Juniper's products are still backdoored; more evidence that the company was complicit


#1

[Read the post]


#2

What are the odds they have a national security letter telling them they must keep that weakness, and they must not discuss it.


#3

I shouldn’t be, but right now I’m more annoyed at how badly aligned that door graphic is on the side :frowning:


#4

I’m more disturbed it’s covering the air vents.


#5

Hey, Juniper, I have a message for you.


#6

Relatedly, a question for the US state security apparatus:


#7

Economic stimulus for fledgling EU IT companies?


#8

How could we design an affordable router that would also be easy to audit? Open enough so any shenanigans the vendor would be forced to would be immediately visible to the end users (which would also serve as an incentive to The Man to not try)?


#9

They’re continuing a long-standing tradition of denying the basic premise that words already have meanings. Specifically, the word “security” in this case.


#10

I speculate that the firmware-based backdoor was, after all, just a stopgap for the models that went out the door before NSA’s special chips were ready. They’re standard now on all subsequent production lines. If they hadn’t sold so many units without those “Patriot chips”, they could have had a squeaky-clean community audited firmware on the routers this whole time.

So why did Juniper come forward about finding the backdoors - and then go silent about it? I’d say the department which was under NSA gag failed to prevent the department which made the announcement. Secrecy, after all. Then NSA provided broader pressure.


#11

Can we have routers based on a commodity FPGA and some commodity CPU? Easy to audit, built bottom to top with transparency as one of the basic design criteria? Without special state-carrying or unauditable chips where they could facilitate takeover of the device? With anything that stores data (bitstream flash, firmware…) capable of being read down to the last bit, and checksum-checked block by block?


#12

Commodity parts don’t provide cutting-edge performance. Besides, NSA has it’s own chip fabs. They can easily make counterfit “commodity” parts.


#13

Can you have enough performance with them, though? Enough for a given application that is not an untrusted-anyway terabit-per-second backbone router?

For a considerable cost. Which may slow them down but not stop because the fool known as the taxpayer will foot the bill.

We can also fingerprint the electrical characteristics of the parts (see the body of the literature that deals with counterfeiting of parts - it is quite a big issue), image the dies of a selected sample from the lot (uncap and microscopy, or SEM, or for simpler cases where we compare just the die carriers and the chip size even a nondestructive xray would do), and deploy other countermeasures.


#14

Ultimately, we can’t gather together enough trustworthy volunteers to audit all of this hardware and software, and even if we could, it would be cat-and-mouse as NSA sees that the auditors only get samples with nothing bad to find.


#15

We can never be entirely sure. But we can still give the adversary quite some headaches.


#16


#17

I am almost positive that the NSA does, in fact, not have its own chip fabs. This assessment is based on knowledge of the industry, not any official press releases. Do you have a source for the assertion that they do?


#18

My rough guess is that they have something for lower levels of integration. (The few- or few-dozen nanometer nodes are likely quite outside of their reach.) If only for rad-hard not-compromised-by-Chinese chips for satellites.

Even universities can have rudimentary chip making capabilities.


#19

They certainly could have something like that, though I would imagine they would still go through US foundries to produce those. The main point being that there’s no possible way they could have anything like an advanced-node foundry that could successfully counterfeit modern chips without a whole lot of people who don’t have security clearances, including me, and just about everyone else in the industry, knowing about it.


#20

Why subvert chips in that way when they can just subvert shipments between suppliers and recipients and add their own hardware inside along the way. Their catalog of tools (and a number of incidents) have shown that they do exactly that. They’ll put a key logger or other tools inside a device on the way to a target, put it back in its packaging, and just send it on its way. Much easier really (and cheaper).