The original White Hat
[index][src]

Sun Apr 27 20:25:48 UTC 2008

Hostile control of your computing environment

--

There is a sort of “standard paranoia” that a government is theoretically asking itself :- given that Microsoft is an American corporation, how can we trust our computing infrastructure if the American government and Microsoft conspire to “switch us off”?

Well, how could this be achieved? Let's have a look at some of the possible methods …

  1. There is already a ‘remote callback’ covert control channel
  2. An automatic Update will establish a covert control channel
  3. A manually-installed component will establish a covert control channel

These three all rely on some form of covert channel to be in place. Whereas the data flow for this would have to be inbound to the organisation, the command flow could be the opposite. There is no way that the channel could be detected while in use; therefore your only detection opportunity is a complete code analysis, or very strict execution profiling. Both of these are pretty much impossible in a closed-source vendor situation.

If there is already a covert channel in place, you cannot prevent it from being triggered. Detecting the establishment of a covert channel within an update or patch is much more tractable, especially when looking at technologies such as the automated exploit generation research recently announced. However, detecting establishment within the install of an elective addition, such as “Office 2007”, would tend much further towards the impossible.

So, the basic answer to the question is “yes, you could be 'switched off'”. You may choose to doubt that the facility exists (I think that is the correct position to take, as even in security you should remember that malice isn't necessarily the prime mover), but you can't doubt that it is plausibly possible even with pre-existing resources.

Would you be any better off switching to an open-source solution, where you are capable of deep inspection of the source code that your infrastructure is built from? Well, yes – if you are capable of such a large software assurance task in the first place. If you aren't capable of such assurance, you could hope that “many eyes make bugs shallow” … but that is a very weak point at the best of times for this sort of work.

blog comments powered by Disqus --