NSA-linked Bvp47 Linux backdoor widely undetected for 10 years

[hbsd]

When I was a GNU/Linux user, I always thought I'm using the most secure operating system in the world.
But these days I've seen very bad news about linux security problems. like this:

NSA-linked Bvp47 Linux backdoor widely undetected for 10 years

What worried me was that FreeBSD was also mentioned too:

Some components in the Shadow Brokers leaks were integrated into the Bvp47 framework - “dewdrop” and “solutionchar_agents” - indicating that the implant covered Unix-based operating systems like mainstream Linux distributions, Juniper’s JunOS, FreeBSD, and Solaris.

Have you seen this news? is that true? I trust FreeBSD so much that I didn't even installed antivirus on my system. I'll be happy if you comment on this.

 

[eternal_noob]

Doesn't matter which OS you use, there even are CPU backdoors. Just relax and don't think about it, you can't change it.

 

[Crivens]

Doesn't matter which OS you use, there even are CPU backdoors. Just relax and don't think about it, you can't change it.

That does not mean one has to like it or is not to try to avoid that.

 

[eternal_noob]

Yes, nobody likes backdoors. But the CIA doesn't care.
If you like it secure, disconnect yourself from the internet, there's no other option.

 

[msplsh]

This looks like an implant that opens a backdoor, not an intrinsic backdoor built into the OS.

 

[ralphbsz]

From "The Register":

The code conducts tests of its environment and deletes itself if it doesn't like what it sees. It alters kernel devmem restrictions to allow a process in user mode to read and write kernel address space. And it hooks system functions to hide its own processes, files, network activity, and self-deletion behavior.

It seems that code written like this is highly specific to one OS, and would not work on others.

 

[sko]

From el reg:

To us it seems whoever created the code would compromise or infect a selected Linux system and then install the backdoor on it.

So if someone already gained privileges to install anything on one of your machines, it doesn't matter what it is - this host is compromised and has to be nuked from orbit.

 

[hardworkingnewbie]

Doesn't matter which OS you use, there even are CPU backdoors. Just relax and don't think about it, you can't change it.

Which is the reason for example why good cryptography libraries avoid cryptography algorithms implemented in CPU hardware, instead doing all in software only.

 

[Crivens]

Which is the reason for example why good cryptography libraries avoid cryptography algorithms implemented in CPU hardware, instead doing all in software only.

That is not the point of such a backdoor. That backdoor will silently kick your user process to kernel level upon seeing certain magic instructions.

 

[Cath O'Deray]

… CPU backdoors. Just …

Tangent: Dan Luu's works are outstandingly readable.

 

[Jose]

Doesn't matter which OS you use, there even are CPU backdoors. Just relax and don't think about it, you can't change it.

RISC-V FTW!

 

[covacat]

RISC-V FTW!

risc v socs wont be any better than the arm ones
you won't know what shit they will put inside (can't wait for the broadcom version )

 

[Jose]

risc v socs wont be any better than the arm ones
you won't know what shit they will put inside (can't wait for the broadcom version )

You're probably right in that it will only allow state-level actors to have verifiably backdoor-free hardware. It's still a start.