[prev in list] [next in list] [prev in thread] [next in thread] 

List:       qubes-devel
Subject:    Re: [qubes-devel] USB Qubes
From:       Marek =?utf-8?Q?Marczykowski-G=C3=B3recki?= <marmarek () invisiblethingslab ! com>
Date:       2017-04-30 2:21:17
Message-ID: 20170430022117.GA1258 () mail-itl
[Download RAW message or body]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

On Sat, Apr 29, 2017 at 05:18:40PM +0000, Jewett, Don wrote:
> I am sending this from my University acct.  I don't have a way to PGP it, and hope \
> that it isn't necessary. 
> About a month ago, one of the Wikileaks Vault7 items indicated that the CIA had \
> developed a way to infest Mac computers within the BIOS.  It was stated that even \
> if the BIOS was re-written, the malware would still be there. 
> QUESTION: If a Mac with such an infected BIOS is using a Qubes on a USB stick, what \
> are the consequences when running programs solely in Qubes, on the stick?

Generally BIOS can do almost anything to the running operating system,
regardless of from where it was started. See LightEater demo here for
example: https://www.youtube.com/watch?v=sNYsfUNegEA (this one is on
Tails, also started from USB). AFAIK BIOS(EFI) on Mac is no different
here.

> Secondary QUESTION:  Same as above, but assume that the infected computer is NOT a \
> Mac, but uses Windows OS, with infection in a program (NOT BIOS).

If infection is only in some part of operating system or an application
there you don't start, then it will not affect a system started from
external media (USB stick or so). But keep in mind that infected OS can
try to reflash a BIOS (depending on a specific BIOS, it may require
finding some bug in verification code there).

> If this should have been sent somewhere else, please forward it.

Better send such questions to qubes-users in the future.

- -- 
Best Regards,
Marek Marczykowski-Górecki
Invisible Things Lab
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQEcBAEBCAAGBQJZBUodAAoJENuP0xzK19csG9AH/iBO9iJ6ZZFAMc77CiuwFR16
3KvsOpKksmrzG8ir3dgTFlWG6KhXP8GmqiniUd2buJu9umH4U68S1FiWLE78Ixty
6kT/IPDHs3GNo5+IW9xmqNWqpVmkWZll1ulcJCwb0scmS6q510Z8Z8vyHfg0fGMA
7AVXG/3KWnRSrx0UXu48U6JphlzQS+en6XqlChk1ZQceuQWOQ2fXn8z6+RlNxa89
rtjphoN9w4be9o+fGjkzNYjIe0+JdBC2ks7k4Q2BNB0CkXO7zIp7H0hvGuyz0mPL
jW2WvJBxxj7cYYcLeTGEiBh4zJxdt/Jh/9PPj4VL20yT6DSoM6Orlgop6KdDkKc=
=ZmYe
-----END PGP SIGNATURE-----

-- 
You received this message because you are subscribed to the Google Groups \
"qubes-devel" group. To unsubscribe from this group and stop receiving emails from \
it, send an email to qubes-devel+unsubscribe@googlegroups.com. To post to this group, \
send email to qubes-devel@googlegroups.com. To view this discussion on the web visit \
https://groups.google.com/d/msgid/qubes-devel/20170430022117.GA1258%40mail-itl. For \
more options, visit https://groups.google.com/d/optout.


[prev in list] [next in list] [prev in thread] [next in thread]