[Dailydave] Modchips of the State [ CCC December 2018 talk by Trammell Hudson ]

[Dave Aitel]

Ok so this was a good talk. He started off with why it would be difficult
to do things in a factory, although everything he noted (which were
protestations from a manufacturer) seemed pretty overcome-able. For example
"We have our own employees on site checking for security issues such as
this" - makes me think:
1. How much attention can they really pay to this level of detail
2. How do you know your employees really are your employees?
3. Has this process ever caught anything?

Also how hard would it really be to hide a component from an XRay? Seems
like you just put a tiny lead coat on it like at the dentist?

His best line was "We know it's possible both because the NSA has
apparently done it, but also because I'VE done it." after which he goes on
to discuss how he did it.

Offense IS super hard, but every time people say it's "unlikely" or
"impossible" I think about this beetle that eats toads that eat beetles:
https://www.wired.com/2016/01/absurd-creature-of-the-week-this-toad-isnt-eating-a-bug-the-bug-is-eating-it/
. I mean the general rule is that if it's POSSIBLE then a state-level
attacker (or teenager) is doing it, right?


-dave


On Sat, Dec 29, 2018 at 11:55 AM Arun Koshy <arunkoshy at gmail.com> wrote:

> check:
>
> https://media.ccc.de/v/35c3-9597-modchips_of_the_state
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.immunityinc.com/pipermail/dailydave/attachments/20190102/8aa646cb/attachment.html>