Researchers Hack Intel's VPro

snydeq writes "Security researchers from Invisible Things Lab have created software that can 'compromise the integrity' of software loaded using Intel's vPro Trusted Execution Technology, which is supposed to help protect software from being seen or tampered with by other programs on the machine. The researchers say they have created a two-stage attack, with the first stage exploiting a bug in Intel's system software. The second stage relies on a design flaw in the TXT technology itself (PDF). The researchers plan to give more details on their work at the Black Hat DC security conference next month."

Re:Another repeat: the unlockable lock

Then why can't I rip my SACDs yet? :(

Re:Thank you!

That is completely different that what DRM for multimedia is. For multimedia, they want you to be able to view the content without being able to copy them, which is fairly ridiculous.

For TPM (or whatever the marketing acronym is now), they're just using hardware to ensure that only signed binaries are executed. There's valid reasons to want this as a user. For instance, sign the kernel. On first run, error out saying the app isn't signed and ask you to sign it yourself (or for things like linux distros, the binaries are signed by the distro or repo). Thus viral infections by modifying binaries & rootkits become much more difficult (e.g. theoretically a system that starts out non-compromised cannot become so by modifying existing programs and would need you to actively sign compromised apps before they start).

Here's the overlap and the reason it's bad: from what I understand, the signing authority must be the TPM chip maker. Thus you're relying on potentially someone you don't trust to perform the signing, instead of being able to chose whome to trust. Very likely, it'll be used to strip the user of the capability to do what they want. For example, wanna play a DVD? Only friendly, region-obeying, DVD playing software is allowed. Wanna play music? Only software that honors DRM restrictions allowed.

Re:Thank you!

[Deanalator]

Bullshit, not a single person working on TPM at Intel thinks it will ever work for DRM. I say this as someone who as talked with several of the security architects and TCG liaisons (in a non-professional setting).

TPM does close to nothing to prevent local attacks. What it is meant for is to prevent remote attackers from digging too deep by providing a safe place to store keys.

It is used to sign code. What Joanna did is what she always does, she found a fun way to get arbitrary code to execute when only signed code is supposed to be able to.

Re:Another repeat: the unlockable lock

[Chabo]

It's up to app designers to make the default bitrate more towards the "transparent" region.

I've been trying to get my friends (the more technically-oriented ones, anyway) to rip to FLACs to keep on their primary machine, and to use my program (see my sig) to convert to decent-quality Oggs or MP3s for portable use.

I convert to Oggs mainly because MP3s aren't designed for gapless playback, and they work with Rockbox. "-q 6" gives VBR at around 192kbps -- more than enough for a portable player going over a pair of earbuds, and I have the FLACs for when I'm sitting at home, with my good headphones.

Bug in 'system software'

[Daemonax]

Is this 'system software', a driver for Windows, or is it a bug in the firmware and therefore compromises the security this provides regardless of OS? Also, if it's firmware, is it the type that's burnt into the hardware and can't be changed, or the type that's loaded by the OS? If the later, this seems to me like a good reason for companies like Intel to release the source code for firmware.

Re:Wii Homebrew Channel

[nobodylocalhost]

On the same note, has anyone cracked the xbox 360 hardware security? The only thing i see so far is that XFPS device which uses a "man in the middle" attack to hijack the connection between a controller and the console itself.

Re:Thank you!

[hairyfeet]

Bingo! We have a winner! You would have to be nuts to use TPM when something as mundane as a mobo failure can cause all your data to go poof. But I have a more fundamental problem with it. If I buy a car you better hand me the damned keys, I buy a house, a lockbox, same thing. There ain't no way in hell I'm shelling out good money on a PC that has a lock that they won't give me the damned keys to.

I avoid software that expects us to pay full price for a rental, and TPM is the same thing. Without the keys those that have the keys can flip the switch and my money just went to a doorstop. So I'll keep building my own desktops and buying laptops without any stupid locks that I don't have the keys for. The big OEMs can push that crap all they want, it just gives me a reason to avoid them. I am sure that as long as computers are built overseas there will be somebody willing to build one without a TPM chip to save a few bucks. And I'll be happy to buy from them. Voting with your wallet: its a good thing.