Topic: an example of high-profile chip-level backdoor - page 2. (Read 3755 times)
The argument "And it would be a stretch to believe some 3 letter agencies wouldnt have the keys." is an invalid FUD argument.
FUD?
If thats a reply to my post, just read the documentation, its completely public and in fact marketed heavily by intel for its legitimate use. Look here:
http://software.intel.com/en-us/articles/architecture-guide-intel-active-management-technology/
Its basically the mother of all root kits.
FUD?
This is a storm in a glass of water.
If you are worried about hardware backdoors, just imagine if your PC or laptop had a real hardware backdoor that would allow an attacker to connect remotely over LAN, Wifi or 3G to access your harddrive, your RAM, your display, your keyboard, your microphone, your camera. It would render any and all of your attempts to protect your privacy null and void, including any encryption. Something immune to software protection or detection, completely OS independent, in fact, even independent of the main cpu and therefore impossible to detect. Something that works out of band, even when your PC is powered off. Something that you cant disable, even if you think you can, because it can remotely be enabled again. All it would take is someone having the key to this backdoor
Sounds far fetched? Yet if you have an intel laptop or PC with AMT/vpro; thats precisely what you got.
http://en.wikipedia.org/wiki/Intel_Active_Management_Technology
And it would be a stretch to believe some 3 letter agencies wouldnt have the keys.
If you are worried about hardware backdoors, just imagine if your PC or laptop had a real hardware backdoor that would allow an attacker to connect remotely over LAN, Wifi or 3G to access your harddrive, your RAM, your display, your keyboard, your microphone, your camera. It would render any and all of your attempts to protect your privacy null and void, including any encryption. Something immune to software protection or detection, completely OS independent, in fact, even independent of the main cpu and therefore impossible to detect. Something that works out of band, even when your PC is powered off. Something that you cant disable, even if you think you can, because it can remotely be enabled again. All it would take is someone having the key to this backdoor
Sounds far fetched? Yet if you have an intel laptop or PC with AMT/vpro; thats precisely what you got.
http://en.wikipedia.org/wiki/Intel_Active_Management_Technology
And it would be a stretch to believe some 3 letter agencies wouldnt have the keys.
It is not a backdoor. It is a manufacturer diagnostic facility that can be used to bypass security checks. I'd call that "a vulnerability".
The chip manufacturer says it is present physically on the chip but cannot be used. So it is not clear from this usual journalist rubbish what exactly did they found. And I'm too lazy to find and read the original paper.
Such "backdoors" has been known for very long time. They have been used to unlock the phones. These days phones have very secure means to forbid flashing custom firmware - for example, Motorola E398 had a special facility in the chip to check RSA signature on firmware before executing it. However, this check could be disabled programmatically, and people eventually found how.
The only news here is that such "backdoor" was found by examining not software but hardware and I think the paper focuses not on the vulnerability but on the novel method of chip analysis.
Can someone comment on this? I'm not sure I described it correctly.
The chip manufacturer says it is present physically on the chip but cannot be used. So it is not clear from this usual journalist rubbish what exactly did they found. And I'm too lazy to find and read the original paper.
Such "backdoors" has been known for very long time. They have been used to unlock the phones. These days phones have very secure means to forbid flashing custom firmware - for example, Motorola E398 had a special facility in the chip to check RSA signature on firmware before executing it. However, this check could be disabled programmatically, and people eventually found how.
The only news here is that such "backdoor" was found by examining not software but hardware and I think the paper focuses not on the vulnerability but on the novel method of chip analysis.
Can someone comment on this? I'm not sure I described it correctly.
im in ur fpga stealin ur hashez
It's ways more serious than that. I'm not surprised with this being possible, but I am amused to read that it actually happened.
If you look, you would notice that the article is specifically referring to an expensive custom FPGA designed for governmental use, likely one that would cost tens of thousands of dollars per chip. Quite a bit different than the $150 chips that most of the Bitcoin miners use.
im in ur fpga stealin ur hashez
It's ways more serious than that. I'm not surprised with this being possible, but I am amused to read that it actually happened.
im in ur fpga stealin ur hashez
This is LOL
http://www.csmonitor.com/USA/2012/0607/Report-Hackers-could-access-US-weapons-systems-through-vulnerable-chip
I found the article interesting. Apparently a backdoor has been hard-wired into an FPGA. This has obvious implications for designers of bitcoin-related hardware.
I found the article interesting. Apparently a backdoor has been hard-wired into an FPGA. This has obvious implications for designers of bitcoin-related hardware.
Jump to: