Anonymous ID: 13a7fa March 8, 2019, 8:41 p.m. No.5585184   🗄️.is 🔗kun   >>5232 >>5252 >>5382 >>5537

>>5582182 lb

I just wanted to throw a log on the fire impressiveanon is working with. since these attack vectors hit through the firmware at ring0 that means any tech like Intel's MGMT engine is in reality a permanent vector for attack. this made me recall an article I was reading not long ago about how AMD for a period had been making strides toward opensourcing firmware compatibility for their chips, but then they didn't just halt the advance towards opensource… the retreated and the fruit is seen in the coprocessor associated with ryzen. iPhones and the like have secure enclave processors which are their equivalent, but I bring up AMD for a couple of reasons.

 

  1. unlike Intel, AMD does not have an in-house foundry to create the on-die processors. they have to source their specs to a 3rd party and if I recall there are not many. the one in particular they use that I read about is in one of the China's (mainland or Taiwan). it would seem that this fact alone sort of defeats the theoretical value of a secure co processor as espionage could happen at the foundry prior to receiving and assembling with the coprocessor or worse the assembly of the two occurs onsite at the 3rd party facility.

 

2nd. AMD somehow assisted China (mainland) with acquiring the know how to produce it's own indigenious processors (like Kirin that Huawei employs). prior to companies in China had to import such tech because they either lacked the capital to produce at scale or the know-how to carry it out.

 

https://firmwaresecurity.com/2017/03/02/users-ask-firmware-vendors-for-open-source-option/

 

https://arstechnica.com/information-technology/2018/07/china-producing-x86-chips-nearly-identical-to-amd-server-processors/

 

  1. combine this with what we are learning about applied vault 7 tech and I am concerned about a scenario I thought out back when the stage fright exploit hit android:

Be a state actor with a 0-day back door into cellular (even 10%-20% of phone's in active use would be sufficient).

Embed APT into phones and wait, while building profiles on the users (immediate family, who they bank with, their employer/ boss, etc…).

upon sufficient collection, and at a desired time, begin simulataneuosly across all infected devices, creating bank transactions of any kind. send text messages to loved ones that have psychological effect (e.g. I'm fucking someone else and u suck), the same on social media…. if 10-20% of cell users all at once are having to correct bank transactions, explain to relatives that someone hijacked their account and sent those messages, etc…. each of these situations, by happening all at once would scale up to be a very big problem (bank phone lines being flooded, much economic activity halted or reversed, fallout from suspicion and breach of trust) really dark shit.

Anonymous ID: 13a7fa March 8, 2019, 8:47 p.m. No.5585272   🗄️.is 🔗kun   >>5318

>>5585232

you are doing gods work sir…. if I can be of any assistance send up the batsignal… like I said stage fright turned me on to this shit, at the time I was dealing with knox trying to root my Android, combine that pain in the ass with already being of the mind if you own it you should be able to pen it and you got one anons that many irl thinks paranoid regarding cyber security.