undefined | Better HN

0 pointspjerem4y ago0 comments

AI aside, hacking into the driver’s build process to inject hidden backdoors into the drivers could be a realist attack.

0 comments

Melio4y ago

Is it realistic though?

Hacking into Nvidias corp network, infiltrating their git server, disabling security scans and then injecting a backdoor undetected in complex code?

In a process which is highly controlled due to it being a very central peace of software.

Very unrealistic.

It's easier to find or buy zero days in the wild for the same goal

nimrody4y ago

Well.. that's exactly what happened to Solarwinds last year, didn't it?

Actually smarter than that - they got into the build system and added the malicious code in the build process so you couldn't see it in the repository.

Do you think it's that difficult for a state sponsored body to infiltrate into a commercial company?

Melio4y ago

The effort my big software company does on regards of requirements of releasing software, I would say yes.

Big companies like Nvidia have background checks, independent security teams etc.

Impossible? No. But easier and cheaper is still other means.

j / k navigate · click thread line to collapse

0 comments

Melio4y ago

Is it realistic though?

Hacking into Nvidias corp network, infiltrating their git server, disabling security scans and then injecting a backdoor undetected in complex code?

In a process which is highly controlled due to it being a very central peace of software.

Very unrealistic.

It's easier to find or buy zero days in the wild for the same goal

nimrody4y ago

Well.. that's exactly what happened to Solarwinds last year, didn't it?

Actually smarter than that - they got into the build system and added the malicious code in the build process so you couldn't see it in the repository.

Do you think it's that difficult for a state sponsored body to infiltrate into a commercial company?

Melio4y ago

The effort my big software company does on regards of requirements of releasing software, I would say yes.

Big companies like Nvidia have background checks, independent security teams etc.

Impossible? No. But easier and cheaper is still other means.

j / k navigate · click thread line to collapse