You are viewing a single comment's thread from:
RE: Chinese Spy Chips in NSA Server and Apple and Amazon Cloud
Just wonderful. Didn't read the article yet, but did they find a way to interrupt or block the intrusion?
Just wonderful. Didn't read the article yet, but did they find a way to interrupt or block the intrusion?
That is not possible. That is the point of hardware injection: The only way to prevent is to not use an injected hardware module.
Of course you could have a deep look on every mainboard )and try to get off the module without destroying the MB), but that is not really doable, right?
Well, I wouldn't exactly say it's not possible. You may not be able to remove the chip, but there are ways to defeat it. At the very least you could stop it from communicating with anyone. It would just be a matter of blocking whichever protocol or port it was using to communicate. The most difficult would be if it was communicating over port 80, you would need to block whomever it was trying to contact, and any fail-safes it had.
Most corporate and government sites lock down most protocols by default. The last corporate job I had, I had a divice that blocked IP's by country. I had most of the world blocked, and only allowed certain IP's by white list. (It was a PolyWall by bandura systems.) I also had an IDS/IPS from SourceFire.