Slashdot Mirror

← Back to Stories (view on slashdot.org)

Researchers Hack Intel's VPro

Posted by kdawson on from the joy-of-breaking-the-unbreakable dept.

snydeq writes "Security researchers from Invisible Things Lab have created software that can 'compromise the integrity' of software loaded using Intel's vPro Trusted Execution Technology, which is supposed to help protect software from being seen or tampered with by other programs on the machine. The researchers say they have created a two-stage attack, with the first stage exploiting a bug in Intel's system software. The second stage relies on a design flaw in the TXT technology itself (PDF). The researchers plan to give more details on their work at the Black Hat DC security conference next month."

6 of 105 comments (clear)

  1. Invisible Things Labs is J. Rutkowska (Blue Pill) by paleshadows · · Score: 5, Informative
    "Invisible Things Labs" means, more or less, Joanna Rutkowska, discussed in these related slashdot stories
  2. Hmm by Anonymous Coward · · Score: 1, Informative

    The Wii has 232 bit elliptic curve encryption. While it hasn't yet been broken, someone I believe did break a 109-bit key. There isn't security that will ever exist which can't be broken.

  3. Re:Wii Homebrew Channel by Anonymous Coward · · Score: 3, Informative

    Yes. Google '360 timing attack'. All keys can be retrieved, at which point you can disable/bypass the encryption at any stage after the very first hardware-embedded loader signature checks.

  4. Re:Wii Homebrew Channel by marcansoft · · Score: 4, Informative

    Someone's been living under a rock since December 2007.

    I'll just point you to the recent 25th Chaos Community Congress Console Hacking talk (slides, video) which neatly summarizes a year of hacking and how much of a horrible failure Nintendo's security has been.

    Spoiler: their signatures used to have 8-bit security. Literally.

    We've had lots of fun.

  5. Re:Another repeat: the unlockable lock by Anonymous Coward · · Score: 1, Informative

    There's already a hardware hack in progress. But, as you say, the format is so obscure there's little demand for such ripping.

  6. Re:Wrong Wrong Wrong by wildstoo · · Score: 2, Informative

    From Wikipedia:

    Intel Active Management Technology (AMT) is hardware-based technology for remotely managing and securing PCs out-of-band.

    Also from Wikipedia:

    Out-of-band is a technical term with different uses in communications and telecommunication. It refers to communications which occur outside of a previously established communications method or channel.

    In this case it means remotely changing system (BIOS) settings etc. while workstations/servers are 'powered down'. There's more to it than that, of course. Check the features list on that linked article.