Hardware implants go beyond just sending packets out your network card. They have transceivers that let agents control or snoop the device from a distance using RF.
You need to scan the hardware with RF equipment to be sure. Good luck! > On Jul 2, 2019, at 12:27 PM, Misc User <open...@leviathanresearch.net> wrote: > >> On 7/2/2019 12:43 AM, John Long wrote: >> On Tue, 2 Jul 2019 10:07:59 +0300 >> Mihai Popescu <mih...@gmail.com> wrote: >>> Hello, >>> >>> I keep finding articles about some government bans against some >>> hardware manufacturers related to some backdoor for espionage. I know >>> this is an old talk. Most China manufacturers are under the search: >>> Huawei, ZTE, Lenovo, etc. >> It seems painfully obvious what's driving all the bans and vilification >> of Chinese hardware and software is that the USA wants exclusive rights >> to spy on you and won't tolerate any competition. >> Does anybody think maybe the reason Google and Facebook don't pay taxes >> anywhere might have something to do with what they do with all that >> info they collect? Is the "new" talk about USA banning any meaningful >> encryption proof of how seriously they take security and privacy? >>> What do you think and do when using OpenBSD on this kind of hardware? >> Lemote boxes are kinda neat but they're not the fastest in the world. >> It beats the hell out of the alternatives if you can live with the >> limitations. >>> Do you prefer Dell, HP and Fujitsu? >> Your only choice is probably to pick the least objectionable entity to >> spy on you. If you buy Intel you know you're getting broken, insecure >> crap no matter whose box it comes in. Sure it runs fast, but... in that >> case everybody is going to spy on you. >> /jl > > Assume everything is compromised. Don't trust something because someone > else said it was good. Really, the only way to test if a machine is > spying on you, do some kind of packet capture to watch its traffic until > you are satisfied. But also put firewalls in front of your devices to > ensure that if someone is trying to spy on you, their command and > control packets don't make it to the compromised hardware. > > Besides, subverting a supply a hardware supply chain is a difficult and > expensive process. And if there is one thing I've learned in my career > as a security consultant, its that no matter how malevolent or > benevolent a government is, they are still, above all, cheap and lazy. > And in a world where everything is built with the first priority is > making the ship date, there are going to be so many security flaws to be > exploited. So much cheaper and easier to let Intel rush a design to > market or Red Hat push an OS release without doing thorough testing and > exploit the inevitable remote execution flaws. > > Or intelligence agencies can take advantage of the average person's tendency > to laziness and cheapness by just asking organizations like Google, Facebook, > Comcast, Amazon to just hand over the data they gathered in the name of > building an advertising profile. >
