[Freedombox-discuss] Backdoor in military chips may also be in Freedombox

Rick Hodgin foxmuldrster at yahoo.com
Thu Jun 28 16:04:59 UTC 2012

I wrote this article a few years ago about Intel's vPro.  When it was published, I was called by the lead architect on the technology.  He spent over 20 minutes trying to convince me that what I had written was not accurate, that no such abilities existed inside vPro, and that it would only be used for business uses.


Best regards,
Rick C. Hodgin

--- On Thu, 6/28/12, freebirds at hushmail.com <freebirds at hushmail.com> wrote:

> From: freebirds at hushmail.com <freebirds at hushmail.com>
> Subject: [Freedombox-discuss] Backdoor in military chips may also be in Freedombox
> To: freedombox-discuss at lists.alioth.debian.org
> Date: Thursday, June 28, 2012, 11:57 AM
> Hash: SHA1
> US military chips have a preinstalled backdoor. "This
> backdoor has
> a key, which we were able to extract. If you use this key,
> you can
> disable the chip or reprogram it at will, even if locked by
> the
> user with their own key. This particular chip is prevalent
> in many
> systems, from weapons [and] nuclear power plants to public
> transport. In other words, this backdoor access could be
> turned
> into an advanced Stuxnet weapon to attack potentially
> millions of
> systems," Skorobogatov said in the research paper.  . .
> .
> California-based Actel inserted the backdoor, not as a
> malicious
> activity but rather as a built-in debugging interface.. . .
> and is
> a common debugging practice.. . .Whether you call this a
> security
> feature to prevent others from hacking the chip through JTAG
> or a
> secret backdoor available only to the manufacturer, is open
> to
> interpretation," Graham said"
> http://www.techspot.com/news/48817-china-not-responsible-for-us-
> military-chip-backdoor.html
> Regardless whether physical access is necessary to exploit
> the
> debugger, do not underestimate the effectiveness of a
> debugger
> functioning as backdoor. Government, hackers and abusers can
> break
> into offices, homes, cars and wherever else a PC or small
> FreeddomBox may be at. Furthermore, I doubt physical access
> is
> really required.
> Please ask Marvell and ARM if there is a debugger. If so,
> please
> ask them to remove it.
> Charset: UTF8
> Note: This signature can be verified at https://www.hushtools.com/verify
> Version: Hush 3.0
> wsBcBAEBAgAGBQJP7H7rAAoJEMry4TZLOfxmYHcH/2RBEpd+S+N7D/edOadg2G2+w6r/
> zYzHUd/zlAMiO6o/Z2F2lOcIavB7q0X9sVvUojxFGqLVRHxWXcNiiyyW9Wag53zRByZ3
> 4Gc5DpBZCts/PcVLxi23USCN5MpgLDFkQ6/aNoE9pLzm4XnGlYxYupHhBqtgwBwZvnDX
> xZ6rtmFFNsXCaUI4ObnaAYNHQ/08iWeJE96U8YdEJI5b/wEW+oa2J9VRgBUYxblUmCHX
> AZTz5mVCuxdKjFlCVYns7Dq8ICwUheVz4fMvF2Wdu+X87rv1xvh07+YhfearlDMNv2NH
> wzraVV2iUfCCJJDkthp0Vgyq4NfMAkBEx0ZL+sHVswc=
> =Vd0v
> _______________________________________________
> Freedombox-discuss mailing list
> Freedombox-discuss at lists.alioth.debian.org
> http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/freedombox-discuss

More information about the Freedombox-discuss mailing list