Hardware Security
Well, you cannot, on your own.
In the end it all comes down to trust. Where do you buy your gear? Is the brand trusted? Do they have all supply chain processes and procedures in place?
Apple is one of the companies that has started addressing this problem seriously. With the custom T2 chip introduced in the most recent lineup of MacBooks, they finally offer a secure boot option. That means the computer will only load a trusted operating system. And that also means (although they are not vocal about that), that the T2 is capable of verifying the components and subsystems inside the computer are trusted. This last option may not be popular among folks who would like to have freedom of using alternate sources for repair or upgrade components, but in the end it will all come down to a choice: do you use a computer that comes from a trusted brand (and believe me, with $1T valuation Apple is a trusted brand), or do you gamble risking introducing a hardware - based malware into your environment.
This is not all Sci-Fi at all. I remember (must have been more than 10 years ago) buying a second-hand WRT-54 WiFi access point that was loaded with a slightly modified firmware that was relaying my WiFi credentials to an external server. I was then lucky to locate that issue quickly and learn a lesson to always do a factory reset and load a genuine manufacturer's firmware before plugging any used gear to my network.
For device manufacturers it also means stricter control over the components they use up to the point of being more vertically integrated. Again - seems like this is at least part of the motivation for Apple's recent acquisiton of Dialog.
For users it is not only about their computers and phones. It is becoming more important to pay attention what do you plug into your ports. Hardware implants are not the domain of CIA anymore...
Comments
Post a Comment