It’s not new news but this article does unravel the story a lot further including how they fooled the Argentinians a second time after vulnerabilities were found in the crypto.
"How did they compromise the security of the system? It appears that they manipulated the random number generator at the heart of the system, such that at a known interval, the “random numbers” would repeat. The list of approved customers received units without the compromised generator, but H-460 devices sent to the rest of the world had this intentional weakness built-in from the factory. When the NSA intercepted a communication that had been encrypted using a weakened H-460, they could decrypt it in seconds rather than months."
"Does a weakened random number generator sound familiar? How about the RDRAND instruction in Intel processors, just a few years ago? It was suggested that the random number generating instruction in Intel chips was untrustworthy. There were fireworks in the Linux kernel development, but ultimately, several different communities began treating RDRAND output as untrustworthy."
It is no wonder I’m noticing more and more hosting and cloud services advertising "not hosted in the USA". But it goes right down to the hardware level and I was speculating last year if this was not the reason why there was such a backlash against Huawei hardware – the backdoor gets lost if you can’t get other governments to use your hardware. It may not be about Huawei spying, but rather the NSA losing their own spying ability. And it is worth remembering this information has come to the fore about the NSA and CIA, but we’ve still not see anything about Huawei been shown to be doing anything. I’m not saying they are not doing anything, but the irony of it is not lost on me.
But of course with cloud services who needs to worry about the hardware any more…
See Project Rubicon: The NSA Secretly Sold Flawed Encryption For Decades
#technology #security #government
There have been a few moments in the past few years, when a conspiracy theory is suddenly demonstrated to be based in fact. Once upon a time, it was an absurd suggestion that the NSA had data taps …