Saturday, August 24, 2013

Is Windows 8 a Trojan Horse for the NSA? The German Government Thinks So

Techworld reports:
The German Government is now deeply suspicious that the Trusted Platform Module (TPM) technology built into a growing number of Windows 8 PCs and tablets is creating a gigantic back door for NSA surveillance, leaked documents have suggested.

Documents from the German Ministry of Economic Affairs obtained by German title Zeit Online uncover the alleged unease of officials at the direction of version 2.0 of the standard being developed under the auspices of the multi-vendor Trusted Computing Group (TCG).

TPM has been marketed as a security and Digital Rights Management (DRM) technology since its appearance in 2006, but version 2.0 would embed a chip on every PC that has complete control over which programs can and can’t run, a setting that can’t be over-ridden under Windows 8. The chip is also where the cryptographic data is stored for Windows BitLocker and it enables remote administration.

Windows 8 security going forward will be founded on TPM 2.0 and the ability to access or break it would be of huge value to any intelligence service.

During TCG meetings, German officials appear to have expressed concern about the potential for abuse but were “rebuffed,” Zeit claims. The documents also refer to the NSA having representation at the meetings and the statement “the NSA agrees” in the context of leaving the technology in its current (presumably unreformed) state.

The full context of this reference is not clear from the Zeit article but the implication is disturbing; the NSA thinks that TPM 2.0 does not offer a barrier to its operations[...]


Ironically, an expert quoted in the Zeit article goes on to worry that the Chinese Government as well as the NSA might be able to access data through TPM 2.0; many TPM chips are manufactured in the country.
After years of low-level discussion among security experts, worries over surveillance backdoors have suddenly become a mainstream topic. Last month an Australian report claimed that intelligence services in the ‘five eyes’ alliance (the US, UK, Canada, Australia and New Zealand) had refused to use PCs made by Chinese-founded Lenovo over concerns about “backdoor hardware and firmware vulnerabilities.”
Here's Wikipedia on earlier concerns about TPM:
 The Trusted Computing Group, the developers of the specification, has faced resistance in some areas to deploy this technology, especially in academia, where some authors still see possible uses not specifically related to Trusted Computing, which may raise privacy concerns. The concerns include the abuse of remote validation of software (where the manufacturer — and not the user who owns the computer system — decides what software is allowed to run) and possible ways to follow actions taken by the user being recorded in a database, in a manner that is completely undetectable to the user.
The private part of the endorsement key is burned into the chip at the manufacturing plant, which means that at least the manufacturer must have had access to the private key at least during the time of manufacturing. There exist no method for the user to obtain the private part of the endorsement key. The user will have to blindly trust the manufacturer and the authorities in the country where the chip was manufactured to not have stored the key, or else it must be assumed that they are in control of the private endorsement key, upon which all security of the TPM relies. 
It is "Trusted" to the hardware manufacturer, but, the same makes it "uncontrollable" for the user - making the user dependent on trust to the manufacturer, or whatever government or authority there is at particular location.

Also, according to Wikipedia:
TPM is implemented by several vendors:
  • Infineon provides both TPM chips and TPM software, which is delivered as OEM versions with new computers, as well as separately by Infineon for products with TPM technology which complies to the TCG standards.
  • Wave Systems offers a broad range of client and server software, which runs on all TPM chip-sets. For instance, this software is pre-installed on several models from Dell and Gateway.
  • In 2006, with the introduction of the first Macintosh models with Intel processors, Apple started to ship Macs with TPMs. Apple never provided an official driver, but there was a port under GPLavailable.[12] Apple has not shipped a computer with TPM since 2006.[13]
  • In 2011, Taiwanese manufacturer MSI launched its Windpad 110W tablet featuring an AMD cpu and Infineon Security Platform TPM, which ships with controlling software version 3.7. The chip is disabled by default but can be enabled with the included, pre-installed software.[14]
  • Oracle ships TPMs in their recent X- and T-Series Systems such as the T3 or T4 series of servers.[15] Support is included in Solaris 11.[16]
  • VMware's ESXi hypervisor has supported TPM since 4.x, and from 5.0 it is enabled by default.[18][19]

 

4 comments:

  1. Who knew a past post would seem so prescient?

    http://stateofthedivision.blogspot.com/2006/05/scary-chinese-spying-pcs.html

    ReplyDelete
  2. I talked to a hacker once who said NO software gets approved for use in the US without backdoors being put in place, and this was a decade ago.

    ReplyDelete
  3. Use the free OS Linux Ubuntu as an option on your hard drive.

    ReplyDelete
  4. I personally believe it is a built in Trojan due to no way to see anything done off screen.Not only that but I do not have confirmation yet.But I have reason to believe it was a cheap tablet program that was being worked on.But companies decided to add additional programs to it to monitor or sabotage systems.

    I believe Intel added additional programs to hack any AMD system to reduce performance to Intel would not lose there share in the Marketplace.I have checked many users of AMD an Intel showing Intel functions perfectly in fact too good to be true.An AMD hardware not to function at all.Even speed up reaction times on things.Overheating and crashes.Something never found on old or new motherboards or graphics cards.

    So if Microsoft is adding things to hardware based on who pays them the most money.I am certain there are other things in the programing that your should be looking for.Like Satellite locations an code backdoor.

    ReplyDelete