Security wanted to open up my suitcase and look at the bag of chargers, USB sticks, etc, and was concerned about the laser pointers. He decided they were pens, and I didn’t disabuse him of the notion. Why disturb the tranquility of his ignorance?
High-bandwidth Digital Content Protection (HDCP) is a form of copyright protection developed by Intel. It is designed to prevent the copying of digital audio and video as it travels accross media interfaces such as HDMI, DisplayPort or Unified Display Interface (UDI).
The system is meant to stop HDCP-encrypted content from being played on devices that do not support HDCP or which have been modified to copy HDCP content. Before sending data, a transmitting device checks that the receiver is authorized to receive it. If so, the transmitter encrypts the data to prevent eavesdropping as it flows to the receiver.
Manufacturers who want to make a device that supports HDCP must obtain a license from Intel subsidiary Digital Content Protection, pay an annual fee, and submit to various conditions.
On 14th September 2010 the HDCP Master Key was somehow leaked, and published online in various sources. At present it is unknown how this Master Key was obtained, or whether Intel is doing any investigations as to how this happened. Intel has however threatened to sue anyone.
The leaked master key is used to create all the lower level keys that are stored within devices, so you can see what a nightmare this must be for Intel.
Intel have threatened to sue anyone that makes use of this key under intellectual property laws. However it will now only be a matter of time before we start seeing black market devices appearing.
If anyone’s at all interested though, you can find the key here.
A recent Scientific American article does point out that is is getting increasingly difficult to keep our Trusted Computing Base sufficiently small.
For further information on this scenario, see: http://www.imdb.com/title/tt0436339/ 
We actually discussed this in the early days of virus research, and sporadically since. The random aspect (see Dell problems with bad chips) (the stories about malware on the boards is overblown, since the malware was simply stored in unused memory, rather than being in the BIOS or other boot ROM) is definitely a problem, but a deliberate attack is problematic. The issue lies with hundreds of thousands of hobbyists (as well as some of the hackers) who poke and prod at everything. True, the chance of discovering the attack is random, but so is the chance of keeping the attack undetected. It isn’t something that an attacker could rely upon.
Yes, these days there are thousands of components, being manufactured by hundreds of vendors. However, note various factors that need to be considered.
First of all, somebody has to make it. Most major chips, like CPUs, are a combined effort. Nobody would be able to make and manufacture a major chip all by themselves. And, in these days of tight margins and using every available scrap of chip “real estate,” someone would be bound to notice a section of the chip labeled “this space intentionally left blank.” The more people who are involved, the more likely someone is going to spill the beans, at the very least about an anomaly on the chip, whether or not they knew what it did. (Once the word is out that there is an anomaly, the lifespan of that secret is probably about three weeks.)
Secondly, there is the issue of the payload. What can you make it do? Remember, we are talking components, here. This means that, in order to make it do anything, you are generally going to have to rely on whatever else is in the device or system in which your chip has been embedded. You cannot assume that you will have access to communications, memory, disk space, or pretty much anything else, unless you are on the CPU. Even if you are on the CPU, you are going to be limited. Do you know what you are? Are you a computer? Smartphone? iPod? (If the last, you are out of luck, unless you want to try and drive the user slowly insane by refusing to play anything except Barry Manilow.) If you are a computer, do you know what operating system you are running? Do you know the format of any disk connected to you? The more you have to know how to deal with, the more programming has to be built into you, and remember that real estate limitation. Even if all you are going to do is shut down, you have to have access to communications, and you have to a) be able to watch all the traffic, and b) watch all the traffic, without degrading performance while doing so. (OK, true, it could just be a timer. That doesn’t allow the attacker a lot of control.)
Next, you have to get people to use your chips. That means that your chips have to be as cheap as, or cheaper than, the competition. And remember, you have to use up chip real estate in order to have your payload on the chip. That means that, for every 1% of chip space you use up for your programming, you lose 1% of manufacturing capacity. So you have to have deep pockets to fund this. Your chip also has to be at least as capable as the competition. It also has to be as reliable as the competition. You have to test that the payload you’ve put in place does not adversely affect performance, until you tell it to. And you have to test it in a variety of situations and applications. All the while making sure nobody finds out your little secret.
Next, you have to trigger your attack. The trigger can’t be something that could just happen randomly. And remember, traffic on the Internet, particularly with people streaming videos out there, can be pretty random. Also remember that there are hundreds of thousands of kids out there with nothing better to do than try to use their computers, smartphones, music players, radio controlled cars, and blenders in exactly the way they aren’t supposed to. And several thousand who, as soon as something odd happens, start trying to figure out why.
Bad hardware definitely is a threat. But the largest part of that threat is simply the fact that cheap manufacturers are taking shortcuts and building unreliable components. If I was an attacker, I would definitely be able to find easier ways to mess up the infrastructure than by trying to create attack chips.
 Get it some night when you can borrow it, for free, from your local library DVD collection. On an evening when you don’t want to think too much. Or at all. WARNING: contains jokes that six year olds, and most guys, find funny.
I’m not very big into forensics any more, but occasionally I’ll get asked to take on a case or two, and whenever I do, the one thing that people always manage to seem to get wrong is the chain of custody.
Now for those of you who have no idea what I’m talking about here, here is the blurb from Wikipedia on Chain Of Custody.
“Chain of custody (CoC) refers to the chronological documentation or paper trail, showing the seizure, custody, control, transfer, analysis, and disposition of evidence, physical or electronic. Because evidence can be used in court to convict persons of crimes, it must be handled in a scrupulously careful manner to avoid later allegations of tampering or misconduct which can compromise the case of the prosecution toward acquittal or to overturning a guilty verdict upon appeal. The idea behind recording the chain of custody is to establish that the alleged evidence is in fact related to the alleged crime, rather than having, for example, been planted fraudulently to make someone appear guilty.”
I have seen so many cases through the years, where a single has just gone and asked a user to please shutdown their PC, and then taken it away from them, jumped in a cab, and as it was late, taken the PC home with them for the night. Then the next morning, they’ll walk into my office and ask me to do forensics on the host, as the user in question has been doing x,y and z wrong on company property and they want to fire them and prosecute. It’s very hard trying to explain to senior management, that while, I can do the forensics for you, and I’m sure that I’ll find something, can you please just prove to me that you didn’t put it there to frame the person? This usually results with the same old conversation, that kind of goes along these lines.
Manager: “Of course I didn’t put it there! I’m a senior manager, why would I do that, what do I stand to gain?”
Me: “Well, it could be that you just don’t like this person, or on a personal level, they’ve done something to upset you”
Manager: “Well, I’m telling you that I didn’t put anything on his PC, and I’m a senior manager! So get started with the forensics asap, and let me know!”
Me: “You seem very defensive, it sounds like you may be hiding something?”
Manager: “I am not hiding anything, I just want you to prove that he was doing something wrong so that I can fire him and then get legal to prosecute!”
Me: “Okay, I’ll do what I’ve been asked. Just remember though, I’m a IT Security guy, and you sound guilty to me, even though you may not be, imagine what a lawyer would do with you? We have forensics procedures, that are visible to the entire company in regards to bringing in user’s PC’s, next time can you please take the time to read these?”
The senior manager then usually storms out of the office.
Following proper procedures for forensics purposes is of the utmost importance, as if you do need to lay charges you need to be able to prove that you did everything by the book. If you don’t have detailed procedures for your in-house forensics, maybe now is the time to start thinking about writing some…