An adage of computer security: Direct access to a
machine = no security. (paraphrased and grossly simplified here.)
I feel this extends to surveillance of this type: the threat seems much less important if it can only be conducted when access to the individual is already required.
Say we’ve followed some chap around and identified this issue with his phone or watch etc - and we can then keep tracking this chap on the proviso that we are nearby to confirm an ID, he has those items with him and we have our sensors ready and waiting.
If you’re not expecting it back they’ll wait until an exploit exists or copy it encrypted and wait. Example: I held a broken PS3 my friend and I promised I’d return him (he broke the Blu-ray, so he couldn’t play games) once a hack existed. Hack was released, and he copied the games he had onto the PS3 HDD. The encrypted disk will probably have (hardware) exploit eventually, or they’ll hold onto it until there’s a quantum crack.
“Hold onto it until there’s a quantum crack” is the same as it being secure. That’s far more secure than it being online, decrypted, and attached to the Internet like most phones and computers now.
I give an encrypted laptop/ machine and I want the other party to prove that having access to the device = no security and so they can read data out of it.
No if, no but: I give the machine, show me that having it=no security.
I think what is implied is that if an attacker has direct access to your machine and that you continue to use it they'll implant some kind of keylogger and get to your data this way.
Now if you don't get the laptop back, your data is as secure as the encryption implementation of your OS.
I'd bet it's secure enough against anything that is not the NSA / equivalent foreign agencies. Now would I bet against those big players? Certainly not.
> I'd bet it's secure enough against anything that is not the NSA / equivalent foreign agencies. Now would I bet against those big players? Certainly not.
Which is another shortcut that boils down to saying "nothing is secure".
I'm not saying nothing is secure, I'm saying that there's no way to be sure.
Even if the math is bulletproof, are you sure the software implementation is bulletproof too?
Even then, maybe there's something in your hardware that defeat the whole thing, who knows?
When the stakes are so high that this kind of agencies are trying to get your data, that would be a risky bet to assume they won't be able to crack your encrypted partition.
I'm pretty sure if you ask them nicely to give you a few of their old encrypted hard drives they wouldn't comply. Why not?
No, this reasoning doesn't convince me because it's still "but what if". Like when people keep on telling we just have to travel the stars to planet B and it's possible because maybe we'll pretty soon discover FTL.
> When the stakes are so high that this kind of agencies are trying to get your data, that would be a risky bet to assume they won't be able to crack your encrypted partition.
I do agree. Even if I knew the NSA was after me and I knew how to secure my laptop with custom Libreboot and other things I strongly believe the laptop should not be used to discuss matters or store data related to activities that got the agency on my back. I will do an humane error and compromise myself before they need to use strong tech against my laptop.
I think that's what (paraphrased and grossly simplified here.) means.
In most cases the adversary would choose to use their physical access at a time when you will use it again afterwards, so they could install a hardware keylogger. Cases where you will never use the machine again are more the exception than the rule.
It wouldn't be infeasible for the intelligence services to require
Intel to pre-install a keylogger into the ME of every unit sold to the
public. Should we assume adequate precautions on your part?
Never heard of it? On x86 he’s not wrong, Intel ME and AMD ST are enabled in mobo and Intel ME run another secret minix OS that bypasses all your security.
>The Intel Management Engine always runs as long as the motherboard is receiving power, even when the computer is turned off. This issue can be mitigated with deployment of a hardware device, which is able to disconnect mains power.
>The Intel ME is an attractive target for hackers, since it has top level access to all devices and completely bypasses the operating system. The Electronic Frontier Foundation has voiced concern about Intel ME and some security researchers have voiced concern that it is a backdoor.
> Intel's main competitor AMD has incorporated the equivalent AMD Secure Technology (formally called Platform Security Processor) in virtually all of its post-2013 CPUs.
You can buy boards with it disabled, some Dell devices have the option to disable it, some flashing can be done on mobos to clear ME unofficially, but assume everything has it unless you only otherwise.
It changes the scope from "access to device = no security" to "access to device by NSA people with a very specific set of skills and most likely some prep work = no security" and I won't fight it, it's right. Not possible for the random HN user though and it still means some very specific circumstances.
Circumstances that need someone to compromise my laptop at some point after it got out of the factory. From reading the Wikipedia article it's not clear ME leaves a backdoor or store user passwords or keys somewhere on the computer in case an NSA agent needs to access data.
I think my encrypted devices are safe, unless the NSA or a nation state wants its data.
Hmm. Seems you need to enable ME in my laptop BIOS.
Can it be easily done if the BIOS is locked down ?
And then what's the next step ? You start the laptop, give it an IP through MAC address on the router or direct Ethernet link, connect to ME but how do you get to the data off of the encrypted partition/OS ?
I feel this extends to surveillance of this type: the threat seems much less important if it can only be conducted when access to the individual is already required.
Say we’ve followed some chap around and identified this issue with his phone or watch etc - and we can then keep tracking this chap on the proviso that we are nearby to confirm an ID, he has those items with him and we have our sensors ready and waiting.
Like… why not just follow the guy then.