Tag: Firmware

Categories
Links

Cybersecurity and White Labelled Android Devices

Trend Micro has a nice short piece on the challenges of assessing the security properties of various components of Android devices. In short, white labelling incentivizes device manufacturers to invest the least amount possible in what they’re building for the brands that will sell devices to consumers. Trend Micro included this very nice little mention on the shenanigans that firmware developers can get up to:

Firmware developers supplying the OEM might agree to provide the software at a lower cost because they can compensate the lost profit through questionable means, for example by discreetly pre-installing apps from other app developers for a fee. There is a whole market built around this bundling service with prices ranging from 1 to 10 Chinese yuan (approximately US$0.14 to US$1.37 as of this writing) per application per device. This is where the risk is: As long as the firmware, packaged apps, and update mechanisms of the device are not owned, controlled, or audited by the smartphone brand itself, a rogue supplier can hide unauthorized code therein.1

While the authors suggest a range of policy options, from SBOMs to placing requirements on device transparency before administrators ‘trust’ devices, I’m not confident of these suggestions’ efficacy when taking a broader look at who principally uses white labelled devices. There are economics at play: should all devices have increased input costs associated with greater traceability and accountability then it will place financial pressures on the individuals in society who are most likely to be purchasing these devices. I doubt that upper-middle class individuals will be particularly affected by restricting the availability of many white labelled Android devices but such restrictions would almost certainly have disproportionate impacts on less affluent members of society or those who are, by necessity, price conscious. Should these individuals have to pay more for the computing power that they may depend on for a wide range of tasks—and in excess of how more affluent members of society use their devices?

Security has long been a property that individuals with more money can more easily ‘acquire’, and those who are less affluent have been less able to possess similar quantities or qualities of security in the services and products that they own. I understand and appreciate (and want to agree with) the Trend Micro analysts on how to alleviate some of the worse security properties associated with white labelled devices but it seems as though any such calculation needs to undertake a broader intersectional analysis. It’s possible that at the conclusion of such an analysis you still arrive at similar security-related concerns but would, also, include a number of structural social change policy prescriptions as preconditions that must be met before heightened security can be made more equitably available to more members of society.

  1. Emphasis added. ↩︎
Categories
Humour

‘Breakthrough’ NSA spyware shows deep grasp of makers’ hard drives

‘Breakthrough’ NSA spyware shows deep grasp of makers’ hard drives:

The espionage program appears to be fairly targeted, said Chris Parsons, an expert on state surveillance tools with the University of Toronto’s Citizen Lab.“This is what we can count,” a Kaserpsky spokesperson said. “Because of [the] self-destroying function of the malware, the number [of victims] could be much higher.”

“Realistically, that’s a comparatively small number when you look at the global population of computers that are sold,” Parsons said.

Canada was not identified as one of the nations that has been targeted by the tampered hard drives.

What is firmware?

Firmware is software that enables a computer to perform its basic functions, Parsons explained.

“It’s essentially the operating code that runs the devices in your computer,” he said. “Think of it as the base code that’s used to run the hardware. Once the firmware is running … all the pieces of your computer get activated and are able to function.”

Kaspersky’s analysis suggests the spyware could work on popular hard drives manufactured by Western Digital, Seagate Technology, Toshiba, IBM, Micron Technology and Samsung.

“The value of getting in before everything else loads is you can influence what loads, how it loads, when it loads, and the value is much higher than if you waited until the operating system booted up,” Parsons said.

That’s because most anti-virus programs tend to be designed to take action following the loading of firmware. This particular program, however, would be “masked” in the firmware.

Which users might be affected by this?

Parsons points out that so far all the malware collected has been designed to work with Microsoft Windows.

One of the characteristics of this malware was to modify the sensor instructions to make the changes to the firmware “almost impossible to detect,” Parsons explained.

“So by the time you go to boot into Windows, it’s already compromised, and this has been hidden for at least eight to 14 years,” he said.

Parsons anticipates hackers will be emboldened by the report’s findings.

“By now knowing the kinds of attacks possible, you can be certain that other actors will now try to emulate and copy what we’ve seen here,” he said. “The risk of copycats is now much more likely.”