Tag: Privacy

Proving the Known, EFI/UEFI Exploited for BIOS Level Attacks

We’re continuing with a second report (many more coming!) on the “Vault 7” Documents we started digesting recently. There is an extensive section dedicated to EFI/UEFI exploitations. While this threat has been known from a theoretical standpoint from the moment the non-free BIOS replacement–EFI/UEFI–came into existence, the Vault 7 documents published recently now confirm that these threats are real and these weaknesses are actively being exploited.

One interesting read we’re focusing on today is the EFI/UEFI “ExitBootServices Hooking” exploit and sample copy-and-paste code to inject a hook into the last execute state of the EFI/UEFI process (the “ExitBootServices”).

Copy-and-paste code was included in the leaks which allow for the exploitation of UEFI-based boot systems by altering the operating system’s kernel which is loaded into memory before exiting the UEFI boot sequence. The copy-and-paste code allows for an attacker to insert a custom hook which can be used to arbitrarily alter the operating system’s kernel in memory immediately before execution control is handed to the kernel. — Wikipedia’s summary.

It is trivial to utilize this exploit:

Because the ExitBootServices service can be found by getting its pointer from the global EFI_BOOT_SERVICES table, hooking the ExitBootServices call is trivial. […] When you’re running in UEFI, that EFI_BOOT_SERVICES table isn’t protected by anything, so you can just write directly to it. — Vault 7 ExitBootServices Hooking

The result is that the entire system is compromised. As the page highlights, “At this point, you can do whatever you want.”

This type of exploit once-again highlights that security is a game of depth. This exploit is one level below the kernel, which means it has complete control of every level above it, such as the kernel, the entire operating system, any and all applications, network traffic, web application usage, and all user interaction.

The good news is, Purism recently completed the port of coreboot to the Librem 13 v1 (with more ports to come for the rest of our devices), providing a free/libre and open source replacement for EFI/UEFI which avoids all of the exploits mentioned within the documents.

The only long-term approach to protect oneself is to have complete control of the device. Control is the key word, and there is no other way to have complete control than to have as much of the software released under free software licenses where the source code is available to confirm it operates in your best interest and not that of criminals, spies, bad hackers, nations, or thieves.

Confirming that EFI/UEFI has a known and trivial exploit that is built into the standard also confirms that there is no depth too deep to exploit, and the only defense against unwanted stripping of a users’ digital rights is to use hardware and software that you control. Purism does just that by releasing all software under a free software license where the source code is available to be audited, reviewed, and scrutinized making a user control their device not the device controlling the user.

What the US Senate Vote Barring the FCC from Protecting the Privacy of Customers Means

On March 23rd, 2017 the US Congress disapproved the rule submitted by the Federal Communications Commission relating to “Protecting the Privacy of Customers of Broadband and Other Telecommunications Services”, and so that rule shall have no force or effect.

This means the FCC does not have the legal authority to protect the privacy of customers from ISPs gobbling up all the data they want to. The ISPs own the connection from your router to the Internet at large. ISPs have access to everything that passes over the connection including any non-encrypted content such as, every webpage you visit, every email you send, every photo you share, every document you deliver, and any social media post you make. Utilizing SSL helps guard against this threat of ISPs selling your head-end usage data, which is why Purism integrates EFF‘s HTTPS Everywhere in PureOS by default. In the future Purism will also be including SSL tunneling by default to help users stop ISPs from the privacy invading fire-hose of everything you do online.

What the CIA Vault 7 Documents Mean

WikiLeaks has recently released a treasure trove of documents, codenamed Vault 7, that will take weeks to digest. And we will digest it all. But before we go document by document, we wanted to address top-level concerns users have, and how our philosophy and business model are the only ones that can withstand the test of time against this type of user device control. Read more

Neutralizing the Intel Management Engine on Librem Laptops

In my last blog post, I have spoken of the completion of the Purism coreboot port for the Librem 13 v1 and mentioned that I had some good news about the Intel Management Engine disablement efforts (to go further than our existing quarantine) and to “stay tuned” for more information. Since then I got a little side-tracked with some more work on coreboot (more below), but now it’s time to share with you the good news! Read more

Purism Warrant Canary Updated January 1st 2017

Happy GNU year!

Before (or on) the first day of each quarter, Purism, following the general rules of warrant canaries, will update its own Warrant Canary page if none of the listed items occurs.

warrant-canary-64x70px

Warrant Canary, January 1st 2017

  1. We have not placed any backdoors into our software or hardware, and we have not complied with any requests to do so.
  2. We have not received, nor complied with any National Security Letters or FISA court orders.
  3. We have not been subject to any gag order by a FISA court.

The next statement will be published on the first day of each quarter (January 1st, April 1st, July 1st, October 1st). Please refer to the Warrant Canary page for details and digital signatures.

Apple’s Collecting User Calls and Messages, and How Purism Avoids This Type of Threat

Another day, another corporate surveillance story; this time it is Apple who decides to secretly send users’ call history, as well as messages, to the “cloud” (which in this case is iCloud servers, owned and controlled by Apple).

This brings up a number of issues we have spoken about before, that users who buy Apple products think they own the device, until the realization—through near daily stories reporting on Apple undermining the privacy of user data—that Apple actually owns the iPhone device, and that iOS users are simply renting it as well as the software and services that run on it.

The Problem

Apple, like Google and Microsoft, controls the software that runs on your phone. Those companies will not relinquish control of their devices nor software because users continue to buy and finance their bad practices of exploiting users.

The Solution

Use, support, and buy products that are completely free software, where the source code is available, so that all the software on your device can be controlled by the user, not the software giants who undermine digital rights.


Purism ships PureOS with its products, which is completely free software. Customers can also elect to have Qubes preinstalled, or to install their own operating sytsem. Purism hopes to get PureOS officially endorsed by the Free Software Foundation very soon. Additionally, in the long term Purism is working towards its ambitious goal to fully free its hardware and get hardware certification by the FSF, becoming the first manufacturer of “brand new” high-performance laptops to achieve this.

Android’s Secret Backdoor, and How Purism’s Business Model Avoids This Type of Threat

photo
Security contractors recently discovered preinstalled software in some Android phones that monitors where users go, whom they talk to and what they write in text messages. Emilio Morenatti/Associated Press

Today we learned once more why utilizing pure free software where the source code is available is critical to protect users’ rights to privacy, security, freedom, and anonymity.

The New York Times points out that this latest security breach “shows how companies throughout the technology supply chain can compromise privacy, with or without the knowledge of manufacturers or customers.”

Let’s examine the problem and see what can be done about it. It’s not too late to stand up for your rights.


The Fundamental Problem

All phones and tablets on the market today suffer from the same problem: the code that operates those devices are a mystery to the users. In this specific case Google’s Android, but the same problem exists with Apple devices and Windows devices, where the operating system, software-updated firmware, and most software that runs on those devices do not have the source code available to verify that there are no backdoors sending your private data to unwanted third parties.

Purism Competitive Privacy Matrix

What this means is there is absolutely no way, for a user of Android, iOS, OSX, Windows, or any operating system that does not release all the source code, to guarantee he/she is not being illegally spied upon for nefarious reasons, corporate surveillance, government spying, and/or private data mining.

The tracking built into mobile devices is at every level imaginable. We need to create a better, digital rights respecting future for computing.

The Future of Computing

If we, as users, continue to morally and financially support Android, iOS, OSX, Windows or any other operating system that strip away the digital rights of users, we continue to advance a future where:

  • users are controlled for profit;
  • private data is mined for advertising revenue;
  • governments spy on people;
  • corporations capitalize on every user interaction;
  • security breaches involve staggering amounts of personal data, with enormous consequences for individuals—even worse than what we’ve been seeing in recent years.

Every time you purchase a device from hardware companies that pre-install Android, iOS, OSX, Windows, and other nonfree operating systems, you are contributing to the erosion of your rights. Buying an HTC device benefits HTC, Google, the carrier, and all software companies that preinstall their privacy-stripping binaries. Similarly, buying Apple benefits Apple, the carrier, and all software apps preinstalled or even later installed.

Current technology purchasing decisions,
Current technology purchasing decisions. Can you smell the smoke?

The Solution

  1. Use a free software operating system, where the source code is released.
  2. Use hardware that allows you to run a completely freed operating system, where there is no mystery binaries, no private data delivered anywhere, and most importantly that you control.
  3. Support companies and organizations like Purism, and know that every penny of a purchase goes to benefit the future of computing and the digital rights for users. Make informed purchasing decisions and support hardware manufacturers that push Free Software’s agenda all the way through the supply chain.

The Upcoming Purism Phone and services infrastructure

Subscribe to our newsletter (simply send an email to announce-join@announce.puri.sm to subscribe automatically) or follow us (see website footer for social links), then you will be notified when Purism launches the first freedom, security, and privacy respecting phone.

Purism Warrant Canary Updated October 1st 2016

Before (or on) the first day of each quarter, Purism, following the general rules of warrant canaries, will update its own Warrant Canary page if none of the listed items occurs.

warrant-canary-64x70px

Warrant Canary, October 1st 2016

  1. We have not placed any backdoors into our software or hardware, and we have not complied with any requests to do so.
  2. We have not received, nor complied with any National Security Letters or FISA court orders.
  3. We have not been subject to any gag order by a FISA court.

The next statement will be published on the first day of each quarter (January 1st, April 1st, July 1st, October 1st). Please refer to the Warrant Canary page for details and digital signatures.

Apple v FBI: It’s About Control

86.5% of Americans use a cell phone. When you purchased your phone, you most likely believed you owned it outright, just as you own your toaster, your electric razor, or your hair dryer. The device in your purse or pocket, however, is not your own–you are essentially renting it from companies such as Apple, Google and Microsoft. Once you purchase an Apple product, for example, you relinquish control of the device, thereby giving up your legal rights to Apple.

How was this allowed to happen? By agreeing to the terms of service and upgrades, along with the proprietary software pre-installed on the phone, you married yourself to a machine that is essentially controlled by these companies. The news of the collusion and voluntary surrender of information to the NSA of our data, emails, and phone calls–all of which were collected whether or not the information was needed–is fresh in our memory.

It appears Apple, Google and Microsoft would like the American public to forget they voluntarily and summarily collected and offered up all of our data to the NSA in the name of national security post 9-11; now, they would like us to believe they are protecting our rights and our privacy by refusing to allow the FBI access to the phone used by one of the shooters in the San Bernardino attack. While some believe Apple noble to not provide a bypass to the FBI, others are on the side of the government, thinking these companies should be doing whatever it takes to protect America. It is obvious, however, that both sides are missing the point.

We can use the only known legal precedent as an analogy. If you have a safe that requires a key to unlock it, a warrant is legally required to force the holder of that key to turn it over, thus gaining access to the contents of the safe. If, however, you have a combination safe, you can claim the 5th amendment, and no warrant, no court, can compel you to incriminate yourself, extracting the combination from your brain.

That same logic can be applied to the Apple v FBI case. Apple has the key to your phone, by controlling the operating system. Apple can, at any time, circumvent the security features that are supposed to protect you by simply upgrading the operating system.

Think of it this way: If you stay in a hotel, you are renting a room. When you check in, you are given a key to access that room; the hotel still has a master key. Apple is the hotel, and your phone is the room. You are renting it from Apple and they can come in, clean, look around, divulge, steal, expose your information, or not.

You don’t actually own your phone. If we truly owned our phones, court ordered warrants would be served directly to the owner of the phone. The warrants in the case of Apple v FBI were served to Apple, who actually has control of your phone.

The legal issue of whether Apple must give up the key, whether through legal maneuvering around the First Amendment, or an act of Congress, avoids the larger issue of control: if Apple loses this legal battle, all phones, tablets, and computing devices that are under the control of a company are then legally bound to comply with a warrant to give up the key that controls your device. If Apple, or any organization, controls your device, you are giving your legal rights over to that organization.

But if you control your device, there is no master key. Only you have the combination under your control, and never have to relinquish that control. This is the ultimate in security and privacy.

The discussion about whether or not Apple should be compelled to give up the master key is missing the larger point, that Apple should never have had the key to begin with. It is possible to control your device by using free software. With Purism products and the free software that comes with it, you own and control your device. Purism will never be issued a warrant to force us to give up anything relating to your device. Purism doesn’t control the products we sell—you do.


You might also like: “Android and iOS’s Secret Backdoors, and How Purism’s Business Model Avoids This Type of Threat

Camera/Microphone Hardware Kill Switch Behavior on Librem Laptops

All Librem laptops come with a Hardware Kill Switch (HKS) which physically severs the circuit to the Camera and Microphone. The Librem laptops are the first to offer this feature and it works quite well. And in some cases, a bit TOO well.

Specifically a Librem laptop Camera and Microphone Hardware Kill Switch will work with any GNU/Linux OS, but only as long as one obeys these simple rules:

  • Rule #1: Always have the Camera/Microphone HKS in the ON position when booting the laptop. This ensures the kernel is aware the device is there. Once the OS starts up you can toggle the Camera/Microphone OFF and ON as you wish, but…
  • Rule #2: Always have the Camera/Microphone HKS in the ON position BEFORE starting a program that uses the Camera, like CHEESE. Once the program starts you can turn the Camera/Microphone OFF, but you will have to close and restart the program, with the HKS in the ON position, to get the Camera to work with that program.

If any of these rules are violated, the Camera may NOT work until a reboot.

camera-microphone-on

camera-microphone-off

The longer term plan is to develop proper kernel loading and unloading or software application polling of the devices, so the user flow becomes irrelevant. Obviously the kernel and software never took into account severing the circuit during operation, therefore we decided to post this to help user flow, and to provide a roadmap to ideal performance.