Re: [Tails-dev] Hacking Team looking at Tails

Delete this message

Reply to this message
Author: intrigeri
Date:  
To: tor-talk, tails-dev
New-Topics: Re: [Tails-dev] Hacking Team looking at Tails
Subject: Re: [Tails-dev] Hacking Team looking at Tails
Hi,

[redirecting this discussion to tails-dev@???, which is more
suitable for this discussion => please drop tor-talk@ from the list of
recipients when replying -- thanks!]

I wrote (12 Jul 2015 13:06:15 GMT) :
> https://wikileaks.org/hackingteam/emails/emailid/25607#efmBTaBTh


> Below research points remain outstanding ...


> VECTORS · Offline: [...]


> by translate.google.com but obviously not precise but concerning nonetheless.


I got a translation made by a native speaker who's skilled in this
area, quoting it below with my notes+todo inline.

$native_speaker wrote:
> [EN] Below the feature that will be deployed for RCS10. The release is
> expected for [... not sure what does it means ...] (October)


> VECTORS:


> Offline:
> o   Infection of bootable usb keys from UEFI (Antonio)$ The infected usb
>     key will drop (release) a scout itself.


This seams to mean that a corrupted UEFI firmware would modify a Tails
device plugged in the machine to infect it. To me it looks like it's
part of "Tails can't protect against compromised hardware", modulo
nitpicking wrt. whether firmware is software (which is correct
strictly speaking), or a mere part of the computer hardware (which is
also correct, from the PoV of a Tails system, as it's pre-existing to
Tails starting). We have WIP to clarify our documentation in
this respect.

> o   Infecting USB device which appears to be a bootable disk (Antonio +
>     Giovanni)§ It will drop (release) the scout, then it will run
>     a wipe.


Seems to be the same, but from a running and already infected
non-Tails OS, when a Tails USB stick is plugged in it. That's more
concerning. We should check if we're communicating clearly enough
that:

* the OS used to install or upgrade a Tails device can corrupt it
* plugging one's Tails device in an untrusted OS is dangerous

> o Infection of Tails USB (Antonio)$ The infection will occur at runtime


This seems to mean an running Tails infecting its boot device.
Totally unclear if they had any remote idea of how to implement that,
back then. Not much we can do about it that is not on our hardening
milestone already, I guess.

> o New NTFS driver for UEFI infection (Antonio)
> o Persistent infection also on OSX and signed UEFI (Antonio)


> Network Injection:
> o New set of external antennas for the TNI (Andrea)
> o Creation o a mini-TNI (Andrea)$ transportable by a drone, without
> any melting constraints
> o Creation of a micro-TNI (Andrea)$ HW of a mobile $ It will have a
> subset of the functionality


Cheers,
--
intrigeri