Conversation

Daniel Micay
@DanielMicay
Replying to
@lrvick
Big difference between a device with components that are strongly hardened, highly audited and have good ongoing security support vs. the complete opposite. Also, portraying it backwards by misinterpreting how DMA / IOMMUs work is just wrong.
1
Daniel Micay
@DanielMicay
Replying to
@lrvick
Devices you're talking about have entirely closed source hardware and firmware. If you choose components that are known to be insecure and also don't apply fixes to known security vulnerabilities, backdoors are a non-issue, because you have the front door wide open to attackers.
2
Daniel Micay
@DanielMicay
Replying to
@DanielMicay
and
@lrvick
You're also once again misrepresenting closed source software as a black box. It isn't, and in fact, if you're looking for malicious, hidden backdoors, I do not really see how you're any better off trying to find them hidden in source code vs. from the final assembly code.
2
Lance R. Vick ( @lrvick@mastodon.social )
@lrvick
Replying to
@DanielMicay
I want a future where I don't need to any closed code, and then rip out unauditable open code until the OS is something super lean and capable of being reviewed/trusted by the community. Maybe this takes a decade. Long term I feel we are screwed without this option existing.
1
Daniel Micay
@DanielMicay
Replying to
@lrvick
Auditing doesn't magically uncover all vulnerabilities, and you're talking about a vulnerability that was intentionally inserted and designed to be hidden, which means whoever did it had the opportunity to use all available tools to keep it concealed. They might actually be quite
2
Daniel Micay
@DanielMicay
Replying to
@DanielMicay
and
@lrvick
happy if everyone uses reproducible builds since then they only have to target not just a specific compiler version or toolchain but a specific build environment. If you're auditing the source code for a backdoor, all of that stuff is attack surface for hiding a vulnerability.
1
Daniel Micay
@DanielMicay
Replying to
@DanielMicay
and
@lrvick
The complexity of the language, runtime, toolchain, etc. is all part of the toolkit for this adversary making a hidden backdoor. There are plenty of vulnerabilities IN PLAIN SIGHT that are not caught by repeated audits and code review. If you use code that I wrote, you trust me.
1
Daniel Micay
@DanielMicay
Replying to
@lrvick
Not feasible for anything that's not completely trivial, and then it's still far-fetched. Reality is you trust the people who made the hardware, firmware and software. It being open source doesn't change much since if they actually put in a hidden backdoor good luck finding it.
Twitter Web App
Daniel Micay
@DanielMicay
Replying to
@DanielMicay
and
@lrvick
Even if you do find it, you're just going to have found a subtle vulnerability, which happens all the time. It's hardly news. Linux kernel has thousands of those issues found every month. How many of them were intentional? That's not known. It's assumed they were all accidents.
Lance R. Vick ( @lrvick@mastodon.social )
@lrvick
Replying to
@DanielMicay
My realistic expectations is that if some of the community goes down this path, we may have an actually trusted feature phone within a decade. It is a long term hedge against nation states that might wish to take advantage of the current unauditable mess we have built today.
1