'Unfixable' boot ROM security flaw in millions of Intel chips could spell 'utter chaos' for DRM, file encryption, etc A slit in Intel's security – a tiny window of opportunity – has been discovered, and it's claimed the momentary weakness could be one day exploited to wreak "utter chaos." It is a fascinating vulnerability, though non-trivial to abuse in a practical sense. It cannot be fixed without replacing the silicon, only mitigated, it is …
"A single key is used for an entire generation of Intel chipsets".
Replace Intel with Sony and Nintendo, and chipsets with Playstation, Switch, Wii U or whatever, and you will understand why it is so easy to get bootlegged games on some of these platforms.
Entire ecosystems inside Nintendo were borked, DRM defeated, and finally, easily pirated because there was a hard-coded single key on the entire line of hardware.
Not just Intel, but also entertainment products had this sloppy, lazy development aspect.
One of them required a specific vendor CD-ROM used in the console, which the mateys found out and quickly procured to find the keys inside the firmware and explode any DRM schema out of the water before they were even loaded from the disc (a really convoluted roundabout way, but still).
"Never blame maliciousness when simple stupidity can be the culprit" or something like that.
(edit) Oh here it is:
"Never attribute to malice that which is adequately explained by stupidity"
Hanlon's razor.
How about AMD?
This post has been deleted by its author
"Occam's Razor" has never been applicable to humans, especially humans doing things they know they should not. Those who love secrets and lies delight in adding complexity and distraction in order to hide their nefarious actions. The way of the mountebank has many paths and all lead away from truth
Well, up to the spectre vulnerable Pi4 anyway
Oh on a related point, the Pi doesn't come with any firewall by default. Those that are concerned might consider UFW (available via apt-get and a doddle to configure but walk throughs are available online) and or turning off IP6 with the rest of the usual suspects when they are doing basic lock down after a fresh build.
Which is all very well, as long as no laptops or tablets use this chipset ...
Personally, I'm not too bothered, since for about 20 plus years I have been banging on about not trusting anything you don't make - all the FOSS sparkle in the world can't hide the fact that we have no idea what the silicon below is up to.
Assume all platforms are compromised and act accordingly. The problem with that approach is it means spending money, and we only get the security we are prepared to pay for.
"[...] and the below minimum wage cleaners [...]"
Like uniforms - that generic role makes the individual invisible in their access to all areas. Emptying office waste paper bins has long been a useful source of information. Apparently at one point a country's troops were short of toilet paper - so they used pages torn out of military equipment manuals. These could be retrieved from non-water latrines.
"[...] but seem to remember it being telex/teletype/radio transmission carbons?"
Apparently a Cold War Operation Tamarisk.
Not entirely. A couple of good examples where the person in control of a machine may never once in their entire life have physical access to the server:
- Dedicated Servers
- VPS
- Cloud
Then there's the "it's our hardware, but we can't control who has physical access":
- Co-location DCs
This pretty much sums up the bulk of websites on the internet these days.
Sadly, I'm also guilty of just renting dedi's instead of trying to run them from the office or home due to the UK's internet speeds (and if you want leased lines, which can be good enough, the price) and hardware costs. And in most cases a DC can offer better physical security than your house.
Like a digital janitor, the CSME works behind the scenes, below the operating system, hypervisor, and firmware, performing lots of crucial low-level tasks, such as bringing up the computer, controlling power levels, starting the main processor chips, verifying and booting the motherboard firmware, and providing cryptographic functions.
Google found they could delete most of the ME and UEFI. Maybe it'll be possible to wipe practically everything with this exploit.
unless the miscreant gains physical access to your PC. And if he gets physical access, it's game over anyway.
Well, thank you for yet another method to cause chaos if some goon gets to my keyboard. I'm thrilled to know that there is yet another way he can trouble. Apart, obviously, from just ripping out the hard disk and chucking it into an external reader under a different platform allowing him to read everything.
I'll file this under Hollywood Apocalypse Scenario #4622.
I think you're missing the point. An attacker can own their own PC and refer it a gazillion times, each time leaking out a bit of the private key.
Once they have the private key, it can be applied to _your_ computer, probably remotely too, to whatever API's or connections are exposed. And there are quite a few, from what I have read.
