EFF gets into the CPE router software business..
charles at thefnf.org
charles at thefnf.org
Fri Jul 25 18:11:29 UTC 2014
On 2014-07-25 12:22, Valdis.Kletnieks at vt.edu wrote:
> On Thu, 24 Jul 2014 22:06:38 -0700, George Herbert said:
>
>> Any idea how well CeroWRT stands up to nation-state level intrusion
>> efforts?
>
> If they are as determined as FBI v Scarfo (the FBI pulled a black bag
> job
> to install a keystroke logger in a mobster's PC to capture his PGP
> passphrase),
> it's pretty much "game over". Isn't much the average router-class
> hardware
> can do to protect itself at that point.
Of course. Physical access is root access. We know this.
>
> The second big challenge is that to the best of my knowledge, there
> exist
> no router-class hardware that includes a TPM chip,
OpenWRT x86? Run it on a decently specced laptop a couple gens old (like
a Dell Latitude 6500 or so). That's got TPM, plenty of ram.
Of course you can run on a server board (Dell Poweredge or something). I
prefer pfsense myself for full blown kit.
which means that you're
> not going to be able to implement a trusted boot environment. This
> means that
> we're stuck with trusting at least part of the boot process (though we
> can
> probably trust the first stage boot loader on a 3800, as that appears
> to be
> in an actual ROM, and we'll have to trust the bootstrap code on the
> flash,
> but if we use a signed kernel, everything after that can have some
> trust
> attached.)
Right.
>
> There's a number of attack surfaces left on CeroWRT, starting with the
> usual
> "find a 0-day and point it" - good targets there are the Linux network
> stack,
> the IPtables code, dropbear (which is nice, but almost certainly not
> audited
> as heavily as OpenSSH), and Luci. And yes, reflecting an attack off a
> browser
> behind the router is *very* much in scope - *most* of the pwned router
> attacks
> we see come from javascript or other executables pointed at the usually
> well-known router address from a PC behind the router.
>
Agree 100%
> All the way to pulling a MITM on downloads from Dave Taht's
> repositories. The
> combination of DNSSEC, trusted crypto signatures on the dowload
> package, and
> OpeWireless's plans to use Tor to do the software download should make
> it a
> *lot* harder to attach via that route.
>
Oooo. I'll have to clone that methodology for the FNF downloads.
More information about the NANOG
mailing list