• 0 Posts
  • 1.03K Comments
Joined 1 year ago
cake
Cake day: June 30th, 2023

help-circle








  • I think you’re greatly overestimating the number of people who would need to be involved. It could be done by one person in the right RTL design position. ASIC validation doesn’t involve exhaustively searching for any backdoors that bridge between something accessible with low privileges to something that is supposed to require higher privileges.

    And if someone else did notice that, there’s a good chance it would just be a “thanks for reporting that, I’ll fix it” without a root cause investigation about how it got there, especially if it gets reported to the one who put it there in the first place.





  • This argument assumes that they’d only do something if they could get perfect coverage, which isn’t very compelling for me. IMO the question should be “would it give enough access to more information to be worth it”, not “it’s only worth it if it gives access to all information”.

    And, as the other commenter mentioned, it is difficult to get some Chinese phones, though not impossible and if this whole line of thought plays into that, the reasoning is probably as much about cutting off their access to this kind of thing as it would be about making it harder to avoid western agencies doing this. They’ve said the first one out loud (they being politicians justifying blocking Huawei), and wouldn’t have said the second part either way.


  • If it is present there, it doesn’t imply it’s only present there.

    And we really have no idea how close of a relationship Google, or any other corp for that matter, has with various intelligence agencies. Same thing with infiltrations by intelligence agencies.

    And no, it doesn’t mean that every phone in the world is compromised with this, which wouldn’t be that sophisticated, just stealthy. The sophisticated part would be part of the normal design process, it’s called DFT or design for test if you want to read about it, used legitimately to determine what parts of the chip have manufacturing flaws for chip binning.

    Most phones don’t have an unlocked bootloader, and this post is about the data Google is pulling on factory pixels.

    Why would they do all the work on the software side and then themselves offer a device that allows you to remove their software entirely? And if it’s worth it just from the “make more money from people who only want unlocked phones”, why isn’t it more common?

    Mind you, my next phone might still be a pixel. Even if this stuff is actually there, I wouldn’t expect to be targeted. I can’t help but wonder about it, though, like just how deep does the surveillance or surveillance potential go?


  • I was only in SF for one day and had an event most of that day, unfortunately, so I didn’t get to see much of the city. I think I saw the golden gate bridge from the plane. The hotel they put me in was nice, though, most comfortable bed I’ve ever slept in.

    LA was hot and the traffic was pretty crazy. I was there for about a week for siggraph with work. Santa Monica was nice, it was cool seeing the Hollywood sign in person, and I do remember looking back at the city and seeing all the haze.

    Six flags had rollercoasters that lasted longer than the longest one at Canada’s Wonderland (at least at the time, their 3 newest ones are a bit more comparable). I won a giant Scooby Doo stuffy because they had a game where I figured out the trick to it on my first play and returned later to upgrade my small Scooby-Doo to the large one (and bought the bag for the plane trip). The stuffy was pretty cheaply made though, so they might have still made money from the two plays I paid for lol.

    Other bits and pieces I remember are the different vegetation they had (my first time seeing palm trees) and noticing the barbed wire on a bunch of flat roofs. Also it was weird to see commercials for prescription drugs.

    Oh yeah, I almost forgot one of the highlights of the trip, going to Fry’s during it’s heyday. I was buying my own hardware at that time but it was the first time I saw an aisle of motherboards where you could actually see the boards on display. I think we ended up going there twice, once for cables we forgot to pack for our booth, then later for our own shopping trip.






  • You’re right that it’s pure speculation just based on technical possibilities and I hope you’re right to think it should be dismissed.

    But with the way microchip design (it wouldn’t be at the PCB level, it would be hidden inside the SoC) and manufacturing work, I think it’s possible for a small number of people to make this happen, maybe even a single technical actor on the right team. Chips are typically designed with a lot of diagnostic circuitry that could be used to access arbitrary data on the chip, where the only secret part is, say, a bridge from the cell signal to that diagnostic bus. The rest would be designed and validated by teams thinking it’s perfectly normal (and it is, other than leaving an open pathway to it).

    Then if you have access to arbitrary registers or memory on the chip, you can use that to write arbitrary firmware for one of the many microprocessors on the SoC (which isn’t just the main CPU cores someone might notice has woken up and is running code that came from nowhere), and then write to its program counter to make it run that code, which can then do whatever that MP is capable of.

    I don’t think it would be feasible for mass surveillance, because that would take infrastructure that would require a team that understands what’s going on to build, run, and maintain.

    But it could be used for smaller scale surveillance, like targeted at specific individuals.

    But yeah, this is just speculation based on what’s technically possible and the only reason I’m giving it serious thought is because I once thought that it was technically possible for apps to listen in on your mic, feed it into a text to speech algorithm, and send it back home, hidden among other normal packets, but they probably aren’t doing it. But then I’d hear so many stories about uncanny ads that pop up about a discussion in the presence of the phone and more recently it came out that FB was doing that. So I wouldn’t put it past them to actually do something like this.