[Tails-dev] BIOS attack

Supprimer ce message

Répondre à ce message
Auteur: james.john.jones
Date:  
À: tails-dev
Sujet: [Tails-dev] BIOS attack
Excuse me - I have joined this group to discuss what may have been a 'high end' BIOS attack.
I am presuming that this group contains the most knowledgeable people.
I need that.

While the scenario outlined below is very 'Grand Jeu' I will not be at all surprised to learn that you believe this to be a hack.

---------------------------------------

This is exactly what happened:

Laptop circa 2011 (bios date)
AMD DCP C-50
Tails 3.5 loaded from a USB drive

At a friends - laptop on the table in kitchen (pre-arranged over the phone).
Workmen are doing jobs.
(The IP box can give the WiFi connection at the press of a button)  ;)

A Libre Office doc saved in the session - other docs saved on a mounted removable drive.

One worker comes in the kitchen - he starts tapping away on his mobile (just 3 meters away).

Note - he has no need to be in the kitchen to get a signal - the walls are thick, so outside would be better (if you don't have the wifi code).

He makes a final tap, and walks... and my pc shuts down.
Some code appeared, but it shut down.

Obviously it could be coincidental; but I'm sick of frigging coincidences.
The shutdown was simultaneous to his final tap on his mobile.

---------------------------------------------

Post reboot - no apparent problems, other than it seemed to take slightly longer to log into accounts.
I carried out my communications.

A day later, I posted an email to tails-support-private@??? (on this question).
I received no reply.

Researched  BIOS attacks, and checked my bios version.
https://www.schneier.com/blog/archives/2015/03/bios_hacking.html

Talk of :
"Their exploit turns down existing protections in place to prevent re-flashing of the firmware, enabling the implant to be inserted and executed.
The devious part of their exploit is that they've found a way to insert their agent into System Management Mode, which is used by firmware and runs separately from the operating system, managing various hardware controls. System Management Mode also has access to memory, which puts supposedly secure operating systems such as Tails in the line of fire of the implant."




Also:

"The method used to get at the BIOS then allows the likes of GCHQ et al to get at other modifiable ROM in the likes of HDs, Sound Chips, Network cards and other "below the OS" areas.
Having done this they can then put the main BIOS back the way it was, so that it's harder to find what they have been up to."

---------------------------------------------


Rebooted to Tails.
Tails warns: can't check for upgrades.

Tutanota mailbox warns: Couldn't connect to server - it seems like you are offline.
But I was online, and could see my mailbox.
---------------------------------------------

First thing is:
Have you received this mail?
Could someone respond, to confirm this?

Does it seem likely that I have been hacked?
Is there any way of knowing eg. running tests?
If it has been hacked - is the laptop now unusable?
If I was hacked - have they got everything that I've done since that point (and the data off my drives)?

I'm cool either way.
What's done is done; but I'd rather know

BTW, I tried to get a riseup email, but it kept demanding an invite code.
Anyway, I figured that I first need to check with you guys re my current status, before doing anything else.

 Thanks :)

--
Securely sent with Tutanota. Claim your encrypted mailbox today!
https://tutanota.com