A paranoid device called Betrusted, promises to ensure that our information remains private beyond traditional hardware and software solutions. It is being developed by Andrew "bunnie" Huang, an American electronics engineer currently residing in Singapore.
In recent years we have assisted the rise of so-called "smart devices", a term that I suppose must have been put to contrast with the intelligence of its users when using them.
These devices they are inherently unsafe. Data leaks can occur. They have already happened in multiple ways by taking advantage of security flaws and back doors in software.
Most of us would argue that to fix that you must use devices that include open source software. But, that's just a theoretical advantage. It is true that the code is available for inspection, as long as someone shows sufficient interest to do so. But, even if someone does it and detects all the software problems Can you trust the hardware?
If you were thinking of building your smart home using open hardware, friend Huang has bad news:
Open hardware is just as reliable as closed hardware. Which means that I have no inherent reason to trust either of them. While open hardware has the advantage of allowing users to innovate and constitutes a more correct and transparent design intent than closed hardware, at the end of the day any hardware of sufficient complexity is impractical to verify, whether open or closed. Even if we publish the complete set of boards for a modern XNUMX billion transistor CPU, this "source code" is meaningless without a practical method of verifying the equivalence between the set of boards and the chip in your possession down to an almost atomic level. without simultaneously destroying the CPU.
Does it seem exaggerated?
An open source program can be check as you type, and later generate a mathematical signature "hash" designed to ensure that the software downloaded to a user's system is identical to the original. But, as Huang says, it is not possible to verify in the same way that the hardware has not been compromised at the factory or during the distribution process. There are too many ways the hardware could have been modified in ways that are hard to detect. Y, if we can't trust our hardware, we can't trust even open source software, since we have to use the hardware - possibly compromised - to check if the software hashes are correct.
Betrust, a device for paranoids
Huang and his team see their project as a hardware and software solution on which to build other projects.
Here at the Web page of the project is described as:
Betrusted is a protected place for your private affairs. It is built from the ground up to be reviewed by anyone, but sealed only by you. Betrusted is more than a secure CPU - it's a complete system with a screen and keyboard, because privacy begins and ends with the user.
The basic operation of the device is as follows:
Suppose we want to send a private message to another user of the device:
- We write and encrypt the message in Betrusted.
- We send it using our phone or WiFi connection
- The user receives it via their phone or WiFi connection.
- Decipher it and read it on your Betrusted.
The limited functionality of the device makes it is possible to build a hardware with simple elements. This allows the average user to check that they have not been tampered with.
A field programmable gate array (FPGA) will be used for the main processor. It is a kind of blank processor chip that is designed to be configured by the user after manufacture.
On the keyboard side, you will use a design that allows inspection by simply holding it up to a light.In the case of the screen, the glass circuitry of the LCD are built entirely with large enough transistors to be inspected with a bright light and a USB microscope.
What can I say. Between governments and their uselessness to guarantee the life of the population without invading their privacy, and companies and their uselessness to produce software in conditions (or make money selling products and not their customers' data) are ruining the usefulness and fun that had the technology.
If I have to carry one more device to have my private data (and review it before starting it up), it is most likely that I will return to paper and pen and to traditional mail.