[personal profile] mjg59
So the CIA has tools to snoop on you via your TV and your Echo is testifying in a murder case and yet people are still buying connected devices with microphones in and why are they doing that the world is on fire surely this is terrible?

You're right that the world is terrible, but this isn't really a contributing factor to it. There's a few reasons why. The first is that there's really not any indication that the CIA and MI5 ever turned this into an actual deployable exploit. The development reports[1] describe a project that still didn't know what would happen to their exploit over firmware updates and a "fake off" mode that left a lit LED which wouldn't be there if the TV were actually off, so there's a potential for failed updates and people noticing that there's something wrong. It's certainly possible that development continued and it was turned into a polished and usable exploit, but it really just comes across as a bunch of nerds wanting to show off a neat demo.

But let's say it did get to the stage of being deployable - there's still not a great deal to worry about. No remote infection mechanism is described, so they'd need to do it locally. If someone is in a position to reflash your TV without you noticing, they're also in a position to, uh, just leave an internet connected microphone of their own. So how would they infect you remotely? TVs don't actually consume a huge amount of untrusted content from arbitrary sources[2], so that's much harder than it sounds and probably not worth it because:

YOU ARE CARRYING AN INTERNET CONNECTED MICROPHONE THAT CONSUMES VAST QUANTITIES OF UNTRUSTED CONTENT FROM ARBITRARY SOURCES

Seriously your phone is like eleven billion times easier to infect than your TV is and you carry it everywhere. If the CIA want to spy on you, they'll do it via your phone. If you're paranoid enough to take the battery out of your phone before certain conversations, don't have those conversations in front of a TV with a microphone in it. But, uh, it's actually worse than that.

These days audio hardware usually consists of a very generic codec containing a bunch of digital→analogue converters, some analogue→digital converters and a bunch of io pins that can basically be wired up in arbitrary ways. Hardcoding the roles of these pins makes board layout more annoying and some people want more inputs than outputs and some people vice versa, so it's not uncommon for it to be possible to reconfigure an input as an output or vice versa. From software.

Anyone who's ever plugged a microphone into a speaker jack probably knows where I'm going with this. An attacker can "turn off" your TV, reconfigure the internal speaker output as an input and listen to you on your "microphoneless" TV. Have a nice day, and stop telling people that putting glue in their laptop microphone is any use unless you're telling them to disconnect the internal speakers as well.

If you're in a situation where you have to worry about an intelligence agency monitoring you, your TV is the least of your concerns - any device with speakers is just as bad. So what about Alexa? The summary here is, again, it's probably easier and more practical to just break your phone - it's probably near you whenever you're using an Echo anyway, and they also get to record you the rest of the time. The Echo platform is very restricted in terms of where it gets data[3], so it'd be incredibly hard to compromise without Amazon's cooperation. Amazon's not going to give their cooperation unless someone turns up with a warrant, and then we're back to you already being screwed enough that you should have got rid of all your electronics way earlier in this process. There are reasons to be worried about always listening devices, but intelligence agencies monitoring you shouldn't generally be one of them.

tl;dr: The CIA probably isn't listening to you through your TV, and if they are then you're almost certainly going to have a bad time anyway.

[1] Which I have obviously not read
[2] I look forward to the first person demonstrating code execution through malformed MPEG over terrestrial broadcast TV
[3] You'd need a vulnerability in its compressed audio codecs, and you'd need to convince the target to install a skill that played content from your servers

I have a question about your GRUB2

Date: 2017-03-09 05:40 am (UTC)
From: (Anonymous)
Hi Matthew,

I've been looking for a bootloader supporting TPM 2.0 for 6 months, and I finally ended up with your GRUB2. I believe your patched GRUB2 supports UEFI TPM 2.0, right? I tried to install it, but I get the error as follows:

sudo ./grub-install --directory=../lib/grub/x86_64-efi/ /dev/sda
Installing for i386-pc platform.
./grub-install: warning: cannot open directory `/home/skyer/Desktop/grub/build/share/locale': No such file or directory.
./grub-install: warning: this GPT partition label contains no BIOS Boot Partition; embedding won't be possible.
./grub-install: warning: Embedding is not possible. GRUB can only be installed in this setup by using blocklists. However, blocklists are UNRELIABLE and their use is discouraged..
./grub-install: error: will not proceed with blocklists.

Is this because your GRUB2 supports only BIOS partitions (not UEFI)? If so, if I format my SSD into BIOS partition and re-install Ubuntu, would I be able to use your GRUB2 to use TPM 2.0?

Sorry for this sudden question, but it's because I desperately need to use TPM 2.0 when booting up...

Re: I have a question about your GRUB2

Date: 2017-03-09 09:32 pm (UTC)
From: (Anonymous)
Thanks for your comment, and I could manage to finally install your GRUB2 correctly. In configure, I set "--target=x86_64", and "--platform==efi". However, after I finally ran "grub-install" generated in the build directory and rebooted the system, I got a short boot error message saying "error: no symbol table" and then the system transited to my original bootloader's GRUB2. Here I booted Linux, and I see that hash values are measured upto PCR9, but PCR10~14 (kernel image) are all zero.

So in terminal, I ran "update-grub" which was the binary from my old GRUB2, and now kernel completely panicks. I think it's because I should have run your new GRUB's "update-grub" binary, but I couldn't find any newly generated "update-grub" in the build directory.

Would "error: no symbol table" be a cause of PCR10~!4 not being measured? Or should I run a newly generated "update-grub" by your code? (but I can't find this binary)

Re: I have a question about your GRUB2

Date: 2017-03-11 04:11 am (UTC)
From: (Anonymous)
I reinstalled Ubuntu 16.10 (for MBR partition format compatible with BIOS and UEFI), and reinstalled your GRUB2. In particular, I ran ./configure, make, make install, and ./install-grub (but no update-grub) and there was no error. But if I reboots it, for some reason PCR 10~14 still contain only zeroes...

Profile

Matthew Garrett

About Matthew

Power management, mobile and firmware developer on Linux. Security developer at Google. Ex-biologist. @mjg59 on Twitter. Content here should not be interpreted as the opinion of my employer.

Page Summary

Expand Cut Tags

No cut tags