These hardware bugs turn that idea on its head, suddenly the whole ghost in the shell hacker style dream is again a possibility. A motivated person or group of persons might go and hack any system out there. And that's really a bit reassuring, it's a little bit scary to think about how our lives might be ruled by these systems that are unassailable. I'd like to at least stand a chance when technology turns on us.
Where in the world did this fantastic idea come from?
To me the history of Pwn2Own exactly shows the trend I'm talking about. Going from very successful editions to increasingly less successful editions as the years go by to the point where the competition barely even exists anymore.
And then that baseband firmware exploit, that's the dream. You could hack any device with that almost regardless of what software runs on top. I put that in the same class as the Intel chip vulnerabilities.
Per the slides over 150 of those kernel bugs resulted in code execution, and that is already a lowball count of the true number. Upstream Linux, being possibly the most visible and well-resourced OS codebase around, even by 2019 does not have the tools necessary just to automatically find the bugs we already know exist.
I don't suppose there's any more information - it sounds like an interesting tale.
The media loves to blow things out of proportion, but all the specexec attacks are really not as big a deal as e.g. remote code execution. In some ways, they are the real-world equivalent of "you can sometimes hear things your neighbours say, with a sensitive microphone and lots of patience."
It's user hostile code executed by foreign entities on devices that you are supposed to "own"
It doesn't feel very different to printing a PostScript file to me. You're giving someone access to run their "arbitrary code" in a VM on your system with very limited permissions.
There's also a big difference between these sort of vulnerabilities, and the sort of problems that enable for example ransomware, which is a serious issue that has a more difficult solution than simply designing more robust hardware.
Anyway, if you're intrigued maybe check out Ghost in the Shell sometime (not the one with Scarlett Johansson, although it is enjoyable, it's not really the same thing), if it needs to be Hollywood, then maybe the Hackers movie would also work a bit (with Angelina Jolie).
Did anyone read this and not laugh out loud?
"These hardware bugs turn that idea on its head, suddenly the whole ghost in the shell hacker style dream is again a possibility"
No, it was always a possibility.
It hasn't been particularly hard to jailbreak iOS or root Android devices if you have physical access. We've seen several hilarious examples of exploits over the years regarding lock screen bugs or magic SMS parsing bugs.
68% of Linux kernel exploits in 2018 were caused by C's lack of features to handle memory corruption.
you must be living in a different world...
Maybe from remote attacks, but nothing can defend against a good ol' keylogger, not even 2FA.
Even if you were just a lowly scriptkiddie, because of the bad update policies you could just go to an exploit website, like metasploit is now, and try out the list of old exploits on any target you were interested in. A friend of mine had 40.000 routers in some Scandinavian country because their ISP shipped them to customers with a 4 year old BSD release that had known vulnerabilities in it.
Worth pointing out that Xen is not vulnerable to the swapgs attack due to a lucky design decision from a decade ago: https://lists.xenproject.org/archives/html/xen-devel/2019-08...
Microsoft also played ball with Linux vendors alerting them to this vector. This allowed them to get the swapGS fixes tested and sane.
This interaction with the opensource community has significantly increased my respect for Microsoft.
Still no spectre exploit (or even attempt) found in the wild. There should have been something by now.
If anybody has access to the POC code I would love to see it. Until (and probably after I see how laughable it is), I'll assume this is just a press release by some security company.
I don't accept the general hand waving "they keep getting better" because they haven't.
Most of these the exfiltration rate is so slow that simply xor'ing the secret with a random seed that changes locations or moving the memory around itself would prevent any attack.
Any way to get the good without the reprehensible?