A backdoor ?
Who could have possibly mandated that ?
A slit in Intel's security – a tiny window of opportunity – has been discovered, and it's claimed the momentary weakness could be one day exploited to wreak "utter chaos." It is a fascinating vulnerability, though non-trivial to abuse in a practical sense. It cannot be fixed without replacing the silicon, only mitigated, it is …
"A single key is used for an entire generation of Intel chipsets".
Replace Intel with Sony and Nintendo, and chipsets with Playstation, Switch, Wii U or whatever, and you will understand why it is so easy to get bootlegged games on some of these platforms.
Entire ecosystems inside Nintendo were borked, DRM defeated, and finally, easily pirated because there was a hard-coded single key on the entire line of hardware.
Not just Intel, but also entertainment products had this sloppy, lazy development aspect.
One of them required a specific vendor CD-ROM used in the console, which the mateys found out and quickly procured to find the keys inside the firmware and explode any DRM schema out of the water before they were even loaded from the disc (a really convoluted roundabout way, but still).
"Never blame maliciousness when simple stupidity can be the culprit" or something like that.
(edit) Oh here it is:
"Never attribute to malice that which is adequately explained by stupidity"
Hanlon's razor.
How about AMD?
This post has been deleted by its author
"Occam's Razor" has never been applicable to humans, especially humans doing things they know they should not. Those who love secrets and lies delight in adding complexity and distraction in order to hide their nefarious actions. The way of the mountebank has many paths and all lead away from truth
Well, up to the spectre vulnerable Pi4 anyway
Oh on a related point, the Pi doesn't come with any firewall by default. Those that are concerned might consider UFW (available via apt-get and a doddle to configure but walk throughs are available online) and or turning off IP6 with the rest of the usual suspects when they are doing basic lock down after a fresh build.
Which is all very well, as long as no laptops or tablets use this chipset ...
Personally, I'm not too bothered, since for about 20 plus years I have been banging on about not trusting anything you don't make - all the FOSS sparkle in the world can't hide the fact that we have no idea what the silicon below is up to.
Assume all platforms are compromised and act accordingly. The problem with that approach is it means spending money, and we only get the security we are prepared to pay for.
"[...] and the below minimum wage cleaners [...]"
Like uniforms - that generic role makes the individual invisible in their access to all areas. Emptying office waste paper bins has long been a useful source of information. Apparently at one point a country's troops were short of toilet paper - so they used pages torn out of military equipment manuals. These could be retrieved from non-water latrines.
"[...] but seem to remember it being telex/teletype/radio transmission carbons?"
Apparently a Cold War Operation Tamarisk.
Not entirely. A couple of good examples where the person in control of a machine may never once in their entire life have physical access to the server:
- Dedicated Servers
- VPS
- Cloud
Then there's the "it's our hardware, but we can't control who has physical access":
- Co-location DCs
This pretty much sums up the bulk of websites on the internet these days.
Sadly, I'm also guilty of just renting dedi's instead of trying to run them from the office or home due to the UK's internet speeds (and if you want leased lines, which can be good enough, the price) and hardware costs. And in most cases a DC can offer better physical security than your house.
Like a digital janitor, the CSME works behind the scenes, below the operating system, hypervisor, and firmware, performing lots of crucial low-level tasks, such as bringing up the computer, controlling power levels, starting the main processor chips, verifying and booting the motherboard firmware, and providing cryptographic functions.
Google found they could delete most of the ME and UEFI. Maybe it'll be possible to wipe practically everything with this exploit.
unless the miscreant gains physical access to your PC. And if he gets physical access, it's game over anyway.
Well, thank you for yet another method to cause chaos if some goon gets to my keyboard. I'm thrilled to know that there is yet another way he can trouble. Apart, obviously, from just ripping out the hard disk and chucking it into an external reader under a different platform allowing him to read everything.
I'll file this under Hollywood Apocalypse Scenario #4622.
I think you're missing the point. An attacker can own their own PC and refer it a gazillion times, each time leaking out a bit of the private key.
Once they have the private key, it can be applied to _your_ computer, probably remotely too, to whatever API's or connections are exposed. And there are quite a few, from what I have read.
But this only has to happen once, on one machine, anywhere in the world. Doing this the once, even on their own perfectly legally purchased kit, will now give them the global master key to unlock the local platform keys for every intel computer of the last several generations.
Once this global master key is unlocked, then they may be able to remotely attack other intel computers, at least that's how I read it.
As far as I can see, if said miscreant gets access to your PC, they can read the management key which doesn't apply to your PC, it applies to however many hundreds of thousands of PCs that were built with the same chipset.
I imagine it's rather less hard at that point to do interesting things remotely.
I'm pretty sure that I don't understand this. But it sure sounds like the miscreant doesn't need to tease out the management key on your PC. They can use the management key from their own PC if it has the same chipset as yours. Which suggests that it's only a matter of time -- weeks? months? years? -- before the management keys to every intel CPU with a management engine are available to everybody on the internet. The next question would seem to be what nasty things can they actually do if they know that key and somehow get access to someone's Intel CPU by, for example, by incorporating some malicious Javascript in an ad?
Let's all fervently hope that the answer is "Not much really." If it isn't, you may want to wait a while before sending that dust covered (ME less) 386DX out in the garage off to the dump, You may be about to find a use for it.
"Are we to expect you suspect that a forlorn hope, vtcodger, and practically anything is then virtually possible"
Nope. This is way beyond my pay grade. The only clue I have is that if "anything is then "virtually possible" I should think there would be a **LOT** of excitement, hand waving, blame shifting, and preposterous "solutions". So maybe in practice having the management keys to most of the world's Intel CPUs become public knowledge is no big deal and nothing to worry about.
no problem whatsoever if you are prepared to switch to AMD.
AMD has pretty much the exact same system in play, it just hasn't been attacked as earnestly as the IME yet. Look into the PSP. This is only good news for AMD if they can continue to lie about their security focus while still forcing the exact same DRM model that has brought Intel to this situation.
To get away from it you can select from certain ARM CPUs, Power, or RISC-V. Or, use old hardware from the early 2010s or before. Ryzen, Epyc, etc. are not going to get you away from this!
Not sure about other current CPUs but it seems to me that "old hardware from the early 2010s" lacks this kind of secure enclave altogether so would still be less secure then the new stuff with the vulnerability.
Depends on use case, but the older hardware tended to have isolated TPMs so would still have secure enclave support (ish) whereas with this vulnerability even something as basic as secure boot or firmware signing is completely trashed.
The new hardware of course has (at least on the Power side) secure enclave type functionality. ARM has its TrustZone, but SoCs with TrustZone and open firmware for it aren't the most common. Given a choice I'd use the newer chips that aren't from Intel or AMD but for those that feel they absolutely must game on their PC the old hardware is likely the only thing that will work.
Another example of what I assume is a government organisation gifted backdoor which shows that backdoors cannot be kept secret forever and once exposed, everyone can be screwed by every Tom,Dick and Harry.
All the US has to do now is to make a noise about foreign hardware having backdoors so everyone scrambles to buy US backdoored kit. oh wait...i'll get my coat.
'Unfixable' boot ROM security flaw in millions of Intel chips could spell 'utter chaos' for DRM, file encryption, etcAlthough exploitation is like shooting a lone fish in a tiny barrel 1,000 miles away ..... Shaun Nichols in San Francisco 5 Mar 2020 at 14:00
Attempts at prevention of exploitation are much more likely to be like shooting a lone fish in a tiny barrel 1,000 miles away, Shaun.
You can be sure if the key sequences to boot and root are lost and found in the ken of others, further experimentation is virtually guaranteed to be Servered as Spectacular BlockBusters in an Endless Stream of Halcyon Day 0Days.
The chance of exploitation is miniscule...and you get an unlimited number of attempts. I think I see the problem here.
So... we've built basically an entire world full of computers with a hardware backdoor, but fortunately only *trusted authorities* have the key to that backdoor. Only now the key is leaking. Time to pretend to be surprised and shocked and double down because a) this was never really a backdoor it's a handy tool for administrators, and b) this doesn't invalidate the need to put backdoors in everything else as well, which also aren't backdoors but desperately needed to protect you.
"[EPID] is used for things like providing anti-piracy DRM protections, and Internet-of-Things attestation"
Translation: the point of EPID is to ensure that you, the end user, do not have control of your computer. This is why its compromise is a disaster of biblical proportions. If your computer is compromised that's sad. If /their/ telemetry and DRM content is compromised, cats and dogs sleeping together, mass hysteria.
"So... we've built basically an entire world full of computers with a hardware backdoor, but fortunately only *trusted authorities* have the key to that backdoor."
We have built a world full of hardware/firmware/software made by others that we believe to be secure. It was never secure without trust and the trust was never deserved.
To try and address this, we have added even more layers of hardware/firmware/software and it appears that we have become even less secure.
A few more layers of hardware/firmware/software are bound to fix the issue. Or make it seem so far away it can never hurt us.
I, for one, am fascinated that this flaw exists and was open for all in the documentation (finally a reason to RTFM, no?) but I'd be intrigued how this behaves on a multi cpu system.
Whilst I'm aware that you used matched CPUs if one if compromised, does that mean they both are? Or is it a pot shot on if you can hijack one or multiple cpus in the attempt? Questions, questions..
TBC, but I reckon mutliple CPUs are going to make it harder for an exploit to successfully attack both successfully in that narrow window of opportunity. Doesn't mean its impossible.
Of course, what we now know is that pretty much every Intel CPU has the same key inside, and that need leak only once anywhere in the Internet for whatever havoc that can then ensue to actually happen. If that includes exploits beating up CPUs later on in their runtime (i.e. after that narrow window of opportunity has passed, but others are open if the key is known), then presumably all CPUs in a multi-chip setup would be vulnerable.
Could be that anyone relying on Intel CPU security features is going to be in a whole heap of trouble real soon.
Good news for AMD of course, though who knows what problems actually exist over there. On the whole they do seem to have dodged most of the bullets that have done a lot to dent Intel's reputation recently.
Good news for AMD of course
AMD has pretty much the exact same system in play, it just hasn't been attacked as earnestly as the IME yet. Look into the PSP. This is only good news for AMD if they can continue to lie about their security focus while still forcing the exact same DRM model that has brought Intel to this situation.
Go ahead, downvote me for daring to speak against Team Red...
Re. AMD, they very well may have the same vulnerability in their chipsets. Or they may have corrected any hole years ago. Since I have not seen an article analyzing AMD yet, I'm going to cautiously give them the benefit of the doubt thus far, partially in good faith since their CPUs aren't nearly as vulnerable as Intel's offerings from the same era, at least to as many exploits.
I know for a fact they just haven't been analyzed as much. AMD still has the exact same "keys to the kingdom" problem, they're just at a much smaller market share so interest in cracking their key versus Intel's key is a lot lower.
Same way Linux doesn't have many viruses -- tiny market share in terms of gullible PC users, so just not worth the effort to crack (yet).
The flaw exists in the supporting "Platform Controller Hub" or PCH rather than the CPU, so on a multi-processor system this is still likely to be present, assuming the PCH has the Intel Management Engine functionality.
As far as I can tell, this appears to make TPM/content protection keys vulnerable and may provide a way of introducing firmware onto hardware in the system. I say may as access appears to be gated by ROM instructions - it's not a free for all.
Its worth noting that this is using an Intel debug bus for access - while this information and the tools to use it are being publicly disclosed, Intel will already have something similar for debugging/development purposes. And will likely have provided it to their friends.
This is exactly why we use ARM and Power systems (though technically those systems are chosen only for the open firmware, it's mainly that those two architectures have CPUs with open firmware that are powerful / pervasive enough to be useful).
I just can't believe it's taken this long for the master key to leak...
...which makes me suspect it's already been extracted some time ago, just not in white hat circles / publicly.
Wonder what the GDPR implications are, since it's not exactly like the IME was a secret for the past 5+ years? Shouldn't purposefully choosing a cheap, but insecure, platform to store protected trigger some fairly nasty fines now that data leak (especially of, and I quote, "encrypted" data) is possible? Especially since the decision was purely to minimize cost on "that IT cost centre"?
If any kit on your computer has DMA access, is it capable of attacking the CSME in this way? I'm thinking perhaps of Ethernet controllers for systems that have power-on over Ethernet capability. If that controller has a different vulnerability that would allow an attacker to modify the ROM of the Ethernet controller, which has DMA and can reset the processor (or potentially power-cycle it) then you could have a significant vulnerability.
If that controller has a different vulnerability that would allow an attacker to modify the ROM of the Ethernet controller...
and what about the driver of that Ethernet controller ? For some of these controllers it's probably a closed-source driver, therefore anybody having access to the source of said driver could have already installed a usable exploit of this "vulnerability".
Said otherwise:
- US companies make Ethernet controllers with closed-source (binary blob) drivers.
- US government is known to spy on everybody, using computer tech
- US government has a law called "Gagging order" which prevents any US person from even telling that it received such an order
- US tech firm has made a "mistake" that can be leveraged by a DMA-capable Ethernet controller.
So, what are the odds that all this was actually designed: bake a backdoor into a family of CPUs, make said back-door exploitable via DMA at resume, make Ethernet controllers DMA and wake-on-LAN capable, install exploit of said backdoor into said driver of said controller, send gagging orders to everybody involved that they can't talk about any of it. Disguise all this as an unfortunate bug.
Yes, the NSA could have asked for the key's themselves, but if that request were ever to be leaked it would be impossible to deny.
> "So, basically, an attacker needs to run some software on your computer in a tiny period before the processor has been switched on, let alone started running even the OS? That sounds like a risk I'm happy to take."
How about "if my brain is dead just for a tiny period, it sounds like a risk I'm happy to take." ?
Tiny in deed.
@Ian Johnson
This doesn't need to interact with your OS at all. Dodgy software can attack the Intel management engine, which is a full-blown computer that resides inside your CPU and which has it's own OS and direct access to RAM, storage and all the rest of your hardware. By the time your PC gets as far as the BIOS to start the boot up process it is already game over - and there is nothing you can do to stop or fix it without getting a new, non-Intel CPU. This affects just about all the generations of the Core family, as well as various Xeons, Pentiums, Atoms and Celerons.
Don't some Intel or some Mobos have a JTAG accessible via USB?
Basically if you have LOCAL access, i.e. you are the Evil Maid (or Butler), all bets are off. Encrypted Discs, TPM, etc. The wonders of HID mean that you don't personally have to be local, send a nice gamer mouse to the target.
Maybe this needs something clever connected to the computer, but unlike regular warfare the "sniper" can keep trying at that crack without getting caught.
Wouldn't surprise me either if some maker leaves a flaw via esata, or the laptop dock or HDMI signalling or USB that allows the sniping.
Mine's the one with an apparently normal set of mouse, SD card, external esata device, USB mobile modem and USB memory sticks to drop on desks or in car parks.
Intel motherboards have a debug interface accessible with appropriate hardware
It looks like this would allow you to bypass TPM (bad) and HDCP (good....), but you need physical access to the device to do bad stuff.
As for firmware flaws, I suspect there are a lot of "standard practices" with firmware updating that makes this potentially dangerous - we never thought we'd need to digitally sign new firmware because it could only be updated by doing X....
Could be a bit of both. "Any point fixing this rare race case?" Would have little need to fix as "nah there's no risk it's too hard and impossible to exploit. "
With a little of "oh that's a nice overlooked error there we can use, lean on our friends at Intel not to fix or to add extra features to this..."
While attributing planning to this might be off. For those in the know or those with requirements ot would not take long for it to be a trick of the trade useful feature.
See the million dollar iPhone unlock exploits for sale as an example or frozen dram chip swaps as another. Why fix something so obscure a security risk? Why expect those who newd it not to take the easy route to cracking the system?
> utter chaos will reign
Nonsense! It affects only a subset of the world's machines and it really only makes easier some already-extant attacks.
So... partial chaos will reign.
Or perhaps, utter chaos will have a surprise surge in the electorate. Despite forming a new minority party, it fails to secure control of the country.
So we must assume the key is already extracted.The important question:
What can be done with that key? ...... Richard 12
The fear is pretty much take over and make over of operating systems catastrophically vulnerable to remote anonymous commands controlling collapses in exclusive executive market flash crashes, Richard 12.
And that and/or those able to exercise that key facility/utility are perfect candidates for exercising the efficacy of the power of Danegeld.
However, if ever classified as TS/SCI, it will not be widely known as an unfixable systemic security flaw being exploited and doused with Danegeld to try and mitigate and prevent colossal damage and manic disruption from a secret uncovered which cannot be denied, which remarkably allows it to be more stealthily employed elsewhere, should it be so desired.
My servers are re-booted maybe once in six months....maybe less often.
*
So....and attacker has a few seconds once every 15 million seconds.....so pretty difficult to time the attack!
*
But then, if the attacker has sufficient access to initiate the reboot....then it's game over anyway!
*
Move along....nothing to see here!
So the title mentions DRM and file encryption. So what does this mean for streaming video and Blu-ray playback on a computer?
Will video streaming be blown wide open once CSME access is gained? How about the encryption between a computer and an HDMI display? Will Blu-ray playback be able to be intercepted through this? What kind of ramifications does this have on DRM in general?
Why would they even do that? There are better ways of generating, storing, and protecting keys in HW during manufacturing. Unless Intel, in its infinite wisdom, decided to 'simplify' this whole process by simplifying the injection of keys.
WTF. Basic ABC of root of trust.