> "To fully compromise EPID, hackers would need to extract the hardware key used to encrypt the Chipset Key, which resides in Secure Key Storage (SKS)," explained Positive's Mark Ermolov.
> "However, this key is not platform-specific. A single key is used for an entire generation of Intel chipsets. And since the ROM vulnerability allows seizing control of code execution before the hardware key generation mechanism in the SKS is locked, and the ROM vulnerability cannot be fixed, we believe that extracting this key is only a matter of time.
> "When this happens, utter chaos will reign. Hardware IDs will be forged, digital content will be extracted, and data from encrypted hard disks will be decrypted."
And this formidable response as usual:
> Intel says folks should install the firmware-level mitigations, "maintain physical possession of their platform," and "adopt best security practices by installing updates as soon as they become available and being continually vigilant to detect and prevent intrusions and exploitations."
When will it stop? How deep run the flaws in Intel's platform? Is AMD equally exposed?
>Seems like a victory for privacy. Who wants to be tracked via hardware IDs?
Those are probably not the hardware ids you're thinking about. They're the hardware ids used in trusted computing (eg. remote attestation, TPM sealing), not the ones used for fingerprinting.
>People actually rely on proprietary hardware encryption? They should have learned the lesson when built-in SSD encryption turned out to be worthless.
This is a very naive take on what's at stake. With disk encryption, there's the risk of an evil maid attack (where the attacker replaces the bootloader with a malicious one and intercepts your key next time it boots). One way of preventing this is by using trusted computing to ensure that the encryption keys are only released when the system is at a known good state (ie. bootloader hasn't been tampered with). This applies to both proprietary solutions (bitlocker) and free ones (tpm-luks).
Anybody who doesn't want their data copied will be shedding tears. Including anybody with private files.
You are more than welcome to decline to use DRM if you don't like it. Just don't expect people to give you copies of data they don't want shared by you.
> Anybody who doesn't want their data copied will be shedding tears.
"Their" data? What a ludicrous concept. It's analogous to saying people own numbers.
> Just don't expect people to give you copies of data they don't want shared by you.
I fully expect people to distribute "their" data far and wide to anybody who asks for it. That's what copyright is all about: giving people the illusion they're in control of what happens to that data.
The truth is only one copy of the data is needed. Once it's out there, there are no limits to what can be done with it.
I haven't posted them. The fact that data is private means I'm currently the only one in possession of it. It doesn't mean it's mine. Should they leak, the solution is to invalidate those credentials and get new ones, not to invoke copyright and try to get all copies off the internet.
I think the average company should and does trust the physical security of Amazon's datacenters more than their own. If I had a nickel for every unvetted janitor allowed to clean an office alone near an easily pickable hardware closet...
this is more about the chipset on the motherboard.
to backdoor this you need to saddle a chip or a connector onto the PCH chip and win the race to takeover the bus.
or if your intel and you send a firmware update to modify the ME behaviour /state.
it would be fairly suspect in most cases but if this was done at the factory, it would be hard to tell for most people.
What really matters is just how much of a target you might be for someone to take the effort to engage in what really amounts to industrial/corporate espianage.
how long does it take for a machine to be opened and booted up, and what sort of charade would be required to make the opportunity.
if someone flatout stole your laptop, how long would it take for you to notice its been replaced by a stand in? would someone have the opportunity to swap your real laptop back to you unnoticed?
and seriously it doesnt need to be a nation state that does this, as all you need to be capable of physically is to inject digital pulses into the bus
crafting an exploit is where the skill comes in.
some people are motivated just by the opportunity to stir a pot.
"Cloud" is merely the modern spin on "terminal in the office, mainframe at the HQ". We moved from terminals to local mini/microcomputers back then, and we will move from "cloud" to edge computing again. Notably, serverless and "installable web apps" are already a growing thing.
And no, Sun, the network is the computer will not come to pass during this cycle.
AWS makes up a massive fraction of the whole internet. That ship has absolutely not sailed. If your company doesn't own the mainframe, it doesn't control the hardware.
> And no, Sun, the network is the computer will not come to pass during this cycle.
... we are arguing about this via web browser. O365, Google docs, Dropbox, iCloud and company are common ways to work with documents, SaaS has been a wild success in business, and major players (no pun intended) are pushing game streaming. The network isn't the only computer, but for a lot of people it's the main one.
The historical mainframes usually were rented from IBM and the likes. Less sunk investment, less reasons to stick with it.
>we are arguing about this via web browser
Which works equally well for remote AND local resources. Electron is popular for a reason.
All the centralized services - online Docs, Dropbox, Github etc., - are more subject to disruption and replacement than they would want you to believe.
SaaS has been a success in the same way "bring your own device" was a success - an end-run around the ossified, slow-moving and bureaucratic ICT department. It was nimble, fast and elastic; allowed for quick iteration and experimentation. Now that the SaaS is a big game, it's subject to the very same kind of disruption.
Take a look around, you'll see people using local Git repositories, and locally hosted web-based services to get shit done. Just to avoid the hassle of procurement & upkeep of big-name SaaS. Containers let you move the data & code to unmanaged iron where it's close to the user, instead of one big managed datacenter. SaaS and datacenter computing is not nimble anymore; local is nimble, and Google Stadia delivered the eulogy.
> When will it stop? How deep run the flaws in Intel's platform? Is AMD equally exposed?
We're seeing the tide turn from x86 to ARM pretty quick in both the datacenter and laptop markets. AMD should come through relatively unscathed as they're pretty diversified, but Intel is fucked. Graviton2 (Amazon's proprietary ARM stack) absolutely crushes x86 from a $/performance perspective, and there are plenty of other companies building 80+ core ARM chips.
Combined with the persistent rumors that Apple is shifting the Mac to ARM along with Microsoft reviving ARM Windows are a pretty strong signal as to where the laptop / desktop market is headed too. x86 (and by extension Intel's platform) is definitely headed towards a more niche role in the computing landscape.
ARM is shit compared to x86 for single-threaded computing; you're right about that. But ARM is great at the types of hypervisor-driven cloud workloads that most applications fit into. Most cloud workloads are limited by network latency far more than single-threaded performance.
x86 will still exist for high-performance workloads, and companies will happily pay a premium where they need it like they already do with GPU instances. But I do think we'll see the vast majority of cloud usage shift to ARM over the next 5 years. RISC-V may come in and replace it some time after that, but not without major cost advantages over both ARM and x86.
> This is used for things like providing anti-piracy DRM protections, and Internet-of-Things attestation
"Internet-of-Things attestation" ?? A poor attempt to stick a refreshing buzzword in front of a fundamentally unwanted user-betraying open-society-undermining technology.
Remote attestation does away with the basic foundation of protocols for mediating between mutually-untrusting parties, making it so users must trust the remote party. Imagine if websites attempting to enforce (browser fingerprinting, no image save, anti-adblock, etc) could successfully implement their hostile restrictions!
This break is great news for everybody that wants their computer to remain under their own control, rather than an increasingly locked down Big Tech WebTV.
"Piracy" is a buzzword too. Copyright infringement is a crime so victimless they feel the need to compare it to literal high seas piracy in order to make an impact.
> This break is great news for everybody that wants their computer to remain under their own control, rather than an increasingly locked down Big Tech WebTV.
Completely agree. This "security breach" is only bad for corporations who want to track users and implement DRM. It's great for the freedom of the people who are actually using the computers.
> "Internet-of-Things attestation" ?? A poor attempt to stick a refreshing buzzword in front of a fundamentally unwanted user-betraying open-society-undermining technology.
While I agree with you at a consumer level, at the industrial level this is a thing. Like, imagine a vertical farm that is controlled by a thousand, networked on-prem robots. An "attestation" mechanism makes setting this up easier and less-error prone.
How so specifically, compared to say just imaging the devices? Are we really worried about rogue employees putting rootkits on said robots, and to what end?
Remote attestation in general does have positive uses, and would be freedom preserving if the signing keys were controlled by the device's owner. The problem is Intel's design of baking in privileged keys that they themselves control, such that hostile parties can require that you run software that they provably control.
> Are we really worried about rogue employees putting rootkits on said robots, and to what end?
Not about rogue employees, but adversary states, just think of Stuxnet. Messing up a nation's food supply can induce everything from mild unrest to full scale civil war and mass migration. For now (!) we have the lucky advantage that most farm labor is still manual / the machines that exist can either be trivially replaced with older non-smart machines or by manual labor... but imagine 20, 30 years in the future?
Agreed about the evil of DRM and treacherous computing, but do not conflate the shift in trust to a remote party with the attestation mechanism itself, which can be neutral. The idea behind attestation is that hardware signs a quote regarding that which is running on the device, one that is cryptographically verifiable. Verifiable for what purpose is a separate question.
The purpose depends entirely on who creates/vouches for the attestation key. If the attestation key can be generated by the owner and then loaded into the secure element, then the owner can prove to themselves that the system has not been tampered with. But they cannot prove to anybody else what code is running on the system, as the owner can use a copy of the attestation key outside of the secure element to sign whatever they like. This is a good thing.
If the attestation key has been created by Intel (or within the secure element and signed by Intel), then the system can verify to arbitrary parties that the owner has not "tampered" with their own system. This creates a security vulnerability, as now overly aggressive (aka hostile) parties can demand that the owner gives up control of their own system as a condition of interacting with them.
Given the extreme power imbalance in B2C relationships, if this vulnerability exists it will eventually be abused in lockstep. Remember the days of dual-booting Windows to run some proprietary crapware? Yeah, that again, but with websites. And you couldn't just run a headless second machine with VNC, or even use too old of a monitor, depending on the business whims of the proprietary OS!
Second that. And yet, the B2C asymmetry was and is there regardless of whether one is "forced" to relinquish control over part of their machine. The current attestation models are an extension of the power imbalance. Intel, being a profit driven company, sought to meet its customers' demands.
Perhaps it sounds dumb but when I buy something I want to own it. It doesn't seem all that legally complicated? After I buy a thing it should stop doing things for previous owners.
The labs team at work wrote a bit [0] about why this is over-hyped (more context in the full post):
> Arbitrary code execution is bad! But exploiting this vulnerability requires local access at a minimum, compounded by the attacker needing to exploit a relevant device to gain a foothold on the system. This list of valid footholds is quite limited. For instance, an attacker would need to perform code execution in the ISH or other Platform Controller Hub (PCH) devices — exploiting PCIe devices (like GPUs or RAID controllers) wouldn’t suffice. Additionally, per the original blog post, other methods of exploitation require physical access. Either way, this is limited to incredibly motivated and well-resourced attackers (like a nation-state with a high-value target identified).
So, every serious company should be concerned that their competition (maybe abroad) will be able to eventually decrypt a lost / stolen laptop with trade secrets. So every corporate laptop needs its full-disk encryption upgraded. It's large.
the problem is the hardware being replaced to begin with.
The ME is not needed for the end user to operate thier machine in a secure manner.
The ME is a trojan that allows intel to manipulate your system and lock you into the whole DRM nonsense.
the only reason Intel platforms havent become as bad as mobile platforms is because there isnt enough fear of system compromise from the average user.
You know if your did less FUD there's a chance people may actually engage in a conversation with you.
Anyone from enterprise knows his much of a timesaver amt is. I make a call andi don't have to wait for the IT dude to appear on my desk- he clicks a few buttons from his desk and my problem is fixed.
Active Management Technology (AMT) is built on top of Intel ME. ME lets a trusted party control the computer without letting every peer control the computer.
I think the point is that all of this can be implemented purely in software that runs at the OS level, or even application level. There's no need to put this in a place where it's difficult to update/patch, and is entirely opaque and user-hostile to the point that the actual end-owner of the hardware can reasonably be sure they know what it does and can control what it does.
In other words: I don't want a backdoor into my system that I can't examine or disable.
So it seems that the flaw can’t plausibly be exploited by a remote or adjacent attacker or software. So what’s the impact here? Warez scene wreaking havoc with lossless WEB-DLs?
A ton of warez groups (even a lot of P2P ones) already have a Widewine exploit that works for >=1080p anyway, some groups (BLUTONiUM, PETRiFiED ++) even have a 2160p exploit.
It's actually quite amazing that the 1080p exploit hasn't leaked and been patched yet, considering how widespread it is.
<=1080p content is typically only protected by code obfuscation. There aren't usually any "exploits", merely a moderately skilled reverse engineering effort - as such, nothing can be patched any time soon.
if intel can manage your machine state remotely [they can with ME] then someone else can as well.
corporate customers often have an elevated relationship that retail consumers dont have. There is a different level of trust. I dont trust Intel. I didnt ask for ME and i treat any hardware with ME as an edge device.
as far as impact is concerned its possible that clone machines could be manufactured with hardware modifications.
how possible depends on how much money someone has to throw at the project.
exploit chips could become a common offering all you need is a steady hand and a solder iron, and a blob of epoxy for good measure if you want to hide the job.
if as a highminded attacker you determine the hardware key, as it stands you can then decode a software key and begin manipulating firmware. The concern being that the same hardware key is used accross all ME chipsets.
> "To fully compromise EPID, hackers would need to extract the hardware key used to encrypt the Chipset Key, which resides in Secure Key Storage (SKS)," explained Positive's Mark Ermolov.
> "However, this key is not platform-specific. A single key is used for an entire generation of Intel chipsets. And since the ROM vulnerability allows seizing control of code execution before the hardware key generation mechanism in the SKS is locked, and the ROM vulnerability cannot be fixed, we believe that extracting this key is only a matter of time.
> "When this happens, utter chaos will reign. Hardware IDs will be forged, digital content will be extracted, and data from encrypted hard disks will be decrypted."
And this formidable response as usual:
> Intel says folks should install the firmware-level mitigations, "maintain physical possession of their platform," and "adopt best security practices by installing updates as soon as they become available and being continually vigilant to detect and prevent intrusions and exploitations."
When will it stop? How deep run the flaws in Intel's platform? Is AMD equally exposed?