Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
Encryption Networking Privacy Your Rights Online Hardware IT

Ask Slashdot: Can Commercial Hardware Routers Be Trusted? 213

Posted by timothy
from the rot13-is-the-only-way dept.
First time accepted submitter monkaru writes "Given reports that various vendors and encryption algorithms have been compromised. Is it still possible to trust any commercial hardware routers or is 'roll your own' the only reasonable path going forward?" What do you do nowadays, if anything, to maintain your online privacy upstream of your own computer?
This discussion has been archived. No new comments can be posted.

Ask Slashdot: Can Commercial Hardware Routers Be Trusted?

Comments Filter:
  • No. (Score:5, Interesting)

    by deconfliction (3458895) on Saturday December 21, 2013 @06:26PM (#45756773)

    'nuff said.

    • Re:No. (Score:5, Interesting)

      by deconfliction (3458895) on Saturday December 21, 2013 @06:32PM (#45756805)

      actually the obvious answer is that trust is not a binary thing. Evaluate your threat models. If you want to be safe from the NSA, and you are protecting information they want to know, then yes, I would say that eschewing any technology from corporations that are easily coerced by the NSA would be a good idea. Of course, that is practically impossible. But you do what you can. And wanting a device with all source available, in a form that is easy to (perhaps modify and) compile to a verifiable equivalent of the stock firmware and operating system would be the first obvious step.

      • Re:No. (Score:5, Insightful)

        by sabri (584428) on Saturday December 21, 2013 @06:38PM (#45756841)

        actually the obvious answer is that trust is not a binary thing.

        Actually, the obvious answer is that you don't have a choice. No matter how much effort you put into it, you will always be depending on third party hard- or software that simply have to trust. So, you want to solder your own PCB? Sure, go ahead, but your Ralink SoC is still manufactured somewhere in China. Don't trust Cisco's IOS? Sure, write your own, and let me know how you designed and manufactured your own ASICs. And then we're not even discussing the fact that as soon as the packet leaves your router, it will enter one that you don't even own. Yes, there is a lot that you can do and I think the closest real answer to the poster's question is to just get an OpenWRT capable router and compile from scratch, but to not trust anyone is simply not an option.

        • One solution is to simply not communicate outside of a domain you trust. Go offline. I the extreme, use pen and paper to store information you don't want others to see, and if you need to share that information with others, memorize it and tell it to them in person. As a compromise, use a trusted courier. But even that requires trusting someone.

          Basically, adopt the same "off the communications grid" techniques that Osama bin Laden was thought to use.

          As I said, you give up a lot, and for 99+% of us, tha

          • Go offline.

            If you do that they win !

            Internet is a threat to them. Internet is the one thing that can expose their evil deeds.

            If there was no Internet, Edward Snowden's revelation will never get known to many of us.

            The obvious answer is FPGA routers, made with fully open-sourced VHDL files.

        • Re: (Score:3, Interesting)

          es, there is a lot that you can do and I think the closest real answer to the poster's question is to just get an OpenWRT capable router and compile from scratch, but to not trust anyone is simply not an option.

          I agree with you, though would optimistically add to your thoughts- "to not trust anyone is simply not an option... yet". Maybe there will come a day when a truly open source and hardware replicator will become possible. Before dismissing me completely, I imagine there would be some years where it looks like an Apple-II 3d printing another Apple-II, but it's seeming more and more possible. And then it's a bootstrapping issue from there to catch back up to modern specs. But I'd have a lot of fun with an

          • There will never be a commercial chip printing machine. Stop living in Terra Nova.

            • You are right. But there IS a FPGA strong enough to program it to be a processor. And there are FPGA configs to make some popular architectures out of it, including Sun Sparc. It's quite enough for 90 per cent of jobs you make on your Intel or AMD desktop. I don't believe that it's possible to create a bugged VHDL compiler or bugged FPGA. It' too low-specialized for such task, and any mismatch between FPGA and the VHDL's idea of it will just cause a total failure.

              • The problem with using a FPGA is that THEN you're buying a chip that costs more than Intel's second- or third-most expensive i7, and getting a CPU with the approximate performance of a 500MHz Pentium III.

                More importantly, even if you DO build your own CPU using a FPGA, at least 95% of your VHDL is going to come from somebody else if you want to have it meaningfully working, with Ethernet and USB, before you die someday. If somebody is so paranoid about security that he doesn't think he can trust a COTS CPU

        • Actually, the obvious answer is that you don't have a choice.

          There is always subsistence farming.

        • Re:No. (Score:5, Interesting)

          by tibman (623933) on Saturday December 21, 2013 @11:03PM (#45757897) Homepage

          You could always just build a cpu from scratch? http://www.homebrewcpu.com/ [homebrewcpu.com]

        • Re:No. (Score:4, Interesting)

          by AmiMoJo (196126) * <[ten.3dlrow] [ta] [ojom]> on Sunday December 22, 2013 @01:08AM (#45758343) Homepage

          If you use commodity hardware you could have two CPUs from different manufacturers and compare outputs. Back in the 80s that sort of thing was popular in critical systems. Buy a 68000 CPU from two different sources, preferably from different continents and with each being a unique design. Run the same code on both, and if their outputs don't match for some reason one is faulty. This of course assumes that both don't have identical back-doors.

        • I always chuckle when people claim that being able to compile from source is helpful in securing their stuff. How many people have actually bothered to review open source anyway? It has taken until now to actually get a review of TrueCrypt, a program that almost everyone uses for encryption and open source. Along those lines, we should all switch to Gentoo and never get compromised again! *rolls eyes*
      • Re:No. (Score:5, Informative)

        by D-Fly (7665) on Saturday December 21, 2013 @06:50PM (#45756901) Homepage Journal

        Public key cryptography using open source tools that have been tested and retested by lots of other coders still works pretty well. The RSA backdoor you are referring to is certainly discouraging news. But on the other hand, the fact that RSA had backdoored itself was sort of understood by the community at large as far back as 2006, shortly after they issued the compromised tool. This week's news is merely confirmation. That's why PGP and its ilk, open source and made by activists, might be a better option than commercial tools by companies with a strict profit motive.

        If you are really concerned about security, you might very well want to roll your own machine, and certainly should run a fresh, clean linux install off a CD every time you start up, to reduce the chances your machine is compromised.

        • Re:No. (Score:5, Interesting)

          by couchslug (175151) on Saturday December 21, 2013 @07:15PM (#45757025)

          "certainly should run a fresh, clean linux install off a CD every time you start up, to reduce the chances your machine is compromised."

          You can also boot an .iso image from a USB or other flash as well as CD and load it entirely to RAM with no persistent home.

          Knoppix (nicely polished distro) has had the "toram" option for many years as do other distros it inspired.

          http://en.wikibooks.org/wiki/Knowing_Knoppix/Advanced_startup_options#Transferring_to_RAM [wikibooks.org]

        • Re:No. (Score:4, Insightful)

          by toejam13 (958243) on Saturday December 21, 2013 @07:18PM (#45757039)

          If you are really concerned about security, you might very well want to roll your own machine, and certainly should run a fresh, clean linux install off a CD every time you start up, to reduce the chances your machine is compromised.

          The next question is, what motherboard and network card firmwares can you trust? Running trusted code at the OS level and higher does reduce your risks, but until you can audit the code running your hardware, there is still a threat.

          Obviously, one can ask if most companies are a big enough fish to worry about this. Firmware hacks are fairly sophisticated, which makes me believe that they'd mostly be used to spearfish data from specific companies. So unless there is hidden backdoor in every network card manufactured by Popular Company X, should we be worried?

          • Re:No. (Score:5, Informative)

            by Anonymous Coward on Saturday December 21, 2013 @07:28PM (#45757097)
            Firmware attacks can be sophisticated indeed: http://spritesmods.com/?art=hddhack&page=1 [spritesmods.com]
          • by Goody (23843)

            I think to be really secure, you have to mine the silicon yourself and etch all integrated circuit silicon wafers in your own underground lab. Using any code that is on the Internet is foolhardy. You must develop all your operating systems from scratch, in assembly language.

            • by Sique (173459)
              With "mining silicon yourself" you surely mean "fill a bucket with sand", right? Sand is, after all, mainly silicondioxide. Then you have to mix the sand with coal and iron ore in an oven to create ferrosilicon. Blow hydrogen chloride on it to get Trichlorsilan. Distill it and then let it condense at pure silicon bars to grow them. Put the resulting large silicon bars into a zone melting oven to purify them.

              The problem with silicon is not mining the ore. Its purifying the silicon.

          • The amount of work required to install a back-door in the chip sets for all commodity network gear is low enough in comparison to the payoff that you can assume it has already been done. Why go to the trouble of hacking every OS in existence when your "modified" network card can just access the memory and HDD and send you the data?
        • Re:No. (Score:5, Informative)

          by Jane Q. Public (1010737) on Saturday December 21, 2013 @07:20PM (#45757047)

          " But on the other hand, the fact that RSA had backdoored itself was sort of understood by the community at large as far back as 2006, shortly after they issued the compromised tool."

          "Backdoored itself" is a singularly apt way to put it. But apparently they were engaged in trying to "backdoor" other people, too, which is not a victimless crime.

          Personally, after their "SecureID" debacle and now this, I'm not inclined to "trust" RSA at all. Fool me once, and all that.

          And the same can be said about DropBox. They promised end-to-end encryption, but instead they were "de-duping" files to save storage, which means that entirely contrary to what they told their customers, they actually had direct access to your raw files. Sure, they fixed that (so they say), and said "Sorry, we won't do it again." But how much can you trust them, considering that they blatantly lied to you before?

          • by icebike (68054)

            And the same can be said about DropBox. They promised end-to-end encryption, but instead they were "de-duping" files to save storage, which means that entirely contrary to what they told their customers, they actually had direct access to your raw files. Sure, they fixed that (so they say), and said "Sorry, we won't do it again." But how much can you trust them, considering that they blatantly lied to you before?

            Deduping should never actually work if the files were store with unique encryption keys. On personal stuff, multiple files that are bit-for-bit identical (such as THIS GUY's Experiment [fosketts.net] you can see where it might be possible, but perfectly innocent. After all he sent the exact same file with just a different name.

            But de-duping encrypted files seems unlikely to have much of a payout.

            • "Deduping should never actually work if the files were store with unique encryption keys."

              Yes, this is correct.

              "On personal stuff, multiple files that are bit-for-bit identical (such as THIS GUY's Experiment you can see where it might be possible, but perfectly innocent."

              And this is correct, as well. But what they were actually doing was the former, not the latter. Their "end to end encryption" promise was simply and blatantly false.

        • Given the resources the NSA has, I think you can assume that any crypto they allow to exist must be back-door'd.
        • by Ihlosi (895663)
          If you are really concerned about security, you might very well want to roll your own machine,

          That'll help against cybercriminals. Maybe. If you're lucky.

          If you really have TLAs going after you, expect attacks that are hardware-based or at least have a hardware component.

        • by Sqr(twg) (2126054)

          That's why PGP and its ilk, open source and made by activists, might be a better option than commercial tools by companies with a strict profit motive.

          If you were an unpaid maintainer of an open-source cryptography tool, and someone offered you $3 million (tax free) to use a specific random-number generator (with no known weaknesses) in your software, would you do it?

      • by unixisc (2429386) on Saturday December 21, 2013 @09:07PM (#45757515)

        If you wish to skirt the NSA, get your router from Huawei, and let the Chinese spy on you instead. If you don't want the Chinese to spy, get something from the usual NSA contributors. Or see if there's anything made in Russia or any country that's totally independent of the US.

        How easy is it to get a standard router from Cisco or Juniper, and replace IOS or JunOS w/ something like pFsense, m0n0wall or OpenWRT?

        While at it, switch to IPv6, and within a group of people, share a /64 subnet so that even if the NSA spies, they'll find it impossible to source the original source/destination, particularly if dynamic IPs are used.

    • Re:No. (Score:5, Insightful)

      by erroneus (253617) on Saturday December 21, 2013 @06:42PM (#45756855) Homepage

      I was going to say that.

      RSA compromised with money. Cisco compromised already documented. Juniper? I don't know but I wouldn't doubt it.

      NSA, you've turned the world against the US and all its businesses. Happy yet?

      • by Moskit (32486)

        > Cisco compromised already documented.

        Documented where?

      • Don't be uncharitable towards the NSA! They're as unhappy as you are this all got out.

        They took every precaution to prevent the world from learning about this sort of thing. If they'd had their way, nobody would know or suspect and everything would be fine.

        If you want to blame anyone for having all this come out, blame that tattletale contractor guy with the big usb sticks.

    • by mellon (7048)

      To expand, your router is plugged into the Internet. Your packets traverse many unfriendly wires. They might even trombone through Belarus. So if you want real privacy, find a Tor router you know you can trust. Good luck!

      • Given how extensively the NSA has been working to see everything, we should assume that TOR has been compromised. If you want real privacy, roll your own (hardware and software).
    • by msauve (701917)
      It doesn't matter. Either there's an airgap, where nothing can get out regardless, so it doesn't matter, or their's a hop along the path you don't control so the security of your device doesn't matter.
      • It doesn't matter. Either there's an airgap, where nothing can get out regardless, so it doesn't matter, or their's a hop along the path you don't control so the security of your device doesn't matter.

        If you have an Intel processor, then there is already a radio backdoor built in. See http://www.intel.com/content/www/us/en/enterprise-security/what-is-vpro-technology-video.html [intel.com]

        • by msauve (701917)
          Huh? What routers use an Intel laptop processor? What routers use an Intel processor at all - they're mostly MIPS/ARM, RISC is simply better and cheaper for the bit-banging required. In modern routers, very little traffic ever even touchs the CPU, it's switched in hardware. And what wireless can keep up with the traffic which flows through even a single Gb port? Any wireless isn't going far without an antenna external to the metal case they're are built in. No, those plastic Linksys/Dlink/Netgear/Belkin toy
    • by hackus (159037)

      and our enemies don't trust them either:

      http://arstechnica.com/business/2013/11/cisco-attributes-part-of-lowered-earnings-to-chinas-anger-towards-nsa/ [arstechnica.com]

      Do yourself a favor and get yourself a PC white box and start routing with a LINUX source code stack.

      At least then you can pick the hardware you want to trust and you can have a choice as to how far you want your security to go into the software stack audit.

      But all of this is pointless.

      As I pointed out before, it is IMPOSSIBLE to build a secure system anywhere

  • by ModernGeek (601932) on Saturday December 21, 2013 @06:29PM (#45756795) Homepage
    You still have to rely on the trustworthiness of the NICs. Anything contacted to the Internet can not be trusted.
    • by the_B0fh (208483)

      Like that Intel NIC that was reliably going offline when receiving a "corrupted" packet?

      • by ewieling (90662)
        I still have nightmares from that. We call it Intel NIC Debacle of 2013 (or sometimes just The Dark Times). Lost business and had many very angry customers because of that NIC. Kristian Kielhofner should be named some sort of geek Saint or something for finding the root of the problem.
        • Re: (Score:2, Funny)

          by Anonymous Coward

          [Posting Anon to preserve mods already made...]

          I still have nightmares from that. We call it Intel NIC Debacle of 2013 (or sometimes just The Dark Times). Lost business and had many very angry customers because of that NIC. Kristian Kielhofner should be named some sort of geek Saint or something for finding the root of the problem.

          Jesus Ad Hominem Christ! You got this close and didn't even think about naming him Saint NIC?!?

          Prepare to be visited by the Ghost of Slashdot Past....

  • by dgatwood (11270) on Saturday December 21, 2013 @06:34PM (#45756811) Journal

    The answer depends on what you mean. As far as I'm concerned, a hardware router can probably be trusted to be a basic firewall/router. It's pretty unlikely that anyone will come up with a useful attack on a device that's just doing port blocking, NAT, and basic routing. At worst, somebody might DOS it or turn it into a well-connected zombie to aid in DDOSing somebody's server, but neither of those is compromising your data.

    Now if you're passing unencrypted data across that router, you might have a problem, but then again, passing unencrypted data across any router outside your own intranet is a bad idea, so nothing new there. And if you're expecting the commercial router to provide a VPN, then the answer to whether it is trustworthy becomes "no", because its crypto implementation cannot readily be audited and verified to be trustworthy.

    • by LWATCDR (28044)

      That pretty much sums it all up. Frankly unless you are some high profile location I would not worry much about a government based backdoor in your router. If they want your data bad enough they will find a way. You are going to do Tempest? Are you hardened for social attacks? What about all your PCs?
      If you are worried, something like OpenBSD or Linux as a router should work. I am pretty sure if they are interested enough they will get the data one way or another.

      • by FlyHelicopters (1540845) on Saturday December 21, 2013 @07:48PM (#45757209)

        I am pretty sure if they are interested enough they will get the data one way or another.

        This...

        Or has no one ever heard of rubber-hose cryptography?

        If all else fails, they can break in at night and steal the information locally, or simply put a gun to your head.

        When it comes to computer nerds, that last option probably has a 99.99% success rate.

    • by RR (64484) on Saturday December 21, 2013 @10:59PM (#45757889)

      As far as I'm concerned, a hardware router...

      There is no such thing. A device that moves data from one location to another, using some policies to examine and transform it, is not just a "hardware" device. It's also software. And if it interfaces with software, then it can be compromised. Or haven't you noticed the news about D-Link routers? [slashdot.org] A lot of these routers have 2MB or less of flash, which makes it difficult to find a useful exploit, but "difficult" doesn't mean "impossible."

      It's pretty unlikely that anyone will come up with a useful attack on a device that's just doing port blocking, NAT, and basic routing. At worst, somebody might DOS it or turn it into a well-connected zombie to aid in DDOSing somebody's server, but neither of those is compromising your data.

      With just a little paranoia, I can imagine someone finding a way to get those routers to copy your traffic, or at least the headers, to some hostile entity. It doesn't take full knowledge of your traffic to destroy your privacy. [arstechnica.com]

      A router is a type of computer. It's subject to all the same concerns about trustworthiness as any debate about proprietary and free software.

      • by dgatwood (11270)

        There is no such thing. A device that moves data from one location to another, using some policies to examine and transform it, is not just a "hardware" device.

        That's completely immaterial. A hardware router is distinguished from a software router by whether it is or is not a general-purpose computer. Hardware routers range from that little D-Link all the way up to Cisco boxes. In the most extreme designs, the hardware provides a dedicated I/O processor that performs the actual routing functions, allowin

    • by jhol13 (1087781)

      I would be surprised if every single american made router can NOT be attacked by NSA to gain management console. Which means thay can inspect and re-route your data at will. And they can get the access inside your intranet. Same with british made (is there any?), probably israeli and maybe some chinese. IMHO best bet would be german or perhaps scandinavian ones. Same with VPN, german VPN is very likely without intentional holes.

  • by kasperd (592156) on Saturday December 21, 2013 @06:35PM (#45756819) Homepage Journal
    If you replace a hardware router with a PC, you have to trust
    • CPU
    • Motherboard
    • BIOS
    • Storage device
    • Storage controller
    • Network interface
    • Operating system

    If any of the above is compromised, you are no better off than with a hardware based router.

    If you by hardware router mean a device that truly forwards packets in hardware without involving any sort of CPU, then your best guarantee is the economical one. It is cheaper for the vendor to manufacture hardware without snooping capabilities than with.

    • I was going to suggest OpenBSd plus pfsense, but you kind of took the wind out of my sails.
    • by AHuxley (892839)
      Be your generations http://www.gnewsense.org/Projects/Lemote [gnewsense.org] you don't have to 'trust' just understand and test.
      Take your cash, skills and efforts away from the tame junk "compromised" brands and build with more interesting products, projects.
    • by Ungrounded Lightning (62228) on Saturday December 21, 2013 @08:35PM (#45757407) Journal

      Modern laptops and desktops come with remote administration tools built into the chips on the board. (The vendors tout this as a feature, simplifying administration of a large company's workstations. It's easier and cheaper to build it into everything than to be selective, so it's in the machines sold to individuals, too.)

      One example: Intel Active Management Technology (AMT) [wikipedia.org] and its standard Intelligent Platform Management Interface (IPMI) [wikipedia.org], the latter standardized in 1998 and supported by "over 200 hardware vendors". This is built into the northbridge (or, in early models, the Ethernet) chip).

      Just TRY to get a "modern laptop" (or desktop), using an Intel chipset, without this feature. (I suspect the old Thinkpad is how far back they had to go to avoid it.)

      You can't disable it: Dumping the credentials or reverting to factory settings just makes it think it hasn't been configured yet and accept the first connection (ethernet or WiFi, whether powered up or down) claiming to be the new owner's sysadmins.

      If the NSA doesn't know how to use this to spy on, or take over, a target computer, they aren't doing their jobs.

      Some of the things this can do (from the Wikipedia articles - see them for the footnotes):

      Hardware-based AMT features include:

      Encrypted, remote communication channel for network traffic between the IT console and Intel AMT.
      Ability for a wired PC (physically connected to the network) outside the company's firewall on an open LAN to establish a secure communication tunnel (via AMT) back to the IT console. Examples of an open LAN include a wired laptop at home or at an SMB site that does not have a proxy server.
      Remote power up / power down / power cycle through encrypted WOL.
      Remote boot, via integrated device electronics redirect (IDE-R).
      Console redirection, via serial over LAN (SOL).
      Keyboard, video, mouse (KVM) over network.
      Hardware-based filters for monitoring packet headers in inbound and outbound network traffic for known threats (based on programmable timers), and for monitoring known / unknown threats based on time-based heuristics. Laptops and desktop PCs have filters to monitor packet headers. Desktop PCs have packet-header filters and time-based filters.
      Isolation circuitry (previously and unofficially called "circuit breaker" by Intel) to port-block, rate-limit, or fully isolate a PC that might be compromised or infected.
      Agent presence checking, via hardware-based, policy-based programmable timers. A "miss" generates an event; you can specify that the event generate an alert.
      OOB alerting.
      Persistent event log, stored in protected memory (not on the hard drive).
      Access (preboot) the PC's universal unique identifier (UUID).
      Access (preboot) hardware asset information, such as a component's manufacturer and model, which is updated every time the system goes through power-on self-test (POST).
      Access (preboot) to third-party data store (TPDS), a protected memory area that software vendors can use, in which to version information, .DAT files, and other information

    • If you replace a hardware router with a PC, you have to trust

      • CPU
      • Motherboard
      • BIOS
      • Storage device
      • Storage controller
      • Network interface
      • Operating system

      If any of the above is compromised, you are no better off than with a hardware based router.

      If you by hardware router mean a device that truly forwards packets in hardware without involving any sort of CPU, then your best guarantee is the economical one. It is cheaper for the vendor to manufacture hardware without snooping capabilities than with.

      The flip side of that is that if you are a powerful agency - one powerful enough to control what's going on in overseas fabrication plants and suppress any signals coming out of them, you have to be able to set up a scheme that's subtle enough to go undetected without it either being subverted by or corrupting the:

      • CPU
      • Motherboard
      • BIOS
      • Storage device
      • Storage controller
      • Network interface
      • Operating system

      Because Chthulhu knows, it's hard enough to get that stack operating reliably even without a secret agenda. If j

  • by Anonymous Coward

    I'm definitely in the "no" camp on this one, but how about after-market, open-source firmware? I run DD-WRT on my good ol' WRT54G, which I trust a heck of a lot more than the OEM code. How far does replacing the stock firmware go towards securing my home network?

    • I'm definitely in the "no" camp on this one, but how about after-market, open-source firmware? I run DD-WRT on my good ol' WRT54G, which I trust a heck of a lot more than the OEM code. How far does replacing the stock firmware go towards securing my home network?

      It goes as far as you can trust your replacement code.

      It won't protect you from hardware-based exploits except to the degree that you use the hardware in unexploitable ways. It won't protect you from fifth-column code in your OS if you use that code without inspecting it. But at least you should have a reasonably degree of trust in your own code.

      And yes, I know the theory behind malware-injecting compilers, linkers and debuggers. But as long as you're not operating in a monocultural environment, there are s

  • The Wrong Question (Score:5, Insightful)

    by agwadude (666995) on Saturday December 21, 2013 @06:37PM (#45756829)
    You shouldn't have to trust your upstream routers. Instead you should assume they're compromised and use end-to-end encryption. HTTPS and SSH, for example, specifically protect against active attackers such as malicious routers.
    • by storkus (179708)

      This! Mod parent way up! The question isn't whether your [insert endpoint here] is safe, but if the intermediate points are. Even if your own router is safe, what about the one upstream? I've assumed for a long time (way before Snowden) that all electronic communications are monitored, and when you realize that, and the insane difficulty of getting around that monitoring, you kind of give up. You have to decide what is important enough to secure from a worthy (non script-kiddie) adversary and versus le

      • OTOH, if you're doing something that the intelligence agencies (regardless of country) is interested in, your only real hope is to use the the 100% open software/firmware like the FSF advocated

        The question is, are you trying to stay off the radar, or trying to avoid having the NSA hack your computer once you're on the radar?

        If the former, the challenge is that they can miss and miss and miss, and only have to hit once. You have to hit every time. The odds of that over any period of time are nearly zero. A single mistake and all your efforts are for nothing.

        If the latter, no amount of electronic protection is going to do you any good. If they really can't hack their way in, they'll just w

    • You shouldn't have to trust your upstream routers

      No, instead you should be able to verify all of your hardware and software are valid. One way to do this is demand the VHDL and compiled chipset designs for all your hardware. This way one can benchmark things such as power draw or timing characteristics in reality and simulation, allowing some degree of verification that pattern matching code isn't running across your bits.

      Unfortunately people are confused by the infinitely reproducible nature of information. This is the first generation of the online In

  • routerpwn (Score:2, Informative)

    by Anonymous Coward
  • I wouldn't. [schneier.com]

    Our team of scientists and Linux netwokring experts has an open, next generation router project [igg.me] up on IndieGogo right now, but we aren't getting much traction. I guess we missed product-market fit. To the point that we are have modified the campaign to ask people not to buy the router or if they do - risk us not shipping some of the more advanced features that we are working on in this product. We had hoped to release it all as open source but I just don't think that' going to be possible now, un

    • by vadim_t (324782)

      Some comments:

      "Upliink"? Took me a while to notice there are two "i"s there for some bizarre reason. As a result, googling for it failed. If you're going to make up words, at least don't make them confusingly similar to normal ones.

      Half a million is an awful lot of money. $430 is a lot for a router.

      It's not clear at all what it does. IPv6 internet? What is that?

      Sharing the connection with nearby people? Why would I want to?

      Mesh networking. How is this going to scale? What performance and latency do you expe

      • Thanks for your feedback. Something I've learned is that marketing and complexity don't mix, so I agree our communication strategy is not optimal. We are trying to talk to too many audiences and doing a bad job with all of them. We'll try harder.

        Half a million is an awful lot of money. $430 is a lot for a router.

        It's a server/router hybrid. We need to be clearer about that. The specs are competitive with what you'd find in the market for regular computers, but we thought it would be distracting to break them down because some of them are subject to change.

        It's not clear at all what it does. IPv6 internet? What is that?

        Sharing the connection with nearby people? Why would I want to?

        Because at scale,

        • by wvmarle (1070040)

          You always talk about Internet to be a one-time cost.

          That's only true if there is no (high speed) uplink to the rest of the world to be paid for, for example. Those don't come for free. And if you're really sticking to your own mesh network, it's going to be unusably slow. And people wouldn't be able to access staples like Slashdot, or Google.

        • by vadim_t (324782)

          Ok, since you liked it, I decided I'll think on this some more and give some more feedback. So:

          Something I've learned is that marketing and complexity don't mix, so I agree our communication strategy is not optimal. We are trying to talk to too many audiences and doing a bad job with all of them. We'll try harder.

          You need a good reason for why I would want this right off the start. And right now it's not there. Look at FON [wikipedia.org], who did part of what you are, much more successfully. The immediate question for something like this is "Why would I want to share my connection?", and FON answered "You'll earn money!". There, that's nice and sensible.

          They also gave out their hardware at a ridiculously cheap price. They were selling th

  • by mbone (558574) on Saturday December 21, 2013 @06:52PM (#45756921)

    This is a big (and, I personally fear, unfixable) problem for the IETF [youtube.com] and associated Internet bodies. Of course, router security is only a tiny piece of it. Given that RSA has been revealed as taking money from the NSA to weaken security protocols [cnet.com], who knows how deep the rot goes.

    One big fight right now is in over the removal of NSA employed Chair of the Crypto Forum Research Group [ietf.org]. There will be more.

  • by vadim_t (324782) on Saturday December 21, 2013 @06:55PM (#45756931) Homepage

    For ensuring the safety of your outgoing traffic, it doesn't matter at all whether you can trust your router or not. It's just one step away from a router at your ISP, which you can't trust, and which can be assumed to be malicious.

    It's a bit different for ensuring the safety of your internal network, though. If you think there might be any reason why the NSA, government or whoever might want to reach inside your personal network, then you certainly should avoid any closed solutions and keep it under as much control as possible. That router might well hiddenly allow people that know how to access your network without permission.

    Router manufacturers also have been caught rewriting pages to insert ads. Here is one example of such a thing [theregister.co.uk].

  • by BitZtream (692029) on Saturday December 21, 2013 @07:18PM (#45757035)

    If you're worried about a router and if you can trust it, you've already done it wrong.

    Your data should have been encrypted before it let the original application if its something you care about.

    It shouldn't MATTER if you can trust the router, if it does, you've already failed.

  • Good question! (Score:2, Insightful)

    by mikeg22 (601691)
    I have no answer. I wanted to comment that this is the most pertinent "Ask Slashdot" that I've seen in the last five years. I would guess any router who's firmware was open-sourced.
  • If you are doing things that affect large powerful organizations in potentially negative way, you already know you are a target. Deal with it with hardened software, but don't forget that most secret information is lifted with social engineering (inside jobs of dozens of types.) Someone gives the combo to the safe away!

    If you are not stepping on government, NSA or mega-corp toes, standard encryption techniques are probably just fine, but that is just one of the lines of defense.

  • Where I am the telco that is a bottleneck to the rest of the world has admitted letting the NSA watch everything available. If you are in such a situation if your router is phoning home that's just redundancy.
  • by Mr. Protocol (73424) on Saturday December 21, 2013 @08:35PM (#45757403)

    All the crypto software I've looked into depends on big internal arrays of special numbers to do its work. If those numbers are compromised (which is what NSA contracted RSA to do, basically), then the whole end-to-end crypto channel is compromised.

    And that's the problem. You can build an open-source hardware router with open-source software, to keep the possibility of hardware backdoors to a minimum, but if the basic crypto algorithm you use has been compromised from the get-go, none of it matters. I think that's going to be the next really difficult intellectual load to lift: vetting ALL of the current crypto algorithms in use today to make sure the algorithms don't have built-in compromises. Since that vetting has to be done by crypto experts, not just software engineers, that pushes the trust back up one step: which crypto experts do you trust?

  • by kheldan (1460303) on Saturday December 21, 2013 @09:23PM (#45757569) Journal
    The only way to obtain 100% safety from being hacked by a government agency, as well as anyone else, is to place an air gap between your system(s) and the public Internet. Think of it like trying to protect your house from burglars breaking in: The best you can do is slow them down. Given enough time, skill, and resources, any burglar can defeat any security arrangement in any house. Same goes for your computers. Therefore there is an implied level of risk involved if you wish to continue using the internet, and if you cannot accept that risk, even after taking reasonable precautions against your system(s) being compromised by whoever might wish to, then you must re-evaluate whether or not it's worth it to you to continue using the internet at all. Now, some people are going to flame me for saying this, because they're convinced that life cannot continue without internet access, but that's simply not true, just ask anyone who was an adult about 25 years ago how they managed to get along without the World Wide Web (hint: they got along just fine without it).
  • I do not trust commercial routers, not because of NSA-weakened crypto, but because of plain old security holes like unclosed developper backdoors or web administrative interface full of CRSF vulnerabilities

    I use a Soerkis [soekris.com] box with a PCI DSL board, and I run NetBSD [netbsd.org] on it

  • There is no privacy on the Internet. Never has been.
  • Timothy, Timothy, Timothy. When will you ever learn? "Ask Slashdot" posts belong in the "Ask Slashdot" section so that those of us who choose to filter out those stories can do so. It doesn't work though if you keep posting "Ask Slashdot" stories in other sections.
  • According to Fox Mulder from The X-Files. ;)

"Free markets select for winning solutions." -- Eric S. Raymond

Working...