So @bunniestudios & Limor @adafruit, is this bullshit?https://twitter.com/dragosr/status/1001114342958317568 …
Show this thread
-
If there are as many indicators of compromise as you claim (and it's not just you misinterpreting totally normal stuff), then the malware is shoddy and clearly not designed for stealth. So show us some of them.
FWIW: if I were a three-letter agency designing a Raspberry Pi implant, it would live in the VideoCore firmware blob that rules the system from the shadows and be completely invisible to Linux. And I wouldn't be leaving behind "systemd slices that sandbox users".
-
-
...or compromise something like AMD Secure Processor, Intel SGX and ARM TrustZone.
-
I'm pretty sure the VideoCore stuff is higher privileged than TrustZone. Though TrustZone would be more portable to other chips.
- Show replies
New conversation -
-
-
and yet paradoxically, this attacker seems to have dispensed with stealth altogether here. I have so many IOCs it’s not funny, so I get the impression this is more about stopping extraction of the samples I do have.
-
If you have so many IOCs, why not show them to us? You might get some people excited and less likely to call BS on you. Take a video of what you see that isn't normal. Even the most advanced NSA implant can't plug the analog hole.
- Show replies
New conversation -
-
-
Heh, creating malicious VideoCore firmware would be a fun project xDhttps://github.com/christinaa/rpi-open-firmware …
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
But the fun thing about the Raspi is that videocore blob isn’t invisible. It lives on the SD card and must be readable for the device to boot.
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.