

Looking forward to seeing this talk in #partytrack.

[ModSocks]

Yay....lets give malicious hackers more tools to **** over the rest of the world with. Great idea guys.

[Fish]

You can gain access to some data when you have direct access to the computer? No way!

This is pretty dumb. This isn't "Hacking" in the slightest. All of these things are very well known and have been possible for decades. Hell, you can view the output of a computer monitor a short distance away without ever touching a single thing. This and much more is possible with access to the machine, and it's not any NSA secret. And if you have direct access to a computer in the first place, there are much much better ways to get what you want from that computer without using goofy-named hypothetical tinker toys attached to the cabling.

Quote:

It works by attaching its bug to an exposed portion of a computer's wiring system – called the I2C bus – on the back of the machine. "This means you can attack somebody's PC without even opening it up," says Ossmann.

Yeah...... these idiots have no clue what they're talking about. I've constructed I2C boards that can read computer sensor information in various ways. It's moronic to say an I2C bus could hack a PC, unless you consider getting the current fan speed of the CPU fan as "Hacking".

This is pointless fear mongering.

[beach tribe]

Quote:

Originally Posted by Fish

You can gain access to some data when you have direct access to the computer? No way!

This is pretty dumb. This isn't "Hacking" in the slightest. All of these things are very well known and have been possible for decades. Hell, you can view the output of a computer monitor a short distance away without ever touching a single thing. This and much more is possible with access to the machine, and it's not any NSA secret. And if you have direct access to a computer in the first place, there are much much better ways to get what you want from that computer without using goofy-named hypothetical tinker toys attached to the cabling.



Yeah...... these idiots have no clue what they're talking about. I've constructed I2C boards that can read computer sensor information in various ways. It's moronic to say an I2C bus could hack a PC, unless you consider getting the current fan speed of the CPU fan as "Hacking".

This is pointless fear mongering.

Absolutely this.
There is not a single example of hacking in that article, nor anything that was developed as a result of the NSA.

[planetdoc]

Quote:

Originally Posted by Fish

And if you have direct access to a computer in the first place, there are much much better ways to get what you want from that computer without using goofy-named hypothetical tinker toys attached to the cabling.

Thats the difference between monitoring/keylogging vs getting what is already in the machine (what is typed and seen might not be in there).

Quote:

Originally Posted by Fish

Yeah...... these idiots have no clue what they're talking about. I've constructed I2C boards that can read computer sensor information in various ways. It's moronic to say an I2C bus could hack a PC, unless you consider getting the current fan speed of the CPU fan as "Hacking".

It sounds like they say that i2c is a path that malware can travel from their bug to execution (either gpu or something else). The bugs described are about monitoring/keylogging from hardware without modifying the software environment.

Quote:

Originally Posted by anon

Display connectors use i2c for the EDID information. VGA, DVI, and maybe HDMI have an i2c interface in them. According to the article their "bug" attaches to the i2c. The i2c bus is likely not isolated from everything else. VGA i2c bus likely originates in the GPU display controller. That doesn't mean NSA backdoor software can't open a side interface on it.

You can use i2c-tools on Linux to poke around your system's i2c busses if you're trying to find out more. I'm fairly certain RAM also uses i2c, each RAM module has a little i2c EEPROM on it that stores timing and configuration data for the module and those busses are accessible with i2c-tools as well

One fairly prominent use is with serial presence detect in DDR SDRAM, which allows the reading of an EEPROM on the DIMM containing the necessary information to set up the memory controller to access the RAM. I.e., this is done by the processor before it can use its RAM.

In fact, I would go so far as to say this is the perfect exemplar of the niche I2C inhabits.

I2C will be used in multiple separate buses; one or two are routed through external connectors.

[Fish]

Quote:

Originally Posted by planetdoc

Thats the difference between monitoring/keylogging vs getting what is already in the machine (what is typed and seen might not be in there).



It sounds like they say that i2c is a path that malware can travel from their bug to execution (either gpu or something else). The bugs described are about monitoring/keylogging from hardware without modifying the software environment.

No, there is absolutely no way malware could infect a computer through I2C. I2C lets you probe known outputs from the rest of the bus. Meaning that another piece of hardware has to be hard wired to output wanted information to a specific pin. It can only access info that other hardware natively shares. It's incredibly limited in both speed and available bits to work with. It doesn't have the capability to do much else, especially anything software or OS related.

Yes, most of the bugs described are about monitoring a computer which relies on access to the machine. It's pointless and has nothing to do with the NSA.

[htismaqe]

You totally beat me to it on the I2C bus, Fish.

This "story" is hilarious.

[planetdoc]

Quote:

Originally Posted by Fish

No, there is absolutely no way malware could infect a computer through I2C.

lets revisit this after the release their findings at Defcon. Either it can be done as they claim or it cant.

[DaveNull]

Agreed. Better to wait for the actual research as opposed to what may be no more than a reporter who has no technical background reading the talk description.

oh, and Fish the tools are similar to those described in the leaked Snowden documents.

[htismaqe]

Quote:

Originally Posted by DaveNull

oh, and Fish the tools are similar to those described in the leaked Snowden documents.

Hey, read the article.

Quote:

RADIO hackers have reverse-engineered some of the wireless spying gadgets used by the US National Security Agency. Using documents leaked by Edward Snowden, researchers have built simple but effective tools that can be attached to parts of a computer to gather private information in a host of intrusive ways.

[planetdoc]

defcon is coming up.
https://www.defcon.org/html/defcon-2...ers.html#Datko

[DaveNull]

Who's going?

[DaveNull]

Quote:

Originally Posted by DaveNull

Looking forward to seeing this talk in #partytrack.

This talk is happening on Defcon Sunday (already not looking forward to that wakeup call) in partytrack.

[DaveNull]

I've got the draft papers if anyone wants to read them. I should have video of the talks in a couple weeks.