This maybe a dumb question but i became paranoid all of a sudden and wanted some answers because i can’t find it anywhere else nor can i sleep without it. Like even if i did flash linux on a lets say amd laptop couldn’t the chip itself be spying on me ? Also i understand bootloaders are stored or rom is there a way to know what else is stored on it are roms open source ? Are cpu’s open source and companies like asus store their logos and shit on their mother boards so what else could they be storing ? Are there open source alternatives for these parts ? Are we all being privacy cautios for nothing ? I know we can use firewall but wouldn’t the chip integrated have the ability to bye pass it ?

I know there are linux laptops but having a pre installed linux and some switches isn’t gonna solve the problem do they use open source roms and motherboard ? Are there any fully open source chipsets ? I want to know the same about smartphones too ?

  • Salamander@mander.xyz
    link
    fedilink
    arrow-up
    0
    ·
    8 months ago

    I am also quite interested in this. It is not something that keeps me awake at night, and I am not particularly paranoid about it. But I find that working towards answering this question is a fun frame from which to learn about electronics, radio communications, and networking.

    Since this appears to be something that is causing you some anxiety, I think it is better if I start by giving you some reassurance in that I have not yet managed to prove that any electronic device is spying on me via a hidden chip. I don’t think it is worth being paranoid about this.

    I can explain some things that could be done to test whether a Linux computer spying. I am not suggesting that you try any of this. I am explaining this to you so that you can get some reassurance in the fact that, if devices were spying on us in this manner, it is likely that someone would have noticed by now.

    The “spy” chip needs some way to communicate. One way a chip might communicate is via radio waves. So, the first step would be to remove the WiFi and Bluetooth dongles and any other pieces of hardware that may emit radio waves during normal operation. There is a tool called a “Spectrum Analyzer” that can be used to capture the presence of specific radio frequencies. These devices are now relatively affordable, like the tinySA, which can measure the presence of radio frequencies of up to 6 GHz.

    One can make a Faraday cage, for example, by wrapping the PC with a copper-nickel coated polyester fabric to isolate the PC from the radio waves that are coming from the environment. The spectrum analyzer antennas can be placed right next to the PC and the device is left to measure continuously over several days. A script can monitor the output and keep a record of any RF signals.

    Since phones are small, it is even easier to wrap them in the copper-nickel polyester fabric alongside with the spectrum analyzer antenna to check whether they emit any RF when they are off or in airplane mode with the WiFi and Bluetooth turned off.

    What this experiment may allow you to conclude is that the spy chip is not communicating frequently with the external world via radio frequencies, at least not with frequencies <= 6 GHz.

    Using frequencies higher 6 GHz for a low-power chip is not going be an effective method of transmitting a signal very far away. The chip could remain hidden and only emit the signal under certain rare conditions, or in response to a trigger. We can’t rule that out with this experiment, but it is unlikely.

    A next step would be to test a wired connection. It could be that the spy chip can transmit the data over the internet. One can place a VPN Gateway in between their PC and the router, and use that gateway to route all the traffic to their own server using WireGuard. All network packets that leave through the PC’s ethernet connection can be captured and examined this way using Wireshark or tcpdump.

    If one can show that the device is not secretly communicating via RF nor via the internet, I think it is unlikely that the device is spying on them.

    • sbv@sh.itjust.works
      link
      fedilink
      English
      arrow-up
      0
      ·
      8 months ago

      If one can show that the device is not secretly communicating via RF nor via the internet, I think it is unlikely that the device is spying on them.

      The best you can learn is that you didn’t detect communication while you were listening.

      Security researchers typically assume that attackers know the systems that will be used against them.

      An attacker could evade this trap by waiting to phone home.

      Or the hardware could encode information in timing by subtly delaying data leaving the device.

      Or it could sneak information out in the pseudorandom data that it uses to set up secure connections.

      Or it could use stenography to encode data in your photos.