5 important security questions...

Mar 2, 2014
7
0
4,510
I have some important security questions that I would like answered.

1. If you were to strip down a web browser to remove all plugins and Javacsript... are there any browser exploits that would work...? Can it still be hacked..?

2. How would you go about downloading something like Tor or Tails properly, given that the NSA has packet injection systems like QUANTUMINSERT (see Snowden docs)..? Couldn't they just send you a fake version of Tor, which has spying built into it..?

3. Can the BIOS of a computer communicate with the network, or not...? I've heard about BIOS keyloggers, but how could the BIOS even transfer that keylogged data to anywhere else on the system...? Surely, unless the main operating system requested data from the BIOS, then it couldn't obtain it in the first place...? Surely the BIOS can't just push out this data over the network by itself...?

4. If you were to use a tool like DBAN to totally write over the hard drive, would that totally wipe out any viruses...? I guess this goes back to the question on whether viruses can really hide in BIOS or not...

5. If you were to use a recording app on a phone or computer, would this prevent someone listening to the microphone in the background... picking up background noise...?? I have noticed on a computer that a microphone can only be accessed by one application at a time... Like, if you use Audacity and Windows sound recorder at the same time, it won't let you.... So, if I had an app constantly recording in the background, would that prevent someone from using a hack to listen to me in the background...?

Thanks
 

Mr5oh

Distinguished
Jul 28, 2004
75
0
18,610
1. If you block all plugins it would be more secure, but anything is possible so there would still be a risk.

2. Find an open source alternative, go through the code, and compile it yourself. Although this wouldn't stop someone from snooping on the other end.

3. Yes. The BIOS controls everything. You know the wake on LAN option in your BIOS, you BIOS waits for a packet on the LAN port to turn on.

4. Since the BIOS can be written to from the OS, then yes it would be possible for a virus to end up there. For most virus a regular quick format is fine.

5. A virus could easily still snoop on the PC microphone even if an app is using it.

Hopefully these are out of curiosity and you aren't really this paranoid.
 
Mar 2, 2014
7
0
4,510
OP here.

OK.... Some interesting responses.

The thing that I really want to know, above all, is whether you could use a 2nd recording app, to prevent a mic from being listened to in the background.

I have personally used systems like removing a mic, or smashing a mic with needles, and using an external plug-in mic.

But this is not practical for other people. They don't want to use a plug-in mic whenever they want to make a call.

So..... this is why I wanted to create some kind of app for Android/iPhone etc that essentially records in the background constantly, and deletes the recording constantly too... The purpose is to use up the mic all the time, so it can't be used by Spyware.

I just want to know whether this works, or whether it really is possible for mics to be used by 2 apps simultaneously anyway.
Thanks
 

Mr5oh

Distinguished
Jul 28, 2004
75
0
18,610


As I already mentioned, no that is not a fool proof method. Multiple applications can use the MIC at the same time.

Dsnoop / Link for program/plugin to do this.

I get that in most circumstances two applications can't / wouldn't share a MIC, and it can crash things. However it is very much possible for two things to share the MIC, so it's not fool proof.

Want to really be paranoid, check out this article:

Scientists Extract RSA Key From GnuPG Using Sound of CPU. <-- Thats right placing a cell phone near a PC can snoop on things your CPU is doing, by recording sounds our ears can't even hear.
 
Mar 2, 2014
7
0
4,510
OK.... Dsnoop..... wow.... I guess that's it.....

I know that you said it before, but you didn't give an example.

Well... now you've given that example.. Dsnoop.... wow....

Oh well... it was a nice try lol....

I'll just have to go back to either removing mics or smashing them with a hammer and needles.

Thanks a lot. Dsnoop.
 
Mar 2, 2014
7
0
4,510
One more thing.... what if, instead of trying to use up the mic... I had an app that kills all instances of dsnoop all the time.... or, any other task that uses a mic

Is that any good, or would the hacker just hide the task itself somewhere where I couldn't find it.?
 

Mr5oh

Distinguished
Jul 28, 2004
75
0
18,610


Nope, dsnoop is just one example. dsnoop is a legitimate program with legitimate uses. However it's open source too, so any virus creator can easily grab the bits of source code they need to make their program do the same. Anyone actually using such techniques is not going to just go grab a plug in like that.