Iran claims US exploited networking equipment backdoors during strikes(www.tomshardware.com)
38 pointsby pseudolus5 hours ago9 comments
  • jeroenhd5 hours ago
    Surely they don't need backdoors when they can just exploit the awful network security that American networking equipment vendors already come with out of the box?

    The US needed to smuggle Stuxnet in, but with networking equipment there's a treasure trove of shitty practices. Cisco and Juniper have been caught hiding hard-coded password how many times now?

    • mr_mitm4 hours ago
      Sometimes it's hard to tell if it's a real bug or a backdoor masquerading as a vulnerability.
    • kakacik4 hours ago
      At this point, any US company's products on software and hardware side can be safely considered an espionage asset. Even ignoring well known things like intercepting international packages during transit and putting malware into them.

      Same goes obviously for ie Chinese stuff, but I don't think you guys realize how for outsider the border between China and US in terms of morality is practically non-existent now. I don't mean it in any snarky way, just looking at facts.

      Also, China doesn't invade countries half around the world and bring them to utter destruction and misery for generations to come, killing thousands to millions of civilians and creating breeding grounds for things like ISIS. They do their own thing, quietly and patiently, with laser focus and for outsiders its at most 'not great not terrible' category.

      • Avicebron2 hours ago
        If the US tried their own belt and road people would be screaming about "imperialism/colonialism/white privilege"... thing's aren't as cut and dried as US evil and "oh shucks that clever Chinese government, not great but not terrible"
        • thatguy0900an hour ago
          I think you would find very few people who think belt and road wouldn't be vastly superior to what the us is doing now
      • 2 hours ago
        undefined
  • throwawayffffas4 hours ago
    Which is why they should have bought networking equipment from their friends.
  • mugiseyebrows3 hours ago
    Is it worse than bombing school, though?
    • jazz9kan hour ago
      Is it worse than murdering 30,000 protestors though?
      • therobots92719 minutes ago
        Is it worse than murdering 75,000 people in Gaza though?
  • Geof255 hours ago
    So they burned through weapon stockpile and also through zero day stockpile. Good job, another strategic success which will help in war with China...
  • ungreased06754 hours ago
    Turns out, a $14.5 Billion budget can buy some mind-bendingly awesome cyber effects.
  • 3 hours ago
    undefined
  • TacticalCoder5 hours ago
    Which is why banning chinese routers and banning chinese cars than can be remotely disabled by the komrades makes sense.

    Selling cars, worldwide, made sense when they weren't always connected to the mother land. Germans selling you a BMW in the 80s? You've got the key: you turn the key. They couldn't turn off all the BMWs if suddenly the US were to be at war with Germany again.

    But this madness of cars receiving OTA updates and remote subscriptions and whatnots?

    • steveBK1234 hours ago
      The era of "smart cars" actually makes targeting much easier. You don't need to bulk disable cars in a country.

      Imagine an enemy country using zero-days to track a military leader via their personal device(s), then disabling their smart civilian vehicle they use to commute to work. Final leg is they had previously parked drones along their expected commute routes for just such an occasion and..

      edit: see interesting hypothetical future war series on YT, specifically this bit.. https://youtu.be/drr7mmibt9E?t=157

      • kakacik4 hours ago
        I presume the very basic safety requirement for any VIP person in the future will be fully offline car, with updates only done at certified secured service, or simply not done since the car just keeps working. Something along melting chip of 5g/whatever antenna or ripping out whole comm box.

        Ah, think about it, the luxury of owning your own car, you and only you. I can almost imagine it. The future, its bright.

        • halJordan3 hours ago
          Have you missed the Trump presidencies?
          • steveBK1232 hours ago
            If there was a pill for that, I would take it
    • jeroenhd5 hours ago
      If you bought a BMW in the 80s and you were suddenly at war with Germany, you'd be stuck scavenging for replacement parts the moment something in the engine failed. It's not as easy and direct, but the problem is still there.

      Doing business with the enemy always comes with a risk. For countries that don't build their own networking equipment (including the PCBs and chips), you have to accept some level of risk or you have to avoid such technology all together.

      • kilpikaarna4 hours ago
        > Doing business with the enemy always comes with a risk.

        Or indeed with allies, as Europe is just finding out...

        • jeroenhd4 hours ago
          Indeed, though we are also finding out how bad it is to not have any local competition in many fields of hardware, software, and manufacturing.

          Heavily sanctioned countries like Afghanistan and Iran have one thing going for them, and that's that they can't easily build a dependence on foreign technology (though not having such technology at all is arguably just as bad).

      • exitb5 hours ago
        The average time before a car NEEDS a replacement part to run must be at least a few years. That's a different situation from flipping a switch to turn all connected cars off.
        • jeroenhd4 hours ago
          But on average, all cars are a few years old, and wars aren't over in a few months.
          • steveBK1234 hours ago
            Mechanical parts can be reverse engineered after you run out of inventory and the ability to gray-source them via 3rd parties/countries.

            Also that is an "eventual problem".

            The era of smart everything exposes you to pinpoint time/place/person disablement by the enemy.

            • catigula2 hours ago
              Who's "the enemy"? I surrender.

              The philosophy and structure we rest on is much more precarious than our technologies.

              • steveBK123an hour ago
                Avoid becoming important enough to be targeted by any nation state
        • dasKrokodil4 hours ago
          Not for a BMW though.
  • aaron6954 hours ago
    [dead]
  • rurban2 hours ago
    But why do have all these Intel ME, AMD PSP and ARM TrustZone / Secure Bootloader backdoors in all but RISC-V CPU's now, when they have to reboot poor stupid Jupiter, Cisco, Fortinet, and MikroTik devices? Oh, that's for the real enemies, the socialists. The ones with workers rights.