Hardware backdoor / violation / malware / spyware risks after purchase

[Jan Jaap]

In the light of recent discoveries and worries about Government hardware backdoors that are being forced into hardware by law in some countries (Wikileaks Vault 7, Intel ME / AMD PSP God backdoor etc.), I was wondering what risks there are that the hardware of a BeagleBone is tampered with by a distributor / Government, or that it contains (hardware) backdoors.

Is it possible to know with 100% certainty that a purchased BeagleBoard is free of hardware backdoors / tampering?

[Chris Green]

Jan Jaap <in...@optimalisatie.nl> wrote:
> [-- multipart/alternative, encoding 7bit, 54 lines --]
>
> [-- text/plain, encoding 7bit, charset: UTF-8, 17 lines --]

If it's not connected to the internet the backdoor won't open anywhere
will it! Also, usually, one has control over whatever device (router
or whatever) there is between the BBB and the internet if it *is*
connected so you can monitor what is going back and forth.

--
Chris Green
·

[Peter Lawler]

Your Subject talks "after purchase" but your Body suggests before.

Either way, solution is pretty much the same.

As the design files are available, fab your own from the ground up. And by that I mean own the fab plant n stuff, buy an ARM license, get an engineering degree, implement the chip, build a pick and place box, etc etc

How else can anyone "verify" any hardware that is shipped? No, such a suggestion for anything involving complicated ICs is arrant nonsense.

P.

On 27 Mar. 2017 05:54, "Jan Jaap" <in...@optimalisatie.nl> wrote:

In the light of recent discoveries and worries about Government hardware backdoors that are being forced into hardware by law in some countries (Wikileaks Vault 7, Intel ME / AMD PSP God backdoor etc.), I was wondering what risks there are that the hardware of a BeagleBone is tampered with by a distributor / Government, or that it contains (hardware) backdoors.

Is it possible to know with 100% certainty that a purchased BeagleBoard is free of hardware backdoors / tampering?

--
For more options, visit http://beagleboard.org/discuss
---
You received this message because you are subscribed to the Google Groups "BeagleBoard" group.
To unsubscribe from this group and stop receiving emails from it, send an email to beagleboard+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/beagleboard/17667d26-3455-45b2-9342-c38b8dd154a9%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[William Hermans]

https://wiki.debian.org/SELinux

It would be very hard for this to happen without some one seeing this, and posting all over the internet about it. This sort of thing happens more often than some realize. Take the Sony rootkit situation years ago, that was posted all over the internet, and the bad publicity Sony had to endure over it. Not to mention I seem to recall all the lawsuits they had to endure as well. https://en.wikipedia.org/wiki/Sony_BMG_copy_protection_rootkit_scandal All this, because they thought that invading others rights, to protect their IP was a good thing . . .

As I said though this sort of thing happens more often than most realize, but it will always be discovered. There are some really smart people out there in the industry that would love to find such a situation.

To view this discussion on the web visit https://groups.google.com/d/msgid/beagleboard/CAG73kvUSSrrYM8ZhaxEcNzv%3Dg%2BZtUF-5S6mXwzUORVEyY7n28A%40mail.gmail.com.