Author: Simon Hobson Date: To: Liste, DNG Subject: Re: [DNG] keys & subsystems
Arnt Karlsen <arnt@???> wrote:
> ..or "make do with whatever you have onboard" in new "creative" ways.
>
> ..people has played music on printers and harddisks produced to print
> oud documents and store data, by hacking them in new creative ways,
> for decades.
Yes, but that's someone with access to the hardware doing it - and hardly a general purpose way of communicating without the user realising. IMO this thread has strayed rather a long way into tinfoil hat territory ...
However, there is a practical (or at least, possible) way for a storage device (eg SSD) to "phone home". Since it holds the bootloader and the OS, then in theory it could examine the contents of that, and feed in it's own shim before the main OS and sit there as this undetectable layer between the OS and the hardware, or just add in it's own bit of code to the OS (though code signing might break with that).
That would probably work as a very targeted attack (and lets be honest, if you are of that much interest to the TLAs then you have bigger problems to worry about) where the target environment is well understood, but in the general case I think it would be more work than is justified. Just think of all the compatibility issues it would be likely to cause - getting that model of drive a bad reputation for crashing the systems. Even where it's a highly targeted attack, it would almost certainly be easier to simply "borrow" your laptop and copy the data from it than it would be to somehow persuade you to buy and fit a compromised new SSD !
At some point you have to put the paranoia on hold and get on with life ;-)