Fact 1: Hacking Team could only infect a simple BIOS firmware of some Asus notebooks, because those didn't check for signature. Hacking Team did not have a valid certificate for the Microsoft certificate chain in every mainboard to bypass secure boot.
Fact 2: You can always replace the Tails boot medium with your backdoored Tails boot medium. Fact 3: You could always have an 0day in Tails' software and somehow get around the sandbox to extract information from the currently running Tails. Fact 4: Browser-exploiting an OS which routes only via Tor is almost impossible, you would need to MITM the currently used exit node and correctly identify the HTTP session or hack a server the target frequents. Hacking Team didn't design anything new, all of their "sophisticated infection vectors" are basic shit. Just carry your Tails medium with you all the time and you are immune to those amateur "hackers". I honestly hope Hacking Team gets to sign their own UEFI bootloader with a valid certificate. Ofc it will leak someday and have a lot of bugs, which can be used to side boot your own unsigned UEFI code. Then we can finally throw all that trusted boot bullshit into the trash it belongs. Certificate revocation list updates for mainboards will be almost non-existant, when was the last time one of your non-hacker friends updated their BIOS? I wrote: > > https://wikileaks.org/hackingteam/emails/emailid/25607#efmBTaBTh > > Below research points remain outstanding ... > > VECTORS · Offline: Infection or UEFI keys bootable (Antonio) § The key > infected will drop' in turn one scouto Infecting USB device that looks like > boot disk (+ Giovanni Antonio) § will drop ' the scout and then will carry > out 'a wipeo Infection Tails USB (Antonio) § The infection will take place' > in runtimeo New NTFS driver for UEFI infection (Antonio) or persistent > infection on OSX and UEFI signed... > > by translate.google.com but obviously not precise but concerning nonetheless. > > Robert > > > -- tor-talk mailing list - [email protected] To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
