Bug my arse
Another example of standard backdoors built-in to equipment manufactured by large American companies.
Certain Intel processors can be slipped into a test mode, granting access to low-level keys that can be used to, say, unlock encrypted data stored in a stolen laptop or some other device. This vulnerability (CVE-2021-0146), identified by Positive Technologies, a security firm just sanctioned by the US, affects various Intel …
"one way this bug might be abused would be if a miscreant obtained a stolen laptop or notebook computer with vulnerable hardware"
If he's got the laptop it's game over, no need to fiddle with the CPU.
He can just take the disk out, slap it into a USB receptacle and read anything he wants. If it's not encrypted, it's his to read.
How is this supposed to be a vulnerability ?
No idea about windows but at least on Linux, for a normal desktop/laptop using dm-crypt/LUKS, the FDE key is encrypted by a stretched version of a *user supplied* key.
There's nothing "stored [...] on the motherboard", and what is stored on disk needs to be brute forced in order to be of any use.
Since the chips affected are commonly found in embedded systems, cars etc then potentially an attacker could get baked in encryption keys that could for example allow them to push hacked software or firmware updates out to many devices - creating a much bigger security issue. They could also decrypt the encrypted file systems on such devices enabling them to find other security weaknesses.
What do you think happens if the bug is not quashed nor quenched. Resist defence and what is there to attack and destroy/command and control?
Intel Processors would then become a vital cog in all future remote operations accessed for instruction and direction from computers.
Do humans realise that in the spaces and places that you visit and frequent? Do they never ask where their leaders orders come from.
The simple questions to ask are ... Are they entirely of their own making or are they from a Foreign Lead or an Alien Read from a Computer Feed ..... with that surely a Harvest to Exploit in Full Service of Outstanding Upstanding Enjoyment?
Quantum Communication Made Simple. Not for Dummies.
Exploitation of the hole does require physical access to the chips, an important caveat to note.
Exploitation is surely at ITs Best, a Virtual Application with ESPecial Permissions Granted for Future Trial Testing in Current Running Systems?
That's not a Bug, it's a Novel ACTivating Feature for Future Programs Deploying Applications Delivering Promises via Virtual Reality Promotions .....with Advanced IntelAIgent Intentions the Start and End of Every Worthy Powerful Goal to Improve and Try to Better and Mentor and Monitor.
Quite a lot alike a SMARTR Bigger Brother would Muster for Highland Gatherings. For Lairdly Views on Future Highland Clan Type Applications ...... for Above Top Secret IntelAIgent Service Operations.
Certain Intel processors have every right to be concerned if the above use of Intel platforms is to be of any negative concern rather than worthy of virtual encouragement for positive support to future chip designers doing the fabrication foundry thing. That's one very popular option favoured by a decidedly fanatical base exploring the desserts afforded to reinforce and assist unprecedented success in the myriad fields of true and/or original endeavours.
It's bad and I will be updating my Windows kit as soon as the microcode is available.
But I rate the possibility of this being a No Such Agency backdoor as low. Given that it allows "activation of test or debug logic at runtime" it seems much more likely to be chip developers not removing all the microcode they used during chip development.
Besides, if the US government is correct and Positive Technologies is working for the Russians, they'd keep the vulnerability secret and pass it on.
That said, I'm retired and if they pry my laptop from my cold dead hands they won't find anything more inflammatory than what I post here.
Biting the hand that feeds IT © 1998–2021