another potentially serious flaw in intel chips

Discussion in 'Hardware' started by desertlap, Oct 30, 2020.

  1. desertlap

    desertlap Scribbler - Standard Member Senior Member

    Messages:
    2,626
    Likes Received:
    3,295
    Trophy Points:
    181
    From Ars Technica
    https://arstechnica.com/gadgets/202...ct-secret-key-used-to-encrypt-intel-cpu-code/

    So honestly, it's still early days to figure out how big this flaw is. We had a demonstration of a delivery method for the exploit which should give all here pause. Basically on the system we saw this exploit demoed, an HP, they used Hp's firmware update mechanism to deliver the modified microcode.

    One bit of good news here is that it triggered Windows authentication mechanism, similar to what happens if you make significant hardware changes such as changing your video card and disk controller in a desktop. Now if the average user will know enough to get alarmed, is an open question

    So a few observations from the demo we saw.

    1. Ironically AMD is likely spared this fault, due to differences in the way the authentication of keys requiring a chip on a supported motherboard.

    2. So far they have only cracked one chipset, but the researchers feel that its likely at a minimum, a potential issue with succeeding generations of chips because Intel is so iterative with their chip generations.

    3. Unlike the Spectre flaws, this exploit doesn't need physical access to the PC. They demonstrated it using HP's firmware update mechanism over the air which by default is turned on active. In the demo we saw, the only warning was a notification that "a new critical update was downloaded and installed , please restart your PC...."

    OTOH, it's also equally exploitable via Linux.

    4. Given that intel still has not significantly addressed the Spectre flaws at hardware chip level, but instead mostly via microcode patches and also Windows based mitigations, this is yet another concern for IT folks with intel chips

    Not much we can do at this point other than watch what happens and continue to be vigilant with our own and customer systems.
     
    Last edited: Oct 30, 2020
    Marty, JoeS, dellaster and 2 others like this.
  2. Steve S

    Steve S Pen Pro - Senior Member Super Moderator

    Messages:
    8,161
    Likes Received:
    3,659
    Trophy Points:
    331
    Sigh....
     
  3. JoeS

    JoeS I'm all ears Senior Member

    Messages:
    5,565
    Likes Received:
    3,852
    Trophy Points:
    331
    The article does state
    For the HP firmware to be installed, would the attacker first need to hack HP's update infrastructure? Because if so, this is still not as much a concern for the typical home user. Until HP gets hacked that is.
     
    dellaster likes this.
  4. desertlap

    desertlap Scribbler - Standard Member Senior Member

    Messages:
    2,626
    Likes Received:
    3,295
    Trophy Points:
    181
    @JoeS I'm not sure exactly how they hijacked HP's firmware update backend mechanism to do the exploit. They did tell us that it was a bog standard HP load, only with all the current windows software and HP hardware updates installed. We were actual guests of one our corporate customers and thus were limited in the questions we could ask.

    I suspect that it may have been a man in the middle type of thing, possibly spoofing HP's update servers.
     
    Last edited: Oct 30, 2020
  5. JoeS

    JoeS I'm all ears Senior Member

    Messages:
    5,565
    Likes Received:
    3,852
    Trophy Points:
    331
    Now that would be scary. It still probably means you'd need a very dedicated attacker, intercepting Wifi traffic near the actual user. So huge problem for high-value targets, but not the average Joe Schmoe at Starbucks I'd think. Definitely very interesting through.
     
    dellaster and desertlap like this.
  6. desertlap

    desertlap Scribbler - Standard Member Senior Member

    Messages:
    2,626
    Likes Received:
    3,295
    Trophy Points:
    181
    I hope you are right, though the Experian hack a few years ago originated via an employee using WifI at a Starbucks :(
     
    JoeS likes this.
  7. desertlap

    desertlap Scribbler - Standard Member Senior Member

    Messages:
    2,626
    Likes Received:
    3,295
    Trophy Points:
    181
    This was a postscript I was hoping wouldn't occur. When we first got a demonstration of the above flaw, the researchers felt that this was the first of multiple exploits to come...and they are right. This one is a bit more challenging since Linux right now is the easiest method to exploit it.

    Unclear if AMD is affected though they think in this case it's likely since they licensed the Sandy Bridge tech and it's used in the 4th gen Ryzens

    Sigh....:(
    https://arstechnica.com/information...gain-this-time-thanks-to-on-chip-power-meter/
     
  8. JoeS

    JoeS I'm all ears Senior Member

    Messages:
    5,565
    Likes Received:
    3,852
    Trophy Points:
    331
    Side note, isn't Ars Technica the best? Love that place. So much that I pay them $50/yr for reading the same articles that I could read for free. :)
     
    desertlap likes this.
  9. desertlap

    desertlap Scribbler - Standard Member Senior Member

    Messages:
    2,626
    Likes Received:
    3,295
    Trophy Points:
    181
    Agreed, for exactly stuff like this. The rest of the major site like CNET, The Verge and Engadget seem to ignore
     
  10. JoeS

    JoeS I'm all ears Senior Member

    Messages:
    5,565
    Likes Received:
    3,852
    Trophy Points:
    331
    That plus their science coverage, spaceflight coverage, games coverage, all written by people who believe facts are a thing. It's refreshing. :D
     

Share This Page