@uranther I’ve been looking to the last 5 years conferences videos of CCC and I couldn’t find yet the one I was talking to you about implementing a persistent hidden channel transmitter in a laptop’s CHIPSET (Northdridge) holding the ethernet controller, by hacking the CHIPSET’s embedded software. This POC / Demo was used to implement a hidden keylogger, but transmitting UUID tag could have been done instead... I’ll find it if it has not been deleted.

@uranther Here it is :

media.ccc.de/v/30C3_-_5380_-_e

This kind of hardware backdoor is a perfect base to build an "Active fingerprinting tracker".

Be sure all biggest agencies are playing this game.

Instead of using the malware to send keystrokes, you can send those UUID's / Integrated circuits serial numbers and you're done.

He's exploiting a known IP hidden channel, but many other could be used at raw IP level, or in higher protocol layers normalized by W3C.

Tor is a diversion.

@stman @uranther Looking back, it was unbelievable to see how huge the storm caused by Intel's "processor serial number" in Pentium 3 was, that even forced Intel to withdrew it. Meanwhile, nobody has ever said anything about the serial numbers of hard drives, GPUs, motherboards, RAM modules, Ethernet MAC address, etc, etc, etc. Pretty illogical, isn't it?

Follow

@niconiconi @uranther Yep. They withdraw it officially. I’m sure undocumented ones exist. About all subsystems perpherals serial numbers : My article CIA forced me to unpublished focussed mainly on that. There are at least 30 unerasable / unmaskable / unchangeable serial numbers in a standard PC motherboard IC’s and subsystems. Mac address is the only one that is garanteed to be editable because stored in an EEPROM or Flash in most ethernet controllers. That’s no

Sign in to participate in the conversation
Mastodon

Server run by the main developers of the project 🐘 It is not focused on any particular niche interest - everyone is welcome as long as you follow our code of conduct!