According to researcher Georg Wicherski has physical access to laptops and other devices at the border or in hotel rooms always been a way for intelligence services to gather information. With the introduction of full disk encryption, it was necessary for the service to apply firmware and hardware implants and to gain access.
The answer to this was the use of disposable data without hardware. Eg laptops that could be thrown away after the trip."Unfortunately, not everyone is a target which is a director and the budget for each trip to buy a new laptop," said Wicherski.The researcher works for security firm Crowd Strike and is co-author of the Android Hacker's Handbook.
Chromebook
This week demonstrated it at a conference in Finland solution, namely an inexpensive disposable laptop based on a Chromebook. Across Vice Magazine Wicherski says that he deliberately chose a Chromebook because they are relatively inexpensive. They are also compatible with Core Boot, opensource firmware. This gives the user more control over the booting process of the laptop, and can thus check that during charging no malware is active.
Every Chromebook itself better protect against attacks can be a pin of the SPI flash memory is removed, the chip containing the BIOS. By removing the pin, the chip 'read-only' and put an attacker can not easily make adjustments. "By using Core Boot, that really the first that runs on your processor, and then as slowly as possible to take control, then for every subsequent step to use cryptographic signatures, it becomes much harder for an implant develop."
Regarding ChromeOS that by default on the Chromebook runs chooses Wicherski sure to replace it by Arch Linux. Due to the tinkering and the required knowledge of the boot process to be disposable laptop is not suitable for everyone, give the researcher. It is also not a panacea. "It only protects against software and firmware implants that are added to the border, and it prevents some hardware implants." Yet users still need to encrypt their communications, otherwise they are vulnerable to software attacks, Wicherski decision.
No comments:
Post a Comment