power cords?

formatting link

--
John Larkin         Highland Technology, Inc 
picosecond timing   precision measurement  
 Click to see the full signature
Reply to
John Larkin
Loading thread data ...

Wow, what next? I'm a LITTLE skeptical of this one. Yes, there's some empty space in the molded connectors on the ends of power cords where you could insert "something", but really, what could you do with something added to a power cord?

Now, adding something to a power supply that is installed inside a server seems like it might have just a little more chance of being able to do something nasty.

But, even if you get some bit of gear installed in a huge data center, how does it get any gleaned info out to you, 7000 miles away? (Now, if the added bit is actually connected to an Ethernet port, that's a whole different story, THAT kind of device CAN compromise security.)

Jon

Reply to
Jon Elson

a mains lead, nothing. A USB lead, there lies an issue.

I suppose data could be transmitted by radio to the same mfr's routers wherever they may be. Possible, though far easier ways to grab unsecured data exist.

NT

Reply to
tabbypurr

Your web site is interesting. Is there still much of a market for CAMAC?

We used to do a lot of CAMAC. I think we still service some of that stuff, mostly for Jlabs.

--
John Larkin         Highland Technology, Inc 
picosecond timing   precision measurement  
 Click to see the full signature
Reply to
John Larkin

ou

er

erever they may be. Possible, though far easier ways to grab unsecured data exist.

I think there is a lot of potential in this type of exploit. Plug a USB ca ble into your PC and a chip in the cable can register as a device type whic h can potentially access anything in the computer. This means it can colle ct all manner of data and ultimately have access to the entire rest of the Internet.

Yes, a lot of potential.

Rick C.

Reply to
gnuarm.deletethisbit

Powercords from China are to be feared, but mostly because they usually don't have the wire thickness required for the current rating they are marked with.

(not even mentioning that they usually use copper-plated aluminium wire instead of copper wire, which would require even more thickness)

Getting a standard Chinese C13 powercord and loading it with 10A will almost certainly result in a fire.

Reply to
Rob

There was a Hackaday article recently that demonstrated just such a USB exploiting cable.

Cheers

Phil Hobbs

--
Dr Philip C D Hobbs 
Principal Consultant 
 Click to see the full signature
Reply to
Phil Hobbs

Japan once had a similar reputation for bad quality, but they got serious and fixed it. I think the Chinese culture is fundamentally different. Communism sure didn't help.

--
John Larkin         Highland Technology, Inc 
picosecond timing   precision measurement  
 Click to see the full signature
Reply to
John Larkin

OK, there is now a market for USB cable zappers.

I think I could design that.

--
John Larkin         Highland Technology, Inc 
picosecond timing   precision measurement  
 Click to see the full signature
Reply to
John Larkin

I think you have this one backwards. Many of the Asian cultures are more a ligned around the idea that it is the collective that is important and you are a part of that rather than the western idea that the individual is impo rtant and the collective is only as good as what it can do for each of the individuals.

Rick C.

Reply to
gnuarm.deletethisbit

You can slip a little uP inside the housing of an Ethernet jack:

As for what you could do with something like that connected to a power cable? Possibly rather a lot. It can run forever off inductive coupling so long as the machine is connected to is active.

It could intercept packets from a local locked-down targeted WAN and relay anything un-encrypted that happens to be on there out anywhere if it can also connect to something like an nearby public Starbucks access point. see also:

formatting link

Your power budget before your exploit becomes likely to attract attention is much larger with a uP hidden in a power cable than hiding a uP in an Ethernet port where abnormal power consumption could be spotted by the PC's hardware itself. the uP could be a DSP, a really fast DSP, possibly. Very high performance differential power analysis/sidechain attacks using DSPs or custom ASICs are probably within the realm of possibly.

Reply to
bitrex

Or rather I mean the machine does _not_ have to be active.

Reply to
bitrex

No, it is caused by the western customers.

The buyers in the west always ask "can't you make that cheaper?". The Chinese culture is not to say "no, we have our quality standards, and this is the price that goes with them", but to always do what the customer, who they respect, asks them.

So they will make it cheaper, cutting the quality, and making the customer (or at least the buying staff at the customer) happy.

Because this re-iterates over and over, quality drops more and more until dangerous situations result.

Reply to
Rob

There are lots of people who are happy to pay for quality. People buy Toyotas and Hondas and Makitas because they are reliable.

The problem with lots of consumer goods is that there's no way to judge quality; paying more doesn't necessarily help.

Japan doesn't have a gigantic counterfeit IC industry; China does.

If you buy a stereo amp that's powered by a tiny wall wart and is rated for 400 watts out, it's probably Chinese.

China at least feeds its people; it's not Venezuela.

--
John Larkin         Highland Technology, Inc 

lunatic fringe electronics
 Click to see the full signature
Reply to
John Larkin

John Larkin wrote in news: snipped-for-privacy@4ax.com:

I call bullshit.

He said "it is possible" talking about extracting data via the power supply or even the AC line cord. It is not possible IMHO.

Datagrams are too dense for even the most sensitive gear to catch PS jitters and discern data from them.

There are companies, however, that monitor power within a cabinet/system and can detect if a breach has occured by examining the signatures of normal operation and they are good at it.

formatting link

Reply to
DecadentLinuxUserNumeroUno

Your favorite topic!

Fortunately, we don't have a lot of bulls in my neighborhood. The coyotes are discreet about their hygiene.

--
John Larkin         Highland Technology, Inc 

lunatic fringe electronics
 Click to see the full signature
Reply to
John Larkin

Precisely.

My process for choosing a car is: - look up in "Which?" (like consumer reports" to see which 2yo cars are reliable - go and play with and sit in an example of each type, to see which works for me - search for an example of that type

I still have my 2004 car, bought in 2006. I get it serviced twice a decade :)

Reply to
Tom Gardner

There is a difference between individuals bying e.g. a car, and the buying staff at large stores buying goods to put on their shelves.

Those are mostly interested in getting the lowest buying price so the store can make the most profit.

Of course they also get some problems when customers return a lot of broken stuff, but that is only later. I suspect it does not affect the negotiations with their suppliers very much.

Reply to
Rob

I bought my Makita hammer drill at Home Depot. They have good stuff, like Bosch too.

Returns are expensive for them.

We shop at some places that are good but expensive, and I think I'm seeing a trend for the big-box outfits to go upscale to "compete." They'll make a lot more money selling expensive stuff.

--
John Larkin         Highland Technology, Inc 

lunatic fringe electronics
 Click to see the full signature
Reply to
John Larkin

Who is "them"? The big stores just return the stuff to the manufacturer. The manufacturer has to eat it. According to someone who was at the manufacturing end of this deal, he was technically required to accept anything the store sent him and issue credit. By the letter of the contract, he'd have to accept a truckload of lawnmowers (he made consumer electronics stuff) if they sent them.

Notice that places like Home Depot have low-end stuff up through the moderately high-end, in several tiers. They don't carry the specialty stuff, though. They're looking to push volume.

Reply to
krw

ElectronDepot website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.