Featured image by M. Maggs from Pixabay

Yes, Hillary greased up and slipped through the fingers of justice again, just like her hubby is prone to do.

Yes, Tim Cook of Apple decided the company could make more money protecting terrorists and pedophiles than it ever could helping to protect global citizens from them.

All of this should leave the average citizen wondering why everyone isn’t trying to get out of America. Questioning the sanity of those trying to get in. It left me a bit befuddled. Mostly because I didn’t get around to reading the mid-April issue of Time discussing James Comey, Director of the Federal Bureau of Investigation until after the clandestine tarmac meeting of Bill Clinton and Loretta Lynch.

Going Dark

Something in this article stuck with me. I made a note to write a blog post about it, but thankfully I re-read the section which triggered both the writer and IT analyst portions of my brain.

That event merged with the second big challenge of his tenure: the danger of criminals and terrorists “going dark” as encryption becomes more widely used. Comey says the use of encrypted smartphones means his agents can’t collect evidence to prosecute and prevent crimes and terrorist attacks, even when they have a court warrant. Comey, who uses a government-issued phone for work and has an iPhone for personal use, told the House in February, “These phones are wonderful. I love them.” But he argued two days earlier that there are “increasing situations where we cannot, with lawful court orders, read the communications of terrorists, gangbangers, pedophiles–all different kinds of bad people.”

When I first read that paragraph I took it to mean the Federal government was actually purchasing and issuing iPhones. That seemed like a very bad thing. The concept that the White House or FBI may be letting foreign manufactured tech products into the building sets off every kind of alarm imaginable. I don’t care who claims to be loading what software onto any device once it hits these shores, they cannot know for certain what is actually on them.

Tiny Electronics

The truth is many of today’s tiny tech gadgets have multi-layer boards. You have all see just how small a 16 or 32GB MicroSD card is. Try to image just how tiny something would be which doesn’t need an enclosure, has 2GB or less of storage along with a tiny single purpose “counter switch” of some kind. Something which will just receive time of day ticks from the system clock until a zero-day is reached, at which point the hidden drive becomes primary, device reboots, runs the code, then might even reboot back to the original “drive” waiting for zero-day to come again.

Laugh all you want. With today’s board layout software, if you have a 3-5 layer board, putting something that small into a middle layer where it cannot be seen just takes a bit of time. If the part never shows up on the bill of materials and the client never has to pay for it, they won’t know.

Don’t believe me? Take a look at those dumb-ass watches from Apple and Fitbit people are plunking down money for. Look how much is crammed into there. Now, imagine if you will an ordinary digital watch. Something which sells for under $20 and just tells time, maybe has a stopwatch as well. Just how much extra could you cram into there?

To honestly begin to understand why this article set my mind working, you probably should read “A Dangerous Element” from fellow author Gregory Lamb. Before we had the movie Zero Days we had this novel about StuxNet.

Foreign Made Tech in WhiteHouse

So, skipping for a moment our Federal government possibly letting foreign made tech devices into sensitive areas where they could zero-day at any moment via an undetectable hardware trigger, perhaps appearing to only freeze the screen for a bit (who hasn’t had that happen) unleashing all kinds of carnage into an air-gapped system, let’s consider the larger questions:

  1. What is a “government issue phone?”
  2. Is the U.S. government insisting 100% of that phone, including the chips, boards and touch screens be manufactured in the U.S.?
  3. Not just have a U.S. based company’s name on it, but physically ensuring all production occurs within our borders?
  4. Are all branches of the Federal government required to use this “government issued phone” or are their different “government issued phones” for different people? Some get a flip, others get a dumb-phone, etc. Are they all from the same manufacturer?
  5. Why would China bother to hack an iPhone when it is more effective to hide a hardware entry point during manufacture?
  6. If a dumb-phone were secure, would it need encryption?