Researchers Hack Intel's VPro

snydeq writes "Security researchers from Invisible Things Lab have created software that can 'compromise the integrity' of software loaded using Intel's vPro Trusted Execution Technology, which is supposed to help protect software from being seen or tampered with by other programs on the machine. The researchers say they have created a two-stage attack, with the first stage exploiting a bug in Intel's system software. The second stage relies on a design flaw in the TXT technology itself (PDF). The researchers plan to give more details on their work at the Black Hat DC security conference next month."

Re:Thank you!

That is completely different that what DRM for multimedia is. For multimedia, they want you to be able to view the content without being able to copy them, which is fairly ridiculous.

For TPM (or whatever the marketing acronym is now), they're just using hardware to ensure that only signed binaries are executed. There's valid reasons to want this as a user. For instance, sign the kernel. On first run, error out saying the app isn't signed and ask you to sign it yourself (or for things like linux distros, the binaries are signed by the distro or repo). Thus viral infections by modifying binaries & rootkits become much more difficult (e.g. theoretically a system that starts out non-compromised cannot become so by modifying existing programs and would need you to actively sign compromised apps before they start).

Here's the overlap and the reason it's bad: from what I understand, the signing authority must be the TPM chip maker. Thus you're relying on potentially someone you don't trust to perform the signing, instead of being able to chose whome to trust. Very likely, it'll be used to strip the user of the capability to do what they want. For example, wanna play a DVD? Only friendly, region-obeying, DVD playing software is allowed. Wanna play music? Only software that honors DRM restrictions allowed.