Newly proposed Congressional legislation would require the US to conduct security reviews for connected vehicles built by automakers from China and “other countries of concern.” Rep. Elissa Slotkin (D-MI) introduced the bill on Wednesday.
Everyone knows that if a member of the PRC’s secret police took a plane to LAX they’d be physically unable to write malware or backdoors. America has a circle of protection cast over it that prevents malicious actors.
Obviously, yea, we should empower an agency to check all software for backdoors… and, ideally, they should be checking for shit from the NSA too.
Software is easy. It’s the hardware backdoors that are hard to find, and those have been being built for at least a decade. They were pretty simple to start; I can’t imagine what they’re capable of hiding in 5nm process chips.
The hardware backdoors are pretty difficult to find… but I object to your statement that software is easy. The obfuscated C contest is a wonderful demonstration.
You know the best way to analyze a submission to the OCCC? Compile it, then run the result through a disassembler. You get back far more readable code than the source.
But you’re right; reading code isn’t easy; I meant relatively. If you have government-level resources and can hire a bunch of experienced software developers to review source code, armed with a bunch if static analysis tools (<cough>NSA), you have a decent chance of finding malicious code in software. I know of no similar tools (and the automated software analysis tools are the important factor) for finding backdoors in hardware.
Everyone knows that if a member of the PRC’s secret police took a plane to LAX they’d be physically unable to write malware or backdoors. America has a circle of protection cast over it that prevents malicious actors.
Obviously, yea, we should empower an agency to check all software for backdoors… and, ideally, they should be checking for shit from the NSA too.
Software is easy. It’s the hardware backdoors that are hard to find, and those have been being built for at least a decade. They were pretty simple to start; I can’t imagine what they’re capable of hiding in 5nm process chips.
The hardware backdoors are pretty difficult to find… but I object to your statement that software is easy. The obfuscated C contest is a wonderful demonstration.
You know the best way to analyze a submission to the OCCC? Compile it, then run the result through a disassembler. You get back far more readable code than the source.
But you’re right; reading code isn’t easy; I meant relatively. If you have government-level resources and can hire a bunch of experienced software developers to review source code, armed with a bunch if static analysis tools (<cough>NSA), you have a decent chance of finding malicious code in software. I know of no similar tools (and the automated software analysis tools are the important factor) for finding backdoors in hardware.