# NSA-linked Bvp47 Linux backdoor widely undetected for 10 years



## hbsd (Feb 24, 2022)

When I was a GNU/Linux user, I always thought I'm using the most secure operating system in the world.
But these days I've seen very bad news about linux security problems. like this:

NSA-linked Bvp47 Linux backdoor widely undetected for 10 years

What worried me was that FreeBSD was also mentioned too: 


> Some components in the Shadow Brokers leaks were integrated into the Bvp47 framework - “dewdrop” and “solutionchar_agents” - indicating that the implant covered Unix-based operating systems like mainstream Linux distributions, Juniper’s JunOS, *FreeBSD*, and Solaris.



Have you seen this news? is that true? I trust FreeBSD so much that I didn't even installed antivirus on my system. I'll be happy if you comment on this.


----------



## eternal_noob (Feb 24, 2022)

Doesn't matter which OS you use, there even are CPU backdoors. Just relax and don't think about it, you can't change it.


----------



## Crivens (Feb 24, 2022)

eternal_noob said:


> Doesn't matter which OS you use, there even are CPU backdoors. Just relax and don't think about it, you can't change it.


That does not mean one has to like it or is not to try to avoid that.


----------



## eternal_noob (Feb 24, 2022)

Yes, nobody likes backdoors. But the CIA doesn't care.
If you like it secure, disconnect yourself from the internet, there's no other option.


----------



## msplsh (Feb 24, 2022)

This looks like an implant that opens a backdoor, not an intrinsic backdoor built into the OS.


----------



## ralphbsz (Feb 25, 2022)

From "The Register":


> The code conducts tests of its environment and deletes itself if it doesn't like what it sees. It alters kernel devmem restrictions to allow a process in user mode to read and write kernel address space. And it hooks system functions to hide its own processes, files, network activity, and self-deletion behavior.


It seems that code written like this is highly specific to one OS, and would not work on others.


----------



## sko (Feb 25, 2022)

From el reg:


> To us it seems whoever created the code would compromise or infect a selected Linux system and then install the backdoor on it.



So if someone already gained privileges to install anything on one of your machines, it doesn't matter what it is - this host is compromised and has to be nuked from orbit.


----------



## hardworkingnewbie (Feb 25, 2022)

eternal_noob said:


> Doesn't matter which OS you use, there even are CPU backdoors. Just relax and don't think about it, you can't change it.


Which is the reason for example why *good *cryptography libraries avoid cryptography algorithms implemented in CPU hardware, instead doing all in software only.


----------



## Crivens (Feb 25, 2022)

hardworkingnewbie said:


> Which is the reason for example why *good *cryptography libraries avoid cryptography algorithms implemented in CPU hardware, instead doing all in software only.


That is not the point of such a backdoor. That backdoor will silently kick your user process to kernel level upon seeing certain magic instructions.


----------



## grahamperrin@ (Mar 3, 2022)

eternal_noob said:


> … CPU backdoors. Just …



Tangent: Dan Luu's works are outstandingly readable.


----------



## Jose (Mar 3, 2022)

eternal_noob said:


> Doesn't matter which OS you use, there even are CPU backdoors. Just relax and don't think about it, you can't change it.


RISC-V FTW!


----------



## covacat (Mar 3, 2022)

Jose said:


> RISC-V FTW!


risc v socs wont be any better than the arm ones
you won't know what shit they will put inside (can't wait for the broadcom version )


----------



## Jose (Mar 3, 2022)

covacat said:


> risc v socs wont be any better than the arm ones
> you won't know what shit they will put inside (can't wait for the broadcom version )


You're probably right in that it will only allow state-level actors to have verifiably backdoor-free hardware. It's still a start.


----------

