Schneier on Security

Clive Robinson • November 30, 2018 3:19 PM

@ Wael, echo

They'll be of limited use.

That depends on if you've had a good Greek Dinner, if you have then they would aid in making it a realy smashing event ;-)

Clive Robinson • November 30, 2018 4:41 PM

@ Bruce,

if someone actually surreptitiously put malicious chips onto motherboards en masse, we would have seen a photo of the alleged chip already.

Whilst I do not wish to chuck fuel on Bloomberg's fire...

The technical question still arises as to if "en masse" is actually necessary? And if not just how few are needed?..

As I said originally the conventional wisdom was/is you interdict at most one or two steps at most up the supply chain from the customer. In part because that is the way the paperwork from the Ed Snowden trove said the SigInt entities did it. In part because it avoids the "en masse" issue that conventional wisdom said would be needed from the manufacturers end of the chain.

Personaly I think conventional wisdom is wrong on the last point. The likes of Apple etc would "bulk buy" thus their order would be known about at the factory. I've yet to see any argument to refute this point, in fact I've actually seen supporting evidence in other supply chains.

But further I don't think you need to put a chip in every board in an order. Simplisticaly each motherboard has two sets of interfaces, those that are untrusted and those that are trusted. All that would be required for a "single chip" attack would be using a trusted interface that will be connected to all the other trusted interfaces on all the other untampered with motherboards when they have been installed at the end customers server rooms.

There are realy only a couple of ways to find the presence of such a chip non destructively. The first would be by "visual inspection" to save time in the same manner as an Astronomers "blink box" that is used to find commets etc. The negatives could be from various energy types spectrum ranges and rapidly and compared with those from a known good board. However there are plenty of hiding places it could be put out of sight. The second way is that the chip would have various signitures that would differ from the correct part if you are looking in the right way at the right time. Thus the probability of detection of a signiture could be delayed beyond a reasonable "test time".

There is also the question of "abnormal communications", whilst known to engineers for what seems like forever and certainly predating WWII, it was apparently unknown to most in ITSec prior to BadBIOS made the news, that Shannon Channels come in all shapes and forms. Thus any energy source that can be modulated in some form can carry information off of a motherboard... Likewise any modulated signal in the area a motherboard is in can be picked up if there is a suitable sensor. Thus the components in a switch mode regulator could be selected to act as a trasmitter or receiver transducer and it does not need to be a chip...

The thing about the Bloomberg story is it does not need to be true, just possible. We saw this with BadBIOS the premise behind it was never confirmed. However the fact it was possible and had been in the news encoraged others to build systems to exploit the channels identified. Which means I suspect that more than a few people will now investigate how to poison a supply chain...

Clive Robinson • December 1, 2018 12:17 AM

@ Phaete,

Extraordinary claims require extraordinary evidence

Yes and no.

To deprive someone of their liberty or life, or to go to war, or to make scientific discovery of life in another part of the universe then yes, that level of proof is required.

But what about for your own defence? That is you are walking down the street and you see a crowd ahead, do you need extrodinary evidence you are in danger before you will cross thr stteet or turn into another street to take an alternative route?

Likewise do we need extrodinary evidence that burglers exist befor we put latches and locks on our gates, doors and windows.

What level of suspicion is required before you investigate something for your own piece of mind?

The article you quote says,

An extraordinary claim is one which is not supported by the available, or ordinary, evidence. Support for such a claim must therefore come from newly observed evidence, or a new recognition of existing evidence, which is extraordinary.

That is "extraordinary claims" are "end point claims" that is "Definitely exists" or "Definitely does not exist", they are not to be used when there has been no investigation or hypothesis testing.

Thus if you were to make Bloomberg's claim then yes you would require some level of evidence, perhaps not "extrodinary evidence" but you would certainly require some evidence, which currently there does not appear to be any that we know of.

However from a defensive stand point you are asking "Could such attacks be feasable?" then you need to "reevaluate current understanding" and what underlies it.

Which is my point above, the prior and in some cases still current "conventional wisdom" was/is it was not possible. It can now be shown with a few moments thought that in part the conventional wisdom was/is bassed on a "assumption" that is either "to broad" or "false"... Thus either way we should reexamine our chain of reasoning.

The "too broad/false" assumption is that "It is not possible to mount a directed attack at a target from the manufacturers end of the supply chain". That is, at the factory you could NOT say that motherboard X was going to customer Y. That is actually an "extrodinary claim" in it's own right and easily disprovable when you consider "custom orders". Likewise it's fairly easy to say the same for other special orders such as "bulk orders" beyond a certain size.

So the conventional wisdom that "You can not know at the factory end of the supply chain" is a wrong assumption because it has a spectrum of answers related to "The type of order"...

So having shown that conventional wisdom is wrong in that point we need to ask does it have other "too broad / false" assumptions. The answer is unfortunately yes. Conventional wisdom also implys that a supply chain attack would need to effect "all motherboards". Again the reasoning is incorrect, it's assuming incorrectly the motherboards will be "used in issolation" not just from the outside world which is a semireasonable argument, but by false inference "issolated from all the other motherboards" as well... Which we now know for data centers is an unreasonable assumption.

Showing that "conventional wisdom" has these two false assumptions, what are the implications of saying they are wrong, that is what becomes possible?

Well on the valid assumption that some "cloud infrastructure", "social networking" and "search engine" entities public and more private use custom or bulk ordered parts. We can now see it is infact more likely than not that the factory knows who the motherboards are for directly or can make a probable guess based on where they are being shipped to.

Further we can go on and reason that the manufacturer is also very likely to know or can make a reasonable assumption about the motherboards likely use in a data center. That is the motherboards will be used "collectively" and not in issolation.

Which brings us onto the next more interesting part...

On the assumption the manufacture wants "plausable deniability" or just to be covert just how many motherboards do they need to tanper with in the range from "one to all"? Well it depends on your assumptions about "Goods Inwards Test" (GIT) and "Stock In Hand" (SIH) for spares etc.

But it's easy to see that GIT is not going to be a "Full" test because that would be a "destructive test" on all boards... Further due to time constraints GIT may not be a "Burn In Test" either but just a limited functional test on a fractionaly small subset of all the boards.

Thus it would be easy to design such an "implant chip" not to do anything for the first week or month of being powered up. Which would in most cases see it safely into a production rack if that is where it is destined for which is most probable. Thus the number of boards that would need to be implanted if all go into production is just one, or two for reliability.

So the next question is about SIH spares, things fail there is something called "The bathtub curve" you can look up for expected failures against time. The important initial part is the "juvenile failure rate", because that is what a full stress "Burn in Test" is about, the implant chip has to wait to get beyond this point before doing anything untoward and some boards will fail. So you need sufficient implanted motherboards to get to this point which might only be 1% of the order size. The customer will have an "expected service time operation" which means that they will replace the data center in three years or less and maybe five at the most. Thus the number of spares they keep on hand will be predicated by this and the manufacturers stated product life cycle which might only be a year and a half. Again it might only be a very small number, just a fraction of the order size.

The upshot is to be covert and have deniability the manufacture is only going to implant maybe three or four boards upto a very small fraction of the order size.

But they can also make any malware on such an implant chip a "toe hold only" device. That is it only infects one or two other motherboards that then go on in turn to infect one or two other motherboards each with a quite slow replication rate. This way if the attack is discovered it looks just like an already started covert attack from outside of the data center, unless extensive monitoring is in place the probability of finding the actuall original implant is very small indeed.

If I was going to do a covert attack via supply chain poisoning at any point a "toe hold" implant would be my prefered way to go about it. And if I was realy "thinking hinky" I would actually make the toe hold implant go after a network switch[1] as it's target to infect, with the infection in the switch then attacking the motherboards (but then I think nasty that way routinely ;-)

The final question though is having got the malware onto all the motherboards would it do you any good? The answer to that is actually quite difficult to say. That "conventional wisdom" is that such an attack would only be to "exfiltrate data", but as I've shown conventional wisdom has issues due to false assumptions, and the area of "payload function" is pure conjecture when it comes to both state and large corporate motivations.

We only have to look as stuxnet which was actually aimed at North Korea by the US and the more recent attacks on Saudi Oil interests to see that "data exfiltration" was not at all what the payloads were all about.

Thus again because I'm nasty that way I'll assume that the intent of such a toe hold implant chip would not be "data exfiltration" because it's going to get the implant chip found in fairly short order... which would be a waste of the entire effort for little gain[2].

No I'd be looking to build a cyber-doomsday device like a reverse kill switch etc. Consider the effect of taking out all US cloud services, social networking, search engines and much of the telecommunications network etc all at the same time of say midnight the day before "black Friday" or some other date. The real problem would not be the infiltration of the kill switch payload but synchronising the time the switch is thrown. Obviously this is a quite low bandwidth function thus quite covert... Whilst such an attack would not do much physical harm it's self, the secondary effects would be quite significant and something the US in particular are going to be sensitive to.

[1] Going after a network switch is actually easier than it sounds. Because in a large data center the types of switch in use are actually very limited in manufacturers/models and zeroday vulnerabilities tend to effect entire ranges of models, which is why the likes of the NSA like their big brother "routers" as a "target of choice"...

[2] The majority of malwares failings and why it gets found relatively easily is because it's not covert, it's noisy thus it get seen like mouse droppings and thus the traps come out and it gets the chop. We know that only some "state level" attacks are like this. However it has not stopped the assumption forming that "China = data theft" affecting "conventional wisdom"...

Clive Robinson • December 3, 2018 11:11 AM

@ Wesley Parish, echo Wael,

Clay tablets do not cure headaches, as they are quite hard to swallow. Much less stomachaches.

Oh you've probably never tried, Kaolin and morphine mixture[1]... My mother swore by it and Milk of Magnesia mixture as both were "Kill or Cure" ;-)

Kaolin is a form of clay and well morphine has all sorts of properties including making you constipated, which is one reason German U-Boot officers were encoraged to make use of it...

Sadly I'm told geting hold of K&M mixture in the US over the counter is well neigh impossible since Ronnie "the Ray Gun" Reagan was in the Whitehouse and Mrs Reagan unlike Queen Victoria "Was not amused" by it...

But if you grow lettucies at home in various growing dirts, the heart and root of a lettuce contains various amounts of natural laudinum which is in the same opiate family as morphine. So you could have "home grown" K&M if you wack it in a mortar and work it over with the pestal ;-)

[1] A UK medical note on K&M mixture, https://www.netdoctor.co.uk/medicines/digestion/a6945/kaolin-and-morphine-mixture/

Clive Robinson • December 4, 2018 4:05 AM

@ Wesley Parish,

One of the problems of a very dry mouth, is your tongue can get stuck very firmly in cheek 0:)

Mind you on the radio news yesterday evening was an item that apparently "Papa" had spoken to the naughty Xi and now all was sweetness and light in the kingdom...

https://www.bbc.co.uk/news/world-latin-america-46413196

Then I read the small print :-S

Clive Robinson • December 5, 2018 7:28 AM

@ Wesley Parish,

It's true that there would be some side-effects, but such an upgraded B52 would also be immune to either directed or undirected EMP weapons.

Well at seven nautical miles per device you know it's never going to crash... Because one primary side-effect is it could never take off ;-)

The real question though is "How do you grow the crystals for the wafers without the moon bending the attempt?.."