Kyle Rankin, Purism:
The supply chain ultimately comes down to trust and your ability to audit that trust. You trust the grocery and the supplier to protect the food you buy, but you still check the expiry date and whether it’s been opened before you buy it. The grocery then trusts and audits their suppliers and so on down the line until you get to a farm that produces the raw materials that go into your food. Of course it doesn’t stop there. In the case of organic farming, the farmer is also audited for the processes they use to fertilize and remove pests in their crops, and in the case of livestock this even extends to the supply chain behind the food the livestock eats.
You deserve to know where things have been, whether it’s the food that sustains your physical life or the devices and software that protect your digital life. Tainted food can make you sick or even kill you, and tainted devices can steal your data and take over your device to infect others. In this post, I’ll describe some of the steps that Purism takes to protect the digital supply chain in our own products.
…while a hardware implant is possible, it’s unnecessary–the BMC firmware and IPMI protocol have a long history of vulnerabilities and it would be a lot easier (and stealthier) for an attacker either to take advantage of existing vulnerabilities or flash a malicious firmware, than risk a hardware implant. An attacker who is sophisticated enough to deploy a hardware implant is sophisticated enough to pick a safer approach.
Why is attacking the firmware safer than implanting hardware? First, firmware hacking is easier. Firmware used to be something that was flashed onto hardware once and could never be overwritten. In those days, it might have been just as easy to add a malicious chip onto the motherboard. Now, most firmware is loaded onto chips that can be written and overwritten multiple times to allow updates in the field, so anyone along the hardware supply chain could overwrite trusted firmware with their own.
Second, firmware attacks are harder to detect. Hardware attacks risk detection all along the supply chain whenever someone physically inspects the hardware. Motherboards have published diagrams you can compare hardware against, and if a chip is on the board that isn’t in a diagram, that raises alarms. Since so much firmware is closed, it’s more difficult to detect if someone added malicious code and it’s certainly something you can’t detect by visual inspection.
Finally, firmware attacks offer deniability. It’s hard for someone to explain away a malicious chip that’s added onto hardware unannounced. If firmware vulnerabilities are detected, they can almost always be explained away as a security bug or a developer mistake.
While the hardware and firmware supply chain attacks get a lot of focus due to their exciting “spy versus spy” nature, software supply chain attacks are a much greater and more present threat today. While many of the hardware and firmware attacks still exist in the realm of the hypothetical, software attacks are much more real. Vendors have been caught installing spyware on their laptops, in some cases multiple times, to collect data to sell to advertisers or to pop up ads of their own. When you can’t audit the code, even a computer direct from the factory might be suspect.
With proprietary operating systems, there’s the risk that comes from not being able to audit the programs you run. A malicious developer or a developer hired by a state actor could add backdoors into the code with no easy way to detect it. This isn’t just a hypothetical risk, as the NSA is suspected in a back door found in Juniper’s ScreenOS.
If you decide that you can trust your OS vendor, you might be comfortable relying on the fact that OS vendors sign their software updates these days so the OS can be sure that the software came directly from the vendor and wasn’t tampered with while it was being downloaded. Yet, applications on proprietary operating systems come from multiple sources, not just the OS vendor, and in many cases software you download and install from a website has no way to verify that it hasn’t been tampered with along the way.
Even if you only use software signed by a vendor, you still aren’t safe from supply chain attacks. Since you don’t have access to the source code, there’s no way to prove that the signed software that you download from a vendor matches the source code that created it. When developers update software, their code generally goes to a build system that converts it into a binary and performs tests on it before it packages it, signs it, and makes it available to the public. An attacker with access to the build system could implant a back door at some point in the build process after source code has been checked in. With this kind of attack, the malicious code might go unnoticed for quite some time since it isn’t present in the source code itself, yet the resulting software would still get signed with the vendor’s signature.
The supply chain comes down to trust and your ability to audit that trust. Unfortunately, all too often, a company’s economic incentives run counter to your trust. This is why Purism is registered as a Social Purpose Corporation (SPC), so we can put our ethics and principles above economic incentives. We also continue to improve our own ability to audit the supply chain and isolate (and ultimately eliminate) any proprietary code that remains. Beyond that we are also working to provide you the tools to audit the supply chain (and audit us) yourself, because while we feel you should trust us, your security shouldn’t have to depend on that trust alone.