productSHOWCASE
analogZONE
acquisitionZONE
audio/videoZONE
highpowerZONE
lowpowerZONE
rlcZONE
wirelessZONE
binaryZONE
dspZONE
programmablelogicZONE
designDEN
connectorZONE
designDEN
toolsZONE
greenZONE
greenpowerZONE
greentechZONE
networkZONE
connectivityZONE
networkZONE
test&measurementZONE
engeniusBLOG
referenceZONES
eventCALENDAR
productARCHIVE
technoteZONE
siteARCHIVES
bookREVIEWS
dennisARCHIVE
editorialARCHIVE
reportsARCHIVE

dspZONE Archive of engeniusBLOG

Paranoid Delight

Jun 16, 2008 at 00:00
I try hard to avoid getting wrapped up in conspiracy theories and worst-case scenario thinking but the little I know about technology and human nature sometimes gets the better of me. It’s been even harder than usual to suppress my tinfoil hat tendencies the last few weeks as I stumbled on a few items that have kicked my paranoia muscles into involuntary spasms.

It all started out when Pete, my long-time buddy and fellow-wingnut tech freak, sent me the following e-mail:

Hi Lee:

On Saturday's edition of NPR's "Wait, Wait, Don't Tell Me", the story was told of how a White Plains, NY woman had her laptop stolen and then recovered it. Somehow she monitored internet traffic until her IP address showed up as active, then logged on to her laptop remotely and used the built in camera to photograph the perps. She downloaded the photos and shared them with the police who recognized the perp and arrested the man.

 Sooo, do you think the NSA can remotely log on to computers and photograph their users? Do you think they would like to have a photo of who is on the other end of every IP address? I think they would like that but they'll have to search another address for a picture of Pete. Since this iMac was new (August 2007 I have kept a u-shaped piece of paper draped over the camera lens thinking that this situation was in fact possible. And now we know it is.

The audio recording is here. To hear it, click on "Lightning fill in the blank," and fast forward to 5:25 where Peter Sagal starts telling the story.

If you find that this story is covered by other media, please forward it to me. I take on-line anonymity seriously.

thanks,

Pete

After asking a few folks who are a bit more computer savvy than me, it seems that there are several ways to trick an unsuspecting computer into spying on its owner. The most obvious technique would be to create an attractive web site that uploads some Java code to a visitor’s computer, which in turn loads an applet that can switch on the web cam and/or microphone and make its IP stream available.

The other relatively simple way would be to use a web site or an e-mail to insert a small piece of code that would enable the computer remote access functions which could be used to activate the web cam. It’s quite possible to set up a remote log-in so that it’s not immediately noticeable by the computer owner which would go undetected unless you were actually looking for it.

While anti-spyware, intrusion detection, and other security software should theoretically be able to stop such attacks, I think I’ll follow Pete’s advice and make sure my web cam and microphone are only physically-connected to my machine when I have need of their services…

Paranoia stuck again later this week when I stumbled on Sally Adee’s “The Hunt for the Kill Switch." This fascinating article in IEEE Spectrum documents the growing concern over the possibility of hidden override functions embedded in processors and other commercial silicon that could be used to disable the systems they are supposed to be controlling. Given how complicated it would be to tuck a so-called "kill switch" into a DSP or control processor, I was more than a little dubious about whether anyone had ever done it, let alone come up with ways to activate it when its host chip was buried deep within a piece of equipment.

Now, after reading the article, I have begun to see why the Defense Department runs the Trusted Foundries Program to try to ensure an unbroken supply of secure microchips for the government. But while that program might insure that the processors that go into the mission-critical modules in our frontline fighters and battle tanks are aboveboard; what about the commercial chips that sit on the motherboards and blades of the off-the-shelf networking equipment that sits in every command post and communications room of our military?

Even if some clever soul could not slip a kill switch or traffic tap into a commercial router chip, it’s not inconceivable that they could identify inadvertently-created back doors and security flaws by simply buying a few units and carefully tearing them down. Given the huge budgets currently being allocated to cyber-warfare by China, Russia, and several other tech-savvy nations, such a scenario is a real possibility. Let’s just hope we don’t discover our equipment hasn’t been reverse-engineered at the most inconvenient possible time.

Comments? Questions? Other thoughts on technology that keeps you up at night waiting for a call at 3 AM?

Write me at lhg at en-genius dot net, or post your comments on our blog.

Posted in dspZONE | 0 Comments

Leave a Comment

Anti-Spam Security Image
Security Image
 If you are unable to read the code, please
click here to load a new code.
Please enter the code in the above image
into the text box below.

 
Archives
Categories