Re: [TSCM-L] {4243} US IT execs advised to weigh laptops & discard phones after China travel

From: Eric Schmiedl <eric.s..._at_gmail.com>
Date: Thu, 17 Sep 2009 00:52:58 +1000

>From - Sat Mar 02 00:57:20 2024
Received: by 10.86.233.8 with SMTP id f8mr216673fgh.15.1253119272175;
        Wed, 16 Sep 2009 09:41:12 -0700 (PDT)
Received: by 10.86.233.8 with SMTP id f8mr216672fgh.15.1253119272156;
        Wed, 16 Sep 2009 09:41:12 -0700 (PDT)
Return-Path: <tsc..._at_shaddack.mauriceward.com>
Received: from 121.235.cust.netway.cz ([85.239.224.118])
        by gmr-mx.google.com with ESMTP id 5si469619fge.2.2009.09.16.09.41.11;
        Wed, 16 Sep 2009 09:41:12 -0700 (PDT)
Received-SPF: pass (google.com: domain of tsc..._at_shaddack.mauriceward.com designates 85.239.224.118 as permitted sender) client-ip….239.224.118;
Authentication-Results: gmr-mx.google.com; spf=pass (google.com: domain of tsc..._at_shaddack.mauriceward.com designates 85.239.224.118 as permitted sender) smtp.mail=tsc..._at_shaddack.mauriceward.com
Received: (qmail 15572 invoked by uid 0); 16 Sep 2009 18:41:11 +0200
Date: Wed, 16 Sep 2009 18:41:11 +0200 (CEST)
From: Thomas Shaddack <tsc..._at_shaddack.mauriceward.com>
To: tscm-l2006_at_googlegroups.com
Subject: Re: [TSCM-L] {4243} US IT execs advised to weigh laptops & discard
 phones after China travel
In-Reply-To: <1253111853.4ab0f82dabe3c_at_webmail.uslec.net>
Message-ID: <0909161838020.0_at_somehost.domainz.com>
References: <c47c30070909121029h75e65162laa1cf98d60afb530_at_mail.gmail.com>
 <1252914208.4aadf4203cfb9_at_webmail.uslec.net> <1253111853.4ab0f82dabe3c_at_webmail.uslec.net>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII


That's what the reimaging of the disk after return is for.

However, that does not address eventual compromising of the machine's
BIOS.

With some machines, the BIOS chip can be taken out of its socket,
read by an EEPROM reader, and checked for modifications. More modern
machines usually have the BIOS in flash memory chips soldered to the
motherboard. I assume they could still be acecssed without having to boot
the machine, e.g. by JTAG, but good luck getting the information out of
the vendor. We can of course always desolder the chip and put it into a
socket, but that is a hassle and voids the warranty.



On Wed, 16 Sep 2009, ed wrote:

> I think it's more likely that compromised laptops would have spyware (software)
> installed rather than hardware devices that actually have mass. And I would
> think that Chinese spies would be more likely to target the *contents* of US
> execs' smart phones than installing spyware on them.
>
> -ed
Received on Sat Mar 02 2024 - 00:57:20 CST