I would like to hear about possibly adding, data package blocking from electricity, (since it’s possible) on a kernel level.
To say it more simply, i’ll give an example
It’s possible to transfer data with a “homeplug” as they are called. Possibly other ways also. Which transfers data packets? from & to electricity (Home network for example) (Home Electricity System)
Since that’s possible it would be nice to add security on a kernel level which won’t allow that, unless activated by the user, thereby it can protect users from unknown code in the bios,efi,uefi coding which is proprietary and thereby, not neither visible nor secure to the user.
That way the hardware would have to talk through the internet instead of the electricity? And would possibly be able to being tracked that way, somehow.
Many articles and blogs talk about proprietary blobs on a hardware level which has unrestricted access to the computer, AMI BIOS,Intel Management engine, AMD PSP etc. Thereby adding that security to the kernel could possibly save the user from spying? on kernel level. Thereby hopefully by-passing the proprietary blobs, that way. Is this possible? Thank you
Well there’s 2 things, if you’re talking about powerline adapters.
1: All you’re getting into your PC is data, not overvoltage or the like, your adapter won’t let electrical spikes through, there’s electrical isolation in those components.
2: Softare can’t protect acainst physical quirks.
connecting to a powerline adapter is already possible via ethernet and USB. Done.
protecting from electrical transients using inductance to get into your net?
Seriously though - such things should not be able to get in through a decent UPS and even then how much they can do depends on a lot of variables, but almost all of them hardware or already dealt with in software as much as they can be.
If you are super worried about it - a battery is the ultimate low-pass-filter. Get a UPS that provides full-time drive from the battery rather than line switching and there is no path.
Yes, ment powerline adapters. They transfer data through electricity, non-phone line. Even if the tech is by phone, it proves it’s possible to transfer data over electricity alone. So should be possible to block it aswell, somehow, on some level?
Surely software can do a lot, to at least minimize exposure to certain code, which is what’s going on with spectre, meltdown etc. Was just curious as to how, data packets can be transferred via a non-phone line and possibly blocking this, somehow
Possibly, that does sound viable on some level even though i was more interested in controlling electricity by code, firmware, software etc. Not only voltages, more in-depth, possibly analyzing electricity-data-packets from linux?
You’re not going to receive data through the power going in to your pc. You can’t block it because there’s nothing there to block. These power line adapters connect to Ethernet, if you don’t have a power line adapter connected to Ethernet then you’re not going to receive any data.
iptables(and equivalent)/selinux already provide fine-grain control of resources accessible to the kernel.
In terms of IME vulnerabilities - the kernel does not have the ability to control that so much as it and the bios can potentially load code into it that causes it to stop.
It has to run to some degree to boot the CPU, but there is a flag that tells it to stop after doing the non-negotiable steps. There is no fine-grain control of it from a running kernel - hence its danger when running old versions of non-reviewed Minix.
Again, to stop intrusions there, you’d use iptables/firewall to stop incoming packets going anywhere but to a service already designed to handle them and while I find it unlikely, though vanishingly possible to get through a modern PSU (the NSA/CIA/KGB have done crazier things), the imposition of a line conditioner/ups would remove this possibility entirely by low-pass filtering the power signal itself.
Nothing to be added to the kernel. Configure your firewall to allow only desired traffic in. Configure selinux to prevent disallowed activity. Done. (and frankly the default config of many linux distros).
This sounds like extreme tin foil hatting from people who dont understand how electronics actually work.
You cant plug your computer into the wall and have some rogue signal coming out of your outlet pass through your PSU to any components to execute code. The rectifier, caps and chokes work together to eliminate any possible vector of attack.
You cant just make an inductive signal to ethernet, youd need to coil your romex next to a coil of ethernet to even remotely make that happen. FYI you should never coil ethernet cables anyway, it defeats the shielding in the twisted pair. You shouldnt even have your ethernet in the same raceway as anything higher voltage, its against code.
The powerline adapter is the only way to use live electrical wire to pass a higher frequency signal across a line, and they have very limited range and are easily outperformed by a decent AP.
It’s not whether a rogue signal is executing code, that wasn’t the question. Was interested in if it’s possible for data packets to travel through a power line connection, which is possible through ethernet over power-line as i understand it so far. If the ethernet connection exist side-by-side or inside the electricity as it travels between points, then that would require a physical device, (in this case a powerline adapter)
Which in theory could also be virtualized, (the adapter itself) i guess?
In the best case scenario you could kinda ‘read’ what your computer is doing by analyzing the waves of the electrical signal going to your PC, but even then it’s only tell-tailing and tinfoilery. Which, while possible, is nothing to pragmatically worry about.
And that’s just listening. Being able to write data would be some serious next level poop.
Knocks on wood.
So your thought is that the powerline adapter itself could be leveraged, which is possible in theory. To do this from the grid itself would be near impossible as the powerline adapters themselves already have a hard time communicating across different circuits in your house. To make it through the transformer on the pole to your computer is stretching it pretty far.
In order for someone to leverage your powerline connection they would likely have to place a device in the circuit its being used on. Then they could probably sniff or even inject packets. It would probably be easier to MITM the ethernet connection though because the knowledge to do so is already available.
I’ll play devil’s advocate here though and assume that you could add a device in-line or inductively to the service entrance to your house. Should a person try to implement something like this, it would be no different from protecting a normal network. The powerline adapters themselves dont interface with the computer in a way that would allow you to see someone who isnt supposed to be there. It would be down to something like wireshark to detect a crafted packet. If said person was only listening they would be undetectable. The same theories you would use to protect an AP would apply. Encryption is the best way to keep people from snooping. I dont know enough about the mainstream options to know if powerline adapters already do this in some way but my immediate guess would be no, they dont. Assuming the worst your best option to defeat this attack is a VPN on each machine thats internet connected.
No, that is not it either, though thank you for your input & time My initial thought was communication between hardware,bios,firmware & electricity in general, meaning data packets travelling through electricity with a known or unknown protocol, somehow “speaking or listening” without a ethernet or general internet connection. Others have pointed out possibilities, so thank you aswell.
I understand it sounds tinfoily, though thats was not where i wanted to take this thread. It was to possibly list possibilities and i guess there is enough to list already
Well, bios,efi,uefi or other types of firmware. Management engine for example, can hook up recovery on a macbook with internet connection, even if it has linux installed instead or even if there is no operating system. If it’s able to do that, it must have something inside that makes it possible and im guessing it’s not just few lines of code. Kind of like that, on a deeper level i guess. I know it’s a long shot from that to what i’m talking about, still kind of curious about this.
Fun fact: Disable Intel ME by not using the first Ram slot (Pre Intel 7 Series)
I still dont understand where youre at so break it down for me real stupid simple like. How does a signal get through the electronical pixie pipes to your hardware to tell it to let the NSA check out your horse porn stash?
Lets start with some basics of electronics so were on the same page. In your PSU you have whats called a “full bridge rectifier” and that is essentially a specific configuration of diodes so that your AC sine wave becomes positive only. Diodes, for the uninitiated, are like a check valve in a pipe allowing flow in only one direction.
It looks like this on an oscilloscope:
Then theres capacitors. They kind of act like a resistor in a way but instead of resisting current they resist a change in voltage. Like a low capacity battery they charge and discharge quickly, so you get rid of the dips (mostly).
After that the signal looks like this (green line):
The same exact process applies to your router, or basically any device that operates from wall power that needs DC.
Should you have a high frequency signal such as the ones in a computer they would be stopped by the iron ferrite rings. You might have noticed these in a power supply or on the end of a cable.
They look like this:
and also this:
They prevent high frequency signals in the circuit. Like a low pass filter on a subwoofer, only the frequencies you care about can get through. They work both ways. No high freq in or out. The FCC is very particular about this because they dont want your laptop interfering with other signals just by being on and you dont want those pesky signals interfering with your laptop either.
So now we are here left with cleaned DC signals on our devices. How do you propose we get this signal in?
Theres also the dubious idea that they could somehow affect firmware but I’ll leave that for another time.