Building genuinely secure computer systems is incredibly difficult. You might even be in systems/software and be thinking “yeah it is hard”, but to be really secure it’s 1000x harder than that. So everything you use off the shelf from any vendor is a massive compromise and has holes in it. But on the other hand most people don’t need really secure systems.
Isn’t a true air gap pretty solid though? Aside from someone actually coming into your house and interfacing directly it would be pretty hard to bypass, or am I on Mt. Dunning-Kruger over here this time?
The uncomfortable part is what I’ve learned about the challenges to gain physical access.
Most physical security is equally appalling to most Cybersecurity.
Edit: Incredibly unfun exercise: pick a physical security device you rely on, personally, and do a YouTube search for “device name break in test”. I’ve rarely been able to find a video more than 3 minutes long, for any product, at all. And the actual breaking is usually mere seconds in the middle bit.
Imagine you wake up in the night, you hear your front door rattling. Someone is trying to break in. “No problem” you think to yourself, “I have a good lock on my front door”. Then you hear the five most terrifying words you could possibly hear in that moment:
That guy is an exceptional picker/exploiter, and he isn’t even the best.
However, I’ve casually picked locks and always have a set of picks with me for the past 20 years. LPL makes me look like a 10 year old kid trying to open a lock with a pair of chopsticks.
In other words, probably less than 5% of the population have ever picked a lock. Of them, I’m probably better than 90% and I still suck at it. So running across an LPL level skilled person, who’s also a criminal is going to be like a list of names on a single piece of paper. Just buy a lock complicated enough that you can’t scrub it open and everyone will be fine.
Air gap is a useful strategy. But what is that system? You don’t really know anything about its origin or what any of its processors actually do. You know really nothing about any of the firmware or software you run on it. Just getting software on to it securely is a huge challenge to prove its origin and the whole supply chain. And then getting data out is a whole other problem. A general purpose computer is not a great choice if you want the best in security. And having it just in your house isn’t that secure. Obviously as I say, most people don’t need the best security.
Aside from someone actually coming into your house and interfacing directly
If any state entity is in your threat model then this would be major concern. If you’re of any interest to the state, first thing they’ll do is raid your home and seize your electronics. Your threat model shouldn’t depend on assuming an attacker can’t physically access your device (I know you never said an air gap should be the only defence, I’m just saying in general).
Allow me to drop a bunch of innocuous looking storage devices in the area, maybe some power cables with hidden microchips, or perform another supply chain attack. What if your computer is probing for wireless devices without your knowledge? Can one be snuck in?
It’s a good step, a major one, but even an air gapped computer can be infected if you have a well-funded, advanced, and persistent adversary.
Building genuinely secure computer systems is incredibly difficult. You might even be in systems/software and be thinking “yeah it is hard”, but to be really secure it’s 1000x harder than that. So everything you use off the shelf from any vendor is a massive compromise and has holes in it. But on the other hand most people don’t need really secure systems.
Isn’t a true air gap pretty solid though? Aside from someone actually coming into your house and interfacing directly it would be pretty hard to bypass, or am I on Mt. Dunning-Kruger over here this time?
You are correct.
The uncomfortable part is what I’ve learned about the challenges to gain physical access.
Most physical security is equally appalling to most Cybersecurity.
Edit: Incredibly unfun exercise: pick a physical security device you rely on, personally, and do a YouTube search for “device name break in test”. I’ve rarely been able to find a video more than 3 minutes long, for any product, at all. And the actual breaking is usually mere seconds in the middle bit.
The lockpicking lawyer scares me.
Imagine you wake up in the night, you hear your front door rattling. Someone is trying to break in. “No problem” you think to yourself, “I have a good lock on my front door”. Then you hear the five most terrifying words you could possibly hear in that moment:
“This is the Lockpicking Lawyer”
That guy is an exceptional picker/exploiter, and he isn’t even the best.
However, I’ve casually picked locks and always have a set of picks with me for the past 20 years. LPL makes me look like a 10 year old kid trying to open a lock with a pair of chopsticks.
In other words, probably less than 5% of the population have ever picked a lock. Of them, I’m probably better than 90% and I still suck at it. So running across an LPL level skilled person, who’s also a criminal is going to be like a list of names on a single piece of paper. Just buy a lock complicated enough that you can’t scrub it open and everyone will be fine.
Me too.
Most online services would struggle to provide their service to their users if all of their servers were air gapped.
Air gap is a useful strategy. But what is that system? You don’t really know anything about its origin or what any of its processors actually do. You know really nothing about any of the firmware or software you run on it. Just getting software on to it securely is a huge challenge to prove its origin and the whole supply chain. And then getting data out is a whole other problem. A general purpose computer is not a great choice if you want the best in security. And having it just in your house isn’t that secure. Obviously as I say, most people don’t need the best security.
If any state entity is in your threat model then this would be major concern. If you’re of any interest to the state, first thing they’ll do is raid your home and seize your electronics. Your threat model shouldn’t depend on assuming an attacker can’t physically access your device (I know you never said an air gap should be the only defence, I’m just saying in general).
Allow me to drop a bunch of innocuous looking storage devices in the area, maybe some power cables with hidden microchips, or perform another supply chain attack. What if your computer is probing for wireless devices without your knowledge? Can one be snuck in?
It’s a good step, a major one, but even an air gapped computer can be infected if you have a well-funded, advanced, and persistent adversary.
Yeah just think about BIOS and drivers, and again some vulnerability in SSH…