Newly proposed Congressional legislation would require the US to conduct security reviews for connected vehicles built by automakers from China and “other countries of concern.” Rep. Elissa Slotkin (D-MI) introduced the bill on Wednesday.
The hardware backdoors are pretty difficult to find… but I object to your statement that software is easy. The obfuscated C contest is a wonderful demonstration.
You know the best way to analyze a submission to the OCCC? Compile it, then run the result through a disassembler. You get back far more readable code than the source.
But you’re right; reading code isn’t easy; I meant relatively. If you have government-level resources and can hire a bunch of experienced software developers to review source code, armed with a bunch if static analysis tools (<cough>NSA), you have a decent chance of finding malicious code in software. I know of no similar tools (and the automated software analysis tools are the important factor) for finding backdoors in hardware.
The hardware backdoors are pretty difficult to find… but I object to your statement that software is easy. The obfuscated C contest is a wonderful demonstration.
You know the best way to analyze a submission to the OCCC? Compile it, then run the result through a disassembler. You get back far more readable code than the source.
But you’re right; reading code isn’t easy; I meant relatively. If you have government-level resources and can hire a bunch of experienced software developers to review source code, armed with a bunch if static analysis tools (<cough>NSA), you have a decent chance of finding malicious code in software. I know of no similar tools (and the automated software analysis tools are the important factor) for finding backdoors in hardware.