[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Hacking Team looking at Tails

Fact 1: Hacking Team could only infect a simple BIOS firmware of some
Asus notebooks, because those didn't check for signature. Hacking Team
did not have a valid certificate for the Microsoft certificate chain in
every mainboard to bypass secure boot.

Fact 2: You can always replace the Tails boot medium with your
backdoored Tails boot medium.

Fact 3: You could always have an 0day in Tails' software and somehow get
around the sandbox to extract information from the currently running Tails.

Fact 4: Browser-exploiting an OS which routes only via Tor is almost
impossible, you would need to MITM the currently used exit node and
correctly identify the HTTP session or hack a server the target frequents.

Hacking Team didn't design anything new, all of their "sophisticated
infection vectors" are basic shit. Just carry your Tails medium with you
all the time and you are immune to those amateur "hackers".

I honestly hope Hacking Team gets to sign their own UEFI bootloader with
a valid certificate. Ofc it will leak someday and have a lot of bugs,
which can be used to side boot your own unsigned UEFI code. Then we can
finally throw all that trusted boot bullshit into the trash it belongs.
Certificate revocation list updates for mainboards will be almost
non-existant, when was the last time one of your non-hacker friends
updated their BIOS?

I wrote:
> https://wikileaks.org/hackingteam/emails/emailid/25607#efmBTaBTh
> Below research points remain outstanding ... 
> VECTORS Â Offline: Infection or UEFI keys bootable (Antonio) Â The key infected will drop' in turn one scouto Infecting USB device that looks like boot disk (+ Giovanni Antonio) Â will drop ' the scout and then will carry out 'a wipeo Infection Tails USB (Antonio) Â The infection will take place' in runtimeo New NTFS driver for UEFI infection (Antonio) or persistent infection on OSX and UEFI signed...
> by translate.google.com but obviously not precise but concerning nonetheless.
> Robert
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to