Topic: intel vPro processor backdoor to make securing bitcoin impossable? (Read 9489 times)

The thing is, I DON'T trust my OS, or my other software. I trust that either I, or others have reverse engineered it to check that it doesn't do anything malicious. Just like I don't actually trust that a bank will return my deposit, I trust that I can take them to court if they don't.

Of course they're not going to sell processors that only run enclaved code signed by them. That would indeed be silly. I'm saying that code that runs within an enclave will be impossible to reverse engineer without the private keys.

Ok, well I think that in principle it's not such a bad thing. It's exactly as I described earlier: this is a very powerful mechanism, for use and abuse. If you have good evidence to trust your hardware manufacturer and your OS (...and your other software) then it's actually highly resistant to malevolent state actors. And therefore this category of innovation has the potential to safeguard your digital privacy in a way that's as close to absolute as there ever has been (given what we know now about the past). But perhaps SGX itself will be conniving in the extreme, we will find out in time. Intel will do themselves commercial harm to do this too overtly though, I strongly suspect the barriers to entry in the processor design/manufacture market will become lower and lower as we go through the 2020's. Imagine 3D printing your own processor design, as it will happen at some point in our lifetime.

i know i was just messing around.

Gavin gets paid for working full time on Bitcoin, I would guess he's being compensated well enough that his finances haven't become totally uncomfortable (although I suspect he's also not being paid well enough either, but I won't speculate further as it's tantamount to expecting some kind of clarification).

I agree with the sentiments about diversifying the hardware you rely on, but I would go one step further. As an early example in the field, I think the guys at Trezor are best placed of all hardware producers to come up with something that's difficult for government agencies or (private sector) criminals to exploit. The Trezor people have a truly believable motivation to create secure devices, no matter the scenario, no matter how cynical you are. You can't say the same thing for computer hardware manufacturers in general, and in my true-cynic's view, assuming that separate legal jurisdictions have genuinely separate allegiances might not be such a logical assumption to rely on. You can trust slush and stick's motivations better than you can other hardware producers. This doesn't mean they can't produce a fallible design, but they're the least likely to come up with something that has intentional flaws.

thanks for chiming in Gavin. that sounds like very good advise to me.

also you must be able to afford to lose a lot of time seeing as how much you have invested in this project so far

Relying on any single piece of hardware to secure your bitcoins is a bad idea. In the future, you should use two pieces of hardware created in two different parts of the world by two different organizations in two different legal jurisdictions to secure your bitcoins.

Right now... "only invest time or money you can afford to lose."

So, now we're looking at steel plate rooms to go with our steel plate hats? I'm gonna be entirely candid here: there's a reason, I think, that no processor manufacturer from any country can fill this void with a certifiably snoop-free option, and it's that it's not allowed. No government will allow such a thing to exist, it's bad for business.  And so you have to conclude that, despite all the drama played out in the news media, governments from North Korea to the big US all the way to "information freedom fighters" like Iceland are happy with this situation. And if that's true, what's with all the drama, anyway? You'd think they could put on a show that was little more entertaining and not quite so terrifying. Hmmm. Oh, and, call me skeptical.

keep in mind that paid 3G service (via a simcard, etc) only means that you are authorized to communicate with the public internet via a cell tower using a particular frequency. the ability to send and receive on the 3G band only requires that the antenna exist in the hardware.

there is absolutely nothing stopping someone from using a 3g imsi catcher locally, e.g. sitting in a car outside your house or wherever these machines are housed.

intel probably has an agreement with 3g providers, similar to how amazon has an agreement to provide 3g to its kindle devices.

By the way, who's paying for the 3G service for every one of these processors?  Intel, Verizon, or the NSA?

howdy justus

nice to see this thread here since the blog entry that described the potential vulnerability got 'spiked' from reddit in short order a week ago.

secure compute facilities will often house their critical systems inside an EM-isolated room, i.e. faraday cage. considering that it is _very_ difficult to ever know exactly what circuits are live or backdoored, isolating the systems from remote EM signals is a pretty sound practice. this is done to prevent both remote control channels and passive interception from working on machines inside such a room.

intel is surely the recipient of one or more NSLs that state it must publicly deny any such hardware backdoors exist, just like the PRISM collaborators.  even if intel management approved of such an action, they would still want an NSL so they can CYA in the instance they were ever implicated in the planting of backdoors.

the trouble with complex systems, like computers, is that anyone planting a backdoor has a lot of plausible deniability, e.g. "oh wow, i didn't realize that i left that remote update path accessible on this NIC firmware!". the same goes for intel: they can easily claim that "well, we never intended someone to be able to get remote DMA over 3G on your laptop".

unless you've got a proper EM-isolated room and have assurances that you are not vulnerable to remote attacks a la firmware attacks or OS exploits, someone owning your computer is always a possibility. an EM-isolated room or enclosure can be quite expensive and having resistance to firmware attacks is nontrivial.

thats super weird to me. i really need to learn more about computer architecture because i thought processors all performed the same very basic process only some faster than others and some with more parallel instances of that basic process than others.

in-fact im going to go get started on that right now. thanks for the info.

*edit* you know if it seems my assumption was basically right. since it is just a couple of simple processes we are dealing with here, perhaps electronics engineers are adding layers of complexity in-order to achieve marginal gains in performance at the behest of consumers seeking cutting edge performance. perhaps if consumers were more interested in security and were willing to trade some performance for security than fractalen processors could be build that would make security audits easy as pie. i hope this makes sense.

From what I've read up on, yes. It's even possible to do this in a plausibly deniable way, hence "insidious" in my previous post. I suspect that it would be unwise to use this sort of exploit on a widespread scale, as it only increases the chances that Intel get bad publicity from having "exploitable flaws" as opposed to deliberate backdoors. I think it's best to assume that all systems at all levels are breakable in one way or another; start all plans to secure your digital stuff with that assumption.

lets suppose for the sake of discussion that the nsa promised intel all sorts of goodies to hardware backdoor all of their processors. do you think it would be possible for intel to get away with this? is it possible to audit for this sort of thing? is anyone auditing for this sort of thing?

Again: No.

That's not how the SGX model is said to work, that's the (admittedly possible) tin-foil hat version. But Intel aren't going to sell processors to which only they have the private key to run enclaved code, and more to the point, consumers won't buy them. What sort of a "feature" would that even be? Intel could use much more insidious ways to back-door their processors.

Gotta wonder if intel buying mcafee a few years ago has anything to do with this. Never quite understood why intel wanted mcafee, and so badly they paid almost $8B for it, ~3x AMD's market cap.

No.

This is all true, if SGX turns out to be everything Intel says it will be. And it only causes an issue if your OS hasn't been re-engineered with the new instructions in mind. And if OS design properly leverages the capabilities of SGX, you could end up with a more secure machine/system than there's ever been. So it's more appropriate to say that this is potentially a very sharp double edged sword type affair, not "Intel engineers the most insidious backdoor ever".

They are durable and you get them for cheap when company buys new computers and dumps the old ones.

Yes, you can disable vPro. When you are using the machine, use an USB-Ethernet or USB Wifi adapter. When you are not using it, unplug it from the wall.

That said, I don't understand why you would buy such a machine in the first place. Those are for business environments and are more expensive.