I've recently gained an interest in anonymity and the technical aspects of it.
Is it possible for hardware to be bugged and monitored? I.e, can a seller of a processor bug it in order to report what I am doing or is this purely done in the software? Is this done for common hardware?
TLDR: Can the hardware be compromised?
Yes, if an attacker has physical access to your computer it is no longer your computer. While it's theoretically possible to implement spying directly in silicon on a modern CPU, a modern x86-based CPU is extremely complicated. An attacker would be better off using a peripheral device that uses something like USB which exposes certain interrupts in an easily-accessible port on the back of every machine.
Such devices already exist:
(source: shopify.com)
Nearly every computer including desktops, laptops, tablets and smartphones take input from Humans via Keyboards. It's why there's a specification with the ubiquitous USB standard known as HID - or Human Interface Device. Simply put, any USB device claiming to be a Keyboard HID will be automatically detected and accepted by most modern operating systems. Whether it be a Windows, Mac, Linux or Android device the Keyboard is King.
(source: shopify.com)
The LAN Turtle is packed with features for remote access, man-in-the-middle and network recon. Everything the LAN Turtle does is a module, and you can download new ones right to the device from the module marketplace. Keen on writing a module? Code one in bash, python, or php with a dead simple API.
These are only a few examples of malicious hardware, there are countless more in existence. As a bonus, check out the BadUSB research. This project entails using an ordinary USB 2.0 flash drive and turning it into a malicious device to attack any computer it's plugged in to.
Another possible attack vector is the PCI express interface. Many more interrupts are available to that interface, however compromising a machine's PCIe bus entails opening it and inserting a card instead of plugging in an innocuous little flash drive.
While these devices you see here are specifically designed to be used by people to attack other people, it is well within the realm of possibilities for a state actor to approach a tech manufacturer to insert backdoors into their hardware. For example, a government agency could approach a sound card manufacturer to implement an interface on their PCIe chipset to allow remote interaction with the target device. This includes things like directly dumping memory chunks and all kinds of nasty things.
Furthermore, even if a device is not intentionally designed with malicious intention, a device with an insecure firmware updating procedure can become a victim to malware (similar issue to the BadUSB exploit). A piece of malware can exploit an insecure firmware updating process to turn a specific peripheral into an attacker on the inside. See this Defcon talk for more information.
Of course, the hardware/firmware also plays as role in keeping/compromising your security. The point is at the end of day, firmware also runs programs, and some controllers even provide full computing environments similar to small computers.
It is then no small wonder there are projects that revolve around avoiding proprietary formats, either in binary blobs or in proprietary operating systems and software.
Libreboot is a free BIOS or UEFI replacement (free as in freedom); libre boot firmware that initializes the hardware and starts a bootloader for your operating system. It's also an open source BIOS
coreboot is an extended firmware platform that delivers a lightning fast and secure boot experience on modern computers and embedded systems. As an Open Source project it provides auditability and maximum control over technology.
openwrt for many consumer-grade routers
OpenWrt is described as a Linux distribution for embedded devices. Instead of trying to create a single, static firmware, OpenWrt provides a fully writable filesystem with package management. This frees you from the application selection and configuration provided by the vendor and allows you to customize the device through the use of packages to suit any application. For developer, OpenWrt is the framework to build an application without having to build a complete firmware around it; for users this means the ability for full customization, to use the device in ways never envisioned.
Novena is a 1.2GHz, Freescale quad-core ARM architecture computer closely coupled with a Xilinx FPGA. It’s designed for users who care about Free Software and open source, and/or want to modify and extend their hardware: all the documentation for the PCBs is open and free to download, the entire OS is buildable from source, and it comes with a variety of features that facilitate rapid prototyping.
In this era of pervasive surveillance, rootkits bundled with corporate software, threats of hardware backdoors by nation states, and the overall increasing sophistication of attacks, I think Purism is on to something here.
Minifree sells GNU/Linux laptops, servers and related services that respect the users' freedom and privacy. These laptops come with the free (libre) and open source Libreboot BIOS replacement (based on coreboot) preinstalled. The hardware is chosen specifically to run with 100% Free Software in the operating system, with zero binary blobs.
I will also leave here a link from Mr. Stallman: How I do my computing
As for installing backdoors:
NSA Hides Spying Backdoors into Hard Drive Firmware
American cyber-surveillance agency, the NSA, is taking advantage of the centralization of hard-drive manufacturing to the US, by making WD and Seagate embed its spying back-doors straight into the hard-drive firmware, which lets the agency directly access raw data, agnostic of partition method (low-level format), file-system (high-level format), operating system, or even user access-level. Kaspersky says it found PCs in 30 countries with one or more of the spying programs, with the most infections seen in Iran, followed by Russia, Pakistan, Afghanistan, China, Mali, Syria, Yemen and Algeria.
NSA intercepts routers, servers to slip in backdoors for overseas surveillance
The NSA routinely receives – or intercepts – routers, servers and other computer network devices being exported from the US before they are delivered to the international customers. The agency then implants backdoor surveillance tools, repackages the devices with a factory seal and sends them on. The NSA thus gains access to entire networks and all their users.
NSA Built Back Door In All Windows Software by 1999
A careless mistake by Microsoft programmers has revealed that special access codes prepared by the US National Security Agency have been secretly built into Windows. The NSA access system is built into every version of the Windows operating system now in use
It is due to this state of affairs, that:
Chinese and North Korean governments mandated the use in the public administration of local versions of Linux
The Chinese Government Has A New Linux Distro: Is It Any Good?
Take Ubuntu Kylin, for example. This is a heavily customized spin of Ubuntu Linux, built by the PRC’s government, aimed at Chinese users.
The Chinese and Russians are developing their own (micro)processors, for use in the BRICS countries, the former based in MIPS technology, the latter on ARM
Russian gov to dump x86, bake own 64-bit ARM chips
The outlet's report suggests three state-owned Russian companies are banding together to develop to be called “Baikal” that will use ARM's 64-bit kernel Cortex A-57 as its base design, offer at least eight cores, be built with a 28nm process and run at 2GHz or more in PCs or servers. The report also says “It is assumed that Baikal will be delivered to the authorities and state-owned companies.”
https://en.wikipedia.org/wiki/Loongson
Loongson (simplified Chinese: 龙芯; pinyin: Lóngxīn; literally: "Dragon Core")[1] is a family of general-purpose MIPS64 CPUs developed at the Institute of Computing Technology (ICT), Chinese Academy of Sciences (CAS) in the People's Republic of China. The chief architect is Professor Hu Weiwu. It was formerly called Godson.
Brazil has been mulling around being less dependent on American Internet communications backbone.
Brazil's controversial plan to extricate the internet from US control
It is also in the public domain FBI often enters suspects' homes to plant hardware bugs in their keyboards; and that ISPs have in their backbones servers to intercept and inject malware into executables and system updates, for them to be used by law enforcement agencies pretty much all over the world.
Secret Manuals show the spyware Sold to Despots and Cops Worldwide
The manuals describe Hacking Team’s software for government technicians and analysts, showing how it can activate cameras, exfiltrate emails, record Skype calls, log typing, and collect passwords on targeted devices. They also catalog a range of pre-bottled techniques for infecting those devices using wifi networks, USB sticks, streaming video, and email attachments to deliver viral installers. With a few clicks of a mouse, even a lightly trained technician can build a software agent that can infect and monitor a device, then upload captured data at unobtrusive times using a stealthy network of proxy servers, all without leaving a trace.
Judge OKs FBI Keyboard Sniffing
U.S. District Judge Nicholas Politan said that it was perfectly acceptable for FBI agents armed with a court order to sneak into Scarfo's office, plant a keystroke sniffer in his PC and monitor its output. Scarfo had been using Pretty Good Privacy (PGP) encryption software to encode confidential business data -- and frustrate the government's attempts to monitor him.
It will be also interesting to follow the nascent Single-Board computers market in 2016 and 2017, and what implications SBCs will bring for better or worse to the current security implications, namely in domestic users´ security.
Yes. In 2013, researchers uncovered malware that resides in systems' BIOS: http://arstechnica.com/security/2013/10/meet-badbios-the-mysterious-mac-and-pc-malware-that-jumps-airgaps/
In 2015, Kaspersky Labs uncovered malware that resides in hard drive firmware: https://blog.kaspersky.com/equation-hdd-malware/7623/
Yes, it is possible, but that's already clear by now, isn't it.
For instance, a hobbyist like me can implement a microcontroller-based hardware keylogger featuring a SIM card to report back via SMS or 3G wireless (similar to Amazon Whispernet). This sort of gadget must be standard issue for spying agencies around the globe, monitoring targets wirelessly.
Rui F Ribeiro's answer is already great but I thought about complementing it with this quote from another answer here on Security.SE:
The Snowden leaks have exposed the various methods in which the American government can compromise computers. This includes installing hardware bugs in the keyboard itself, the GPU, or other components that make the computer fully rooted and compromised even if an O/S is reinstalled. They have also installed radio transmitters to defeat "air-gapped" computers that never connect to the internet by exfiltrating data via hidden radio. Jacob Appelbaum's talk on the subject is very informative: I highly suggest watching this video as he details the various devices the government is known to use. A wikipedia summary is also available.
You don't even need to hack it -- Intel now conveniently provides on-chip remote hardware access capability (AMT -- Active Management Technology) along with a documented API, so you can do stuff like reflash sleeping computers over the network.
There is a really cool exploit named row hammer which answers your TLDR of can hardware be compromised. Yes it can.
The premise of this attack is that because memory has been getting smaller and closer together to fit more memory onto a chip, the problem of DRAM cells interacting electrically with each other is now exploitable. If you access one location in memory this can cause charge to leak onto neighboring locations. If you do this fast enough and in a distinct pattern, you can predictably modify certain bits in memory which will cause you to gain kernel privileges in all of physical memory.
So this is an exploit induced by software, which compromises the hardware.
I've also heard of another technique where by listening very carefully to the sound of a harddrive writing, you can predict the data that is written. I can't find the paper on this and it didn't seem that feasible when I read it anyway.
The answer is yes, but if you're worried about e.g. a company like Intel doing this, the answer is almost certainly that they are not doing this on a wide scale.
How do we know? Simple: for monitoring, you need communication. If your computer were to communicate with (say) the NSA, the data would have to pass through your communication channels, like your router. In other words, your router would be able to record it and would be aware of it, hence security researchers would find out about the unexpected communication very soon.
Of course, they may not know what is being communicated (if the data is encrypted), but simply knowing that there is communication and -- even better -- knowing whom it is with is enough to raise eyebrows and blow any covers that might be there.
