Can the NSA install a Script to modify OpenWrt?

Hi, I'm new to the forum and did search but didn't find a specific answer to this question:

I read that Open WRT does not have a backdoor but I'm curious if anyone knows if the NSA can install some kind of script in the router that sends all data to a NSA server somewhere? I know about Intel ME but routers can also be comprised, so that's the basis for my question.

Thank You for your answers in advance.

Paranoid One

@paranoidone, welcome to the community!

  • You're describing a built-in hardware exploit of an Intel processor...what does this has to do with the various CPU targets that OpenWrt firmware runs on?
  • If there's no "backdoor" (meaning OpenWrt closes [general] ports on WAN by default, plus the user can close them all) and no known hardware backdoor - what is the vector for installing the script?

Otherwise, I think your answer would lie in inspecting every line of code that goes into the firmware...luckily, that is possible with OpenWrt! :four_leaf_clover:

Hope this helps.

Also, per the Community Guidelines, please refrain from signing your posts.

well, if one ignores the BLOB issue.

2 Likes

@ lleachii

Thanks for your reply. Exactly what I was looking for before flashing my router.

1 Like

Hi, I'm going to flash my router tomorrow but one thing I wanted to follow up on was my comment regarding Intel ME. I understand that this ME processor is a backdoor through which the NSA can install and run software, so my original question was wondering if a 3 am the NSA could somehow flash the router to include an undocumented monitoring feature.

Yes, everything has vulnerabilities. In most peoples' cases the weakest point are their IoT devices, personal computers and other personal devices. A securely managed and configured OpenWrt device is probably more secure than a Windows machine, even one behind a firewall.

Is it worth worrying about?

Well, you're running wireless that tells me that you're already not as concerned as the ones that have something to keep secret. Otherwise, you wouldn't be connected to the public Internet at all and living in a windowless Faraday cage.

As you have been told, only intel CPUs have intel ME!
Your understanding of the ME is also wildly flawed.

1 Like

I don't worry about NSA like PLA and FSB. :grin:

The NSA does not have to install a backdoor on openwrt to get access to your network traffic. That's what they have ISPs for.

3 Likes

So true :slight_smile:
One of the requirements to operate is providing a tap...

1 Like

AFAIK, many(/most?/all?) modern ARM boards, like e.g. the IPQ40xx have ARM TrustZone, which is (to my understanding) similarily powerful to Intel ME/BMC-Controllers.

Everybody harps on about the dangers of Intel ME (which I agree with), but everybody seems to "conveniently" forget about ARM+AMD TrustZone. Does anybody even know of a Board, where the End-User (you!) has access to the TrustZone?

I'm not sure, if the old MIPSs have anything like that. Anybody here know?

@stragies OMG. I thought that OpenWRT would have disabled the NSA backdoor. I never even heard of ARM TrustedZone but there are lots of sites talking about it. Thanks for the head;s up.

1 Like

Is it what you re talking about

https://www.mips.com/products/technologies/mips-multi-domain-security/

?

Yes, this seems to be the MIPS equivalent. Here the "holy kingdom" is "Having the keys to the 'Root of Trust'". I'm not aware, which MIPS chips have this. Do you know of a list?

End of the page:

MIPS Multi-domain security technology is integrated into MIPS CPUs:

I saw that too. I meant more specifically: Which MIPS-Routers use "Warrior" CPUs?. I don't recall seeing it mentioned anywhere

? No idea. Googled for MIPS M51xx based Soc but got nothing

Wait:

Imagination does not detail the exact MIPS architecture used by the M2000. However, it appears to be based on the MIPS M51xx series of processors, which in turn is part of its MicroAptiv-based Warrior-M family.

But I think the board is for smart watches