The recent Intel firmware vulnerability reminded me of an article I ve been wanting to write for a few months. The essence is that firmware and chips can be hacked. They (or their related controller chips) contain software-like instructions that usually contain vulnerable security flaws. They are just harder to update. Repeat after me: Chips and firmware are just harder-to-patch software. Because of this, and other reasons, I fully expect more frequent hacks at the firmware and hardware-layer in the future.
1. More security will be driven at the chip level
Taking the lead of the Trustworthy Computing Group s initiatives, more and more computer security is being driven and secured at the chip-level. It started with efforts such as Trusted Platform Module (TPM) chips embedded on nearly every computer, OPAL self-encrypting hard drives, the Unified Extensible Firmware Interface (UEFI), hardware-based hypervisors such as Intel s Virtualization Technology (VT-x) and AMD s Virtualization (AMD-V), and myriad other chip- and firmware-led technologies by chip vendors and manufacturers. More and more, security is starting at the chip-level. For example, Microsoft doesn t just use hardware-based virtualization chips for its flagship Hyper-V virtual machine technology. Hardware-based security is the basis of many of its strongest and most recent technologies, including DeviceGuard, Credential Guard and AppGuard. Expect most operating system and chip vendors to offer more hardware-driven security in the future.
The main reason why hardware-based security is growing is because it puts security in charge sooner in the computing cycle. The closer security is to the electronic components, the harder it is for hackers and malware to get into the pathway to disable or take control of it. To defeat hardware-based security and gain access to the protected applications and data, hackers and their malware creations will increasingly need to attack the hardware.
2. Hardware hacks are often multi-platform
Although most computers come with a pre-installed operating system, most can run multiple platforms. For example, my Windows 10 laptop can run Linux, BSD and myriad nix variants. Apple computers often run Microsoft Windows using virtual machine software. A hardware-based vulnerability often puts the hacker or malware in control before the operating system is in charge of security, meaning that it can bypass any operating system s security controls. While writing malware that could take advantage of a hardware flaw across multiple operating systems is still a huge obstacle, simply having the ability to get around multiple operating system s protection is a giant advantage for any hacker.
3. Chip programmers are just as bad at secure programming as software programmers
Programmers, in general, are rarely trained appropriately in writing secure code. After decades of hard lessons won in how important secure programming is to the whole development cycle, most programmers get little to no training in it. At the hardware-layer, the types of programmers and teams that work there get even less training. Some of it has to do with the fact that hardware isn t as frequently attacked as software today, and so the overall risk is less. This lack of training means that hardware and firmware is full of bugs just waiting to be exploited. At the same time as chips are getting more transistors and logic gates, the number of instructions and lines of code put in firmware is increasing. As the number of lines of code increases, so does the number of bugs (all other things being equal). There is no doubt that today s chips are full of easy-to-exploit bugs just waiting to be found. Just look at the details of the Intel exploit. Any string of characters you put in as the authentication hash worked as well as the actual hash, allowing complete admin control. I don t think I ve ever read of such a horrible flaw in software, ever!
4. Chip monoculture
Only handful of firms make chips and firmware now, after an industry-wide consolidation of the last few years. Their chips are showing up in more and more devices. So we ve got more chips across more devices with less variation. Hackers love growing monocultures. It means they can write something once and have it work more successfully across a growing range of devices and operating systems. For example, the Unified Extensible Firmware Interface (UEFI) firmware has replaced the traditional BIOS in most computers and a growing number of devices. While partially created to make it harder to hack firmware (it does contain many anti-hacking features), UEFI was also given a micro, Linux-like kernel, which if you didn t know better, looks a lot like your average Linux-based Bash shell. You can do a lot in the UEFI kernel, and it s similar and shared across every UEFI implementation.
It sounds like a potential recipe for disaster. UEFI is supposed to save us from easy firmware hacking, and it s certainly more secure than what BIOS were, but the large, monoculture portions may end up being more problematic than the old vulnerabilities it closed.
5. Hardware hacking is becoming more common
The Internet of Things (IoT) is making more hackers interested in hacking chips and things that don t look like traditional computers. Today, hackers are realizing that IoT devices are just mini-computers running operating systems with a bunch of chips, which they learn about and hack. Parents and their kids routinely buy hardware kits to create and compute, like Raspberry Pi and Arduino. All of this is expanding people s, and hacker s, horizons of what can be hacked and now to do it. The hackers of the future are going to be far less intimidated about hacking hardware and firmware.
6. Hardware is patched less frequently
Even though firmware and hardware often contain vulnerabilities, even publicly known vulnerabilities, they are patched far less frequently by the vendor. Even when a patch is created by the vendor and available, most owners don t apply them. Most of the time they aren t even aware there are such things such as vulnerabilities in firmware and hardware, and even if they are aware, most aren t given them the appropriate consideration. For example, how many of you knew about the Intel firmware flaw that began this article? How many have downloaded the discovery tool and applied the fix? See what I mean.
All of this makes chips and firmware the next feature-rich environment for hackers to hack. Luckily, at least for the firmware components, we can patch them much the same way as we patch regular software. You run the vendor s software update, which updates the firmware or other supporting instructions.
One of the best things you can do to be prepared is to realize that firmware and hardware can be hacked, and likely will be more hacked in the future. Fortunately, we ve got a nice, unintentional resting period, where malicious hackers aren t really concentrating on firmware and hardware hacking because their software hacking is working quite well. But as hardware security chips begin to make software-based vulnerabilities harder to pull off, the only way for hackers to be as successful will be in attacking the hardware and firmware more often. It s coming. Enjoy the break and get prepared. The easiest way to get prepared is to update your patching guides and policies to including patching hardware and firmware. Oh, you ve already got that in your patching guides (I hear this all the time). Well, did you get right on that massive Intel vulnerability announcement? Have you patched everything that needed patching? Most people didn t.
This is your wake-up call.
- ^ Vulnerability hits Intel enterprise PCs going back 10 years (www.csoonline.com)
- ^ Trustworthy Computing Group s (trustedcomputinggroup.org)
- ^ DeviceGuard (docs.microsoft.com)
- ^ Credential Guard (blogs.technet.microsoft.com)
- ^ AppGuard (blogs.windows.com)
- ^ After CIA leak, Intel Security releases detection tool for EFI rootkits (www.csoonline.com)
- ^ Raspberry Pi (www.raspberrypi.org)
- ^ Arduino (www.arduino.cc)
- ^ 12 hardware and software vulnerabilities you should address now (www.csoonline.com)
- ^ CSO (www.csoonline.com)
As any archaeologist will tell you, you can’t ignore the past. Unfortunately for human history buffs in Atlantic Canada, a decision by the previous federal government to scrap a “state-of-the-art” archaeology lab in Nova Scotia just won’t go away, despite hopes that a change in government would bury it for good. In 2012, Parks Canada announced it would merge six archaeology labs from across the country into one, and consolidate their collections in a new facility in Gatineau, Que. just outside of Ottawa.
At the time, Mi’kmaq and Acadian groups as well as numerous academics and researchers from Atlantic Canada expressed their concerns with the decision, especially given that the custom-built lab in Dartmouth, N.S., had just opened three years earlier. They were under the impression the plan “was finally dead” when Trudeau’s Liberal government was voted in, said Jonathan Fowler, archaeologist at Saint Mary’s University, “but it’s back. Or maybe it had never left.”
A range of colonial-era artifacts recovered by Saint Mary s University students and members of the public during archaeological excavations at Grand-Pr National Historic Site in 2010. (Jonathan Fowler)
Audrey Champagne, a media relations officer with Parks Canada, said in an email the relocation plan is the best way to ensure the “maintenance and security” of its artifact collection. Many of the storage facilities currently in use across the country are aging, she said, and require “significant investments” to bring them up to standard.
Members of the Nova Scotia Archaeology Society touring the conservation laboratory in the Dartmouth facility in May, 2017. (Vanessa Smith)
Champagne estimates approximately 60 per cent of the collection “is currently under threat” due to environmental conditions at the facilities as well as security concerns. She said the move, which is scheduled to begin in 2018 and be completed by 2020, will cost approximately $45 million. No jobs will be eliminated, Champagne said.
An 18th century clay pipe recovered from a recent excavation. Pipe such as these provide excellent evidence for dating archaeological sites. (Jonathan Fowler)
He added he’s keen to let them know how “damaging” this move will be when it comes to the capacity of local people to “tell our stories here.”
Bill Casey, the Liberal MP for Cumberland-Colchester said he met with Minister of Environment Catherine McKenna approximately one week ago to voice his concerns. But “it may be too late” to save the Nova Scotia lab, he said.
Access to Mi’kmaq artifacts
It’s a “backward thing to do in today’s Canada,” Fowler said, at a time when many of us are “trying to come to grips with the consequences of our colonial history.”
To remove Indigenous and Acadian artifacts from the region and remove “reasonable access” to those artifacts is “ethically problematic,” he said. Chief Wilbert Marshall with the Potlotek First Nation said in an email that he is in “formal” consultations with Parks Canada about the relocation plans, in his capacity as head of the culture, heritage and archaeology portfolio for the Assembly of Nova Scotia Mi’kmaq Chiefs. The collections “are significant, non-renewable and sacred parts of our cultural property,” he said, and they “should not be moved from our traditional territory.”
‘Problematic’ loans system
Marshall emphasized that his goal in the negotiations is to find a way to continue to care for Indigenous archaeological materials and records right here in Atlantic Canada.
View of the interior of the archaeology lab showing part of the archaeological collection in storage. The collection is comprised of over 1 million artifacts from Atlantic Canadian archaeological sites. ( Nova Scotia Archaeology Society)
Champagne said Parks Canada is committed to finding “innovative” ways to accommodate Indigenous groups, including a loans system or transfer of title in some cases. Fowler said Parks Canada’s promise of a loan system is “problematic” because of the inefficiency of the process, the staff required to coordinate the program, and the possibility of damage to the artifacts through shipping.
The Parks Canada archaeology facility in Dartmouth was “purpose-built” in 2009 to house Atlantic Canada’s archaeological and historical objects collections, Fowler said, alongside a “really beautiful” conservation laboratory. The “state-of-the-art” facility may be “the best of its kind” in the country, Fowler said, and it’s “among the better archaeological labs internationally.”
Champagne says Parks Canada is preparing to terminate its lease at the facility in 2020, once the artifacts have been moved.
Schapelle Corby has arrived back in Australia over 12 years after her arrest in Bali on drugs charges.
Schapelle Corby was escorted from Brisbane Airport by a motorcade that split up in different directions to throw off media. Picture: Nigel Hallett.
BUSINESS class flights, flashy cars, accommodation in a luxury hotel, a world class security team and a celebrity bodyguard.
Convicted drug smuggler Schapelle Corby s VIP treatment on her much-hyped return home after spending nine years in Indonesia s Kerobokan Prison and three years on parole has been nothing short of extraordinary. In many ways, Corby s return has emulated a Royal visit with a last minute flight swap, a secret underground exit from Brisbane airport, a motorcade of nine black Mercedes Benz vans and a series of decoys. A security expert, who spoke to news.com.au on the condition of anonymity, has estimated Corby s elaborate security operation would have cost more than $40,000.
He said the risk assessment would have cost about $15,000-$25,000 and used to develop an operation plan at a further $7000-$15,000.
So (that s) about up to $40,000 before the assignment commences, he said.
Bodyguard John McLeod (blue and white shirt), who has been hired to provide security to Schapelle Corby, prepares for her deportation from Indonesia on May 27, 2017 in Bali. Picture: Ulet Ifansasti/Getty Images.Source:Getty Images
Schapelle Corby’s security detail John McLeod at her mother s home in Loganlea, QLD before he led media on a wild-goose chase. Picture: Nigel Hallett.Source:News Corp Australia
The security operation has been meticulously executed by Tora Solutions, a security and investigative company owned by John Mcleod. Mr Mcleod has also acted as Corby s bodyguard, escorting her from Bali to Brisbane. He is understood to still be working for her as she continues to evade the spotlight. News.com.au has contacted Mr Mcleod for comment. Another security expert who spoke to news.com.au, but didn t want to be named, said the cost of hiring a bodyguard to travel overseas known in the industry as close protection members would be in the range of $1100-$1800 per day, not including expenses.
Bodyguards or close protection personnel in Sydney or Brisbane would vary from $50 to $180 per hour … depending on their skill level, he said.
Instagram photo of Schapelle Corby on board a Malindo flight to Brisbane after being deported from Bali. She sat in business class on seat 1a. Picture: InstagramSource:Supplied
The past few days have proven that Mr Mcleod s skill level is clearly advanced. His team, including ex-military officer Eleanor Whitman, devised and executed a plan that flawlessly outplayed the hordes of journalists and camera crews following Corby from Bali to Brisbane. Corby and her sister Mercedes were booked in business class seats on both Virgin and Malindo Air flights from Denpasar to Brisbane in an apparent bid to evade the media.
Business class flights on Virgin from Denpasar to Brisbane can cost more than $1500, while for Malindo Air they can be around $650. It remains unclear who paid for the business class seats. Other expenses likely to have been incurred as part of the security operation include vehicle hire, equipment, accommodation and travel allocated normally at cost , according to the expert.
Schapelle Corby inside the Bali Parole office on Saturday.Source:Supplied
Australian Schapelle Corby being escorted by local police from the parole office in Denpasar, Bali, Indonesia, 27 May 2017.Source:AAP
After touching down in Brisbane on Sunday morning, Corby was flanked by security and escorted from the airport by a motorcade that split up in different directions to throw off the press. Decoy convoys led journalists on wild goose chases through the city while television helicopters followed, ending in dead ends one a KFC carpark at Ormeau at 7am, the other at the Sofitel in Brisbane.
A convoy of nine black Mercedes Benz vans escorted Schapelle Corby from Brisbane Airport on Sunday. Picture: Nigel Hallett.Source:News Corp Australia
Corby is understood to be holed up in the five star luxury hotel, since her heavily-guarded arrival home, but that hasn t been confirmed. She still hasn t been sighted in public since returning to Australia despite the best efforts of a huge media contingent attempting to report on her homecoming.
Outside the Sofitel Hotel in Brisbane where Schappelle Corby is thought to be staying after her arrival from Bali on May 28, 2017 in Brisbane, Australia. Picture: Glenn Hunt/Getty Images.Source:Getty Images
A room at the Sofitel Brisbane, where Schapelle Corby is believed to be holed up. Picture: Accor Hotels.Source:Supplied
WHERE DID THE MONEY COME FROM?
There has been widespread speculation that a television network might have covered the security costs in exchange for an interview with Corby. But Australia s major commercial networks including Seven, Nine and Ten have all denied any involvement.
Network Seven head of news Craig McPherson told news.com.au the company has not paid a cent to Corby or assisted in funding her security in any way. He also denied the network has secured an interview, paid or unpaid, with her.
We aren t and haven t been dealing with Corby, Mr McPherson said.
We ve offered no help whatsoever. Channel Nine communications director Victoria Buchan told news.com.au the network spoke to the family prior to Schapelle returning .
We … offered her an interview with us but that we would not pay, Ms Buchan said.
Nothing has changed. Corby s mother Rosleigh Rose today told reporters she was unaware of any interview deals with her daughter.
That s her business and I think the answer would be no. Youse have told it a thousand times, she said of Corby s story.
Rosleigh Rose, mother of Schapelle Corby, outside her house in Loganlea, south of Brisbane. Picture: Lyndon Mechielsen.Source:News Corp Australia
Rosleigh Rose, Schapelle Corby’s mum s house, in Loganlea, QLD.Source:News Corp Australia
Melbourne lawyer Christian Juebner, who specialises in proceeds of crime laws, told news.com.au it was legal for Corby to accept money for an interview about her ordeal as a convicted drug trafficker. But she would run the risk of having any money she is paid retrieved by the Commonwealth.
There s a misunderstanding where people think there s a prohibition of paying money to her, Mr Juebner said.
It s not illegal for her to receive something. But if someone is reasonably suspected to have received a benefit from exploiting their notoriety arising from an offence, the AFP Commissioner can seek an order causing the benefit to be forfeited to the Commonwealth. Mr Juebner said the same laws applied if Corby benefited from any services offered to her for free.
The word benefit is not limited to a financial payment to her, it s any commercial benefit she receives, he said.
If she saves costs in arranging her own security it s still a benefit conferred on her.
It s whether the AFP commissioner would bother taking that action because its discretionary.
HAVE AUSTRALIAN TAXPAYERS FOOTED THE BILL?
News.com.au understands the Indonesian government covered the costs of Corby s deportation on the Bali end. About 200 Indonesian police officers, armoured vehicles and at least a dozen police cars were part of the high profile deportation operation that saw Corby escorted off the holiday island on Saturday night. But it s not clear who paid for Corby s private security including her bodyguard, security team and motorcade escort or luxuries back in Australia such as her suspected hotel accommodation.
Police officers transport Schapelle Corby from the Bali Parole office in Denpasar to the airport by Indonesian Immigration for deportation to Australia. Picture: Nathan EdwardsSource:Supplied
About 200 Indonesian police officers, armoured vehicles and at least a dozen police cars were ploughed into the high profile deportation operation that saw Corby escorted off the holiday island on Saturday night. Picture: Nathan EdwardsSource:Supplied
The Department of Foreign Affairs and Trade did not respond to questions from news.com.au about whether or not the Australian government has footed the bill for Corby s security upon her return home.
The Department of Foreign Affairs and Trade provided consular assistance to Ms Corby following her arrest in 2004 until her deportation on 27 May, in accordance with the Consular Services Charter, a statement from DFAT read.
Due to privacy obligations we are unable to provide further details. The Australian Federal Police did not respond to questions about whether the organisation assisted Corby by providing security services or any associated costs.
The main priority for the AFP at Australia s major airports is the safety of the public and the airport, an AFP spokesperson said.
AFP officers stationed at major airports occasionally provide assistance to individuals and groups to facilitate their safe access through the airport. This is to ensure both their safety and the safety of the public.
The provision of any assistance is provided on a case-by-case basis.
Indonesia police prepare during a security operation in Bali for Australian Schapelle Corby to return to Australia on May 27, 2017. Picture: AFP / Sonny Tumbelaka.Source:AFP
DID THE CORBY FAMILY PAY FOR IT THEMSELVES?
It s possible that Corby s relatives have forked out tens of thousands of dollars for the security costs themselves. Although it s unknown if they had the means to do so.
Mercedes Corby in Bali to offer support to her sibling in the lead-up to her deportation to Australia earlier this month. Picture: AAP Image/Putra Sinulingga.Source:AAP
Mercedes recently denied to Woman s Day magazine the existence of a secret jackpot for Schapelle.
There has never been any basis for these stories about the millions we supposedly have in the bank, she said.
I don t have millions of dollars, it s definitely not true. I m not a millionaire, but legal fees came to millions. Corby was arrested in 2004 for attempting to smuggle 4.1 kilograms of marijuana into Bali and was sentenced to 20 years in prison in 2005. She has spent the last three years on parole on the holiday island after serving almost 10 years of her original 20-year sentence in Kerobokan prison.
She was deported on Saturday and it is understood she cannot return to Indonesia for at least six months.
She has always maintained her innocence.