[liberationtech] [pfSense] NSA Laughs at PCs, Prefers Hacking Routers and Switches

[Tom Ritter]

> On Wed, Sep 4, 2013 at 7:33 PM, Robert Guerra <rguerra at privaterra.org> wrote:
>>
>> Curious on people's comments on  types of routers, firewalls and other appliances that might be affected as > well as mitigation strategies. Would installing a pfsense and/or other open source firewall be helpful in
>> anyway at a home net location?

So this might get me flamed out of libtech, but....

There's this commercial solution done by a couple of folks out of
Columbia.  They owned up some Cisco VOIP phones and then thought "How
could we make it really hard to own embedded devices like this and
routers?" and basically they wrote their own agent that they mutate
(so every install is different) and then timeslice its execution in a
RTOS by instrumenting a vendor firmware image.  I've seen it work in
demo devices, and they say they have it working pretty well on a lot
of stuff.  It looks super snake oily, and I can't claim to have any
experience with it beyond their 30 minute talk and demo, but I was
convinced it was worth investigating much more.  Also, being academic
backgrounded, they have research papers explaining a lot of it.

http://www.redballoonsecurity.com/technology.html

-tom