Is it possible for corps to spy on users using hidden hardware or something like that...

TheNordVPNIssueGuy · October 18, 2019, 3:31am

I had this idea a while back, I searched about it and all I got was a small chip China used in some servers (Btw good for china, because I think they used it in big-corp/government servers!) It didn’t answer me though.
Basically what I had in my mind is something like this:
Some sort of hidden chip or something in like all electronic devices which can spy on users. (99% don’t know about such chip)
e.g. a small chip which has networking abilities and a microphone and stuff like that which can be used to spy on us.
In this scenario it can be either: 1.the chip sends and receives stuff without using any other piece of hardware. or 2.it uses other hardware e.g. a smart phone camera to do the bullshit things it does.

If there is such thing in only a few devices and not all, it can still leak stuff about people like us and f* every effort we make in trying to be anonymous! Obviously even for non-anon people this is a big concern.
I had this idea when I was typing something and suddenly my Apple keyboard disconnected! (Described in another topic in Support section) then I though maybe Apple is watching everything I type with some sort of firmware or chip inside the keyboard and sends it to Apple maybe without even using my internet connection! and maybe Apple is trying to warn me or something!! (!#~ uwk,wtir)

Technically and theoretically this can be possible, and it’s very much likely and expected from the likes of Apple! I do know that it can also be a false and stupid idea! But c’mon, is it really? with the world we live in?

Surely I didn’t explain everything about this theory, but I think you got what I mean.

Patrick · October 18, 2019, 7:00am

Is it possible for corps to spy on users using hidden hardware

Yes.

Unwanted stuff built into most processors by default nowadays, potential for abuse, see:

anonytor · October 18, 2019, 6:53pm

The ominous implement known as the “Intel Management Engine” that uses the “V-pro” interface satisfies those criteria nicely.
Now to be fair there has not been a documented case of this apparatus being caught overtly spying on a user, BUT just the fact that it operates independently of the operating system and has its own networking stack that is unreachable by any firewall should be enough to give any security and privacy concerned person pause. It is also completely closed source and signed by Intel’s 2048 bit key so reverse engineering is not really viable. There exists software that says it removes some partitions of the ME to render it neutralized, however the risk of ruining your machine is high and implementation is not trivial at all.
I don’t like it. And I do not think it needs to be there. The fact that the ME is tied to the boot process is disturbing also because simply removing the engine leaves you with an un-bootable brick. All modern Intel “Core” i-series hardware will have an ME. Some also have V-pro, and some do not; it is model dependent. Some good news is that many UEFI interfaces allow the owner to toggle the V-Pro on or off if its installed
Bottom line is it just adds more unnecessary attack-surface that can be exploited by bad actors.
A good faith gesture from Intel would be for them to make their ME software open-source so I can review the code and see for myself. It would be very easy for them to add this to their existing Github repo.
So that is one example of this type of software from Intel. AMD has something similar also, but I do not remember what it is called

TheNordVPNIssueGuy · October 21, 2019, 12:32am

Great!
You mean I have to buy open-source hardware in order to be 99.99% anonymous?
And also, all the stuff you guys mentioned, do they mean that all the effort we make (Tor, Whonix and everything) can be bypassed with the Intel ME etc. ?
Now that I’m thinking about it, my keyboard hasn’t been disconnecting since I posted this stuff here!! coincidence? I hardly doubt that! I wont be surprised if my keyboard starts disconnecting again after this post! (Apple trying to tell me something…) I know, I might be paranoid, but you don’t live my life. If you were me I can assure you that you would’ve had the same suspicion.
All of this proves my theory. Thanks guys, for your answers.

Patrick · October 21, 2019, 5:20am

I am not how much that even that would help since it very much depends on the threat model, adversary capabilities, adversary activities and counter security measures employed. Under some threat models it doesn’t help to have a super secure endpoint if all Tor relays and most servers and others on the internet are only “normal secure” and compromised.

Yes. Hardware beats software.

Keylogging is a trivial task if an attacker reached remote code execution on a target system.

Quote The Invisible Things Lab's blog: Playing with Qubes Networking for Fun and Profit

One application can sniff or inject keystrokes to another one, can take snapshots of the screen occupied by windows belonging to another one, etc.

If you don’t believe me, I suggest you do a simple experiment. Open a terminal window, as normal user, and run xinput list, which is a standard diagnostic program for Xorg (on Fedora you will likely need to install it first: yum install xorg-x11-apps):

$ xinput list

It will show you all the pointer and keyboard devices that your Xorg knows about. Note the ID of the device listed as “AT keyboard” and then run (as normal user!):

$ xinput test id

It should now start displaying the scancodes for all the keys you press on the keyboard. If it doesn’t, it means you used a wrong device ID.

Now, for the best, start another terminal window, and switch to root (e.g. using su, or sudo). Notice how the xinput running as user is able to sniff all your keystrokes, including root password (for su), and then all the keystrokes you enter in your root session. Start some GUI app as root, or as different user, again notice how your xinput can sniff all the keystrokes you enter to this other app!

Quote File tried to open on its own (within Workstation) - #6 by Patrick

Malicious: unlikely. […] malicious activity cannot be noticed in trivial ways. See:
Malware, Computer Viruses, Firmware Trojans and Antivirus Scanners

If you don’t believe that, look videos about Trojan horses etc. Malware is also “just another” commercial product or even open source. Therefore their usage, capabilities etc. are described like in advertising material for other products.

At no point the victim of a torjan horse will trivially notice it. There is zero reason for already memory resident malware to mess with fonts or to open links. Malware which allows to remotely control a victim machine is similar to an SSH / VNC session - just that the victim cannot easily know that an SSH / VNC session is running. Similar as for SSH there is no reason to mess with fonts, there is no reason to mess with fonts by malware.

Except. The attacker wants the victim to notice something. Zersetzung