This latest 60 seconds video excerpt (32.40-34.00) by Bruce Schneier, and this oct 2013 MIT Review article, show how extremely complex, widespread and probable is the problem of firmware or physical backdoors inserted in extremely widely-used hw components, during device manufacturing process.
That is only expected to get worse as, post-Snowden, both illegal or unconstitutional spying by state and non-state entities will increasingly have to rely on expanding the capabilities of automated-targeted critical exploitation of millions of end-user device, as most internet traffic and data will be encrypted, and most widely used software for encryption and onion routing gets improved and hardened for security.
Schneier and the MIT article author implicitly or explicitly state there is nothing that can be done to assure users in regards to their safety against such huge current threat.
I believe Schneier is wrong by saying that there is nothing to do or, better, I think he really meant to say there is nothing to do if we want the type of feature and application richness we are used to with today’s mainstream commercial computing, as they are either in cahoots with one or more national governments and/or their complexity is way beyond the ability of anyone to verify them adequately.
The solution is simply to simplify!
The solution is hinted at in a statement by the DARPA representative in the mentioned MIT article, when he said:
“DoD relies on millions of devices to bring network access and functionality to its users. Rigorously vetting software and firmware in each and every one of them is beyond our present capabilities, and the perception that this problem is simply unapproachable is widespread.“
I’d argue that what he really means when he talks about the large number of DoD devices, is not really their number in units, but really the number of different DoD devices and the complexity of many or most of such DoD them of them.
That makes sense since, given very large but still limited budgets, to have complete verifiability and adequate verification of every hw component on a given device can be done for a few targeted, and extremely simple, hw platforms, albeit with huge upfront cost ( and relatively very low marginal costs).
The same process would instead be hugely costly, or effectively impossible, for more complex devices that rely on large number of complex components from many different third parties, where adequate access to manufacturing processes oversight may be hugely costly or impossible – even through enhanced versions of programs such as the DoD Trusted Foundries Program (TFP) – for obstacles due to matters of IP protection, corporate choices or national security agencies interests of the nation hosting the fab.
The solution is therefore to focus limited resources (high 1 or low 2 digit $ millions) of a an international joint venture of private, no-profit and ethical hacker communities (supported by private funds, partnering IT companies, state and foundation grants) on a single minimal hw platform (or SoC). Such platform: is suitable – albeit with very severe performance and functional limitations– for server, router and handheld end-user device for basic communications; has extreme simplicity of features, hardware and software; and has complete verifiability and enacts adequately-extreme and open verification.
The resulting levels of assurance and consequent value to ordinary users and to ultra-critical users would produce large revenues, to gradually expand capabilities and features, without reducing and possibly increasing the assurance level. User Verified Social Telematics.