Researchers Hack Intel's VPro

← Back to Stories (view on slashdot.org)

Researchers Hack Intel's VPro

Posted by kdawson on Tuesday January 6, 2009 @10:18AM from the joy-of-breaking-the-unbreakable dept.

snydeq writes "Security researchers from Invisible Things Lab have created software that can 'compromise the integrity' of software loaded using Intel's vPro Trusted Execution Technology, which is supposed to help protect software from being seen or tampered with by other programs on the machine. The researchers say they have created a two-stage attack, with the first stage exploiting a bug in Intel's system software. The second stage relies on a design flaw in the TXT technology itself (PDF). The researchers plan to give more details on their work at the Black Hat DC security conference next month."

30 of 105 comments (clear)

Min score:

Reason:

Sort:

TXT? PDF? Wha? by Yvan256 · 2009-01-06 10:25 · Score: 4, Funny

a design flaw in the TXT technology itself (PDF).
So we need to read a PDF to read about flaws in TXT?
What do you mean it's not about plain text files?
1. Re:TXT? PDF? Wha? by Anonymous Coward · 2009-01-06 11:08 · Score: 2, Funny
  
  I can't you're joking. Whoosh if you are.
  If not: TXT: Trusted Execution Technology
  Guillotin?
Design flaw in the TXT technology by Anonymous Coward · 2009-01-06 10:26 · Score: 2, Funny

Apparently, loading a pdf into wordpad causes an overflow that allows arbitrary code to run as administrator.
1. Re:Design flaw in the TXT technology by Meski · 2009-01-06 17:30 · Score: 5, Funny
  
  Reminds me of when QA wanted a corrupt word file to test something. "Fine", I said, opened a word doc with hexeditor, made some random changes, saved it. Opened it with Word, instant BSOD. "A little less corrupt" said QA.
Wii Homebrew Channel by bluefoxlucid · 2009-01-06 10:29 · Score: 5, Funny

The Wii has perfect encryption and signing on hardware-assisting firmware and system software that can't be compromised. It uses a completely trusted execution stack to ensure only authorized applications run and to immediately detect and disable unauthorized third party software.

--
Support my political activism on Patreon.
1. Re:Wii Homebrew Channel by whoever57 · 2009-01-06 10:48 · Score: 4, Insightful
  
  The Wii has perfect encryption and signing on hardware-assisting firmware and system software that can't be compromised.
  Let me correct that for you:
  
  The Wii has perfect ^H^H^H^H^H^H an encryption and signing on hardware-assisting firmware and system software that can't be ^H^H^H^H^H^H hasn't been compromised.
  
  --
  The real "Libtards" are the Libertarians!
2. Re:Wii Homebrew Channel by nobodylocalhost · 2009-01-06 11:42 · Score: 2, Interesting
  
  On the same note, has anyone cracked the xbox 360 hardware security? The only thing i see so far is that XFPS device which uses a "man in the middle" attack to hijack the connection between a controller and the console itself.
  
  --
  Where is the "Ignorant" mod tag?
3. Re:Wii Homebrew Channel by Anonymous Coward · 2009-01-06 12:35 · Score: 3, Informative
  
  Yes. Google '360 timing attack'. All keys can be retrieved, at which point you can disable/bypass the encryption at any stage after the very first hardware-embedded loader signature checks.
4. Re:Wii Homebrew Channel by marcansoft · 2009-01-06 12:50 · Score: 4, Informative
  
  Someone's been living under a rock since December 2007.
  I'll just point you to the recent 25th Chaos Community Congress Console Hacking talk (slides, video) which neatly summarizes a year of hacking and how much of a horrible failure Nintendo's security has been.
  Spoiler: their signatures used to have 8-bit security. Literally.
  We've had lots of fun.
This can't be possible! by fuzzyfuzzyfungus · 2009-01-06 10:31 · Score: 4, Funny

Every single trade magazine and free objective TCO whitepaper for months has been full of pictures of PC desktops with combination locks photoshopped onto them, and fulsome praises of VPro! How could it possibly be vulnerable? I'm going to go cry in my corner office in the management suite now.
Quick! by MightyMartian · 2009-01-06 10:32 · Score: 3, Funny

Quick, somebody arrest these scoundrels! How dare they show flaws in technology! The next thing you know, fraudsters and pornographers will be taking advantage of this. THINK OF THE CHILDREN!!! THINK OF 9-11!!!

--
The world's burning. Moped Jesus spotted on I50. Details at 11.
Re:TXT execution technology by Bill,+Shooter+of+Bul · 2009-01-06 10:40 · Score: 4, Funny

Ed, Man! Ed!

--
Well.. maybe. Or Maybe not. But Definitely not sort of.
Thank you! by Just+Some+Guy · 2009-01-06 10:41 · Score: 4, Insightful

RMS calls this "treacherous computing", and I have to agree with him. This is a good development as it demonstrates quite nicely that DRM (which is probably the #1 use of VPro et al) in simply not possible. Thanks, ITL, for showing this as folly!

--
Dewey, what part of this looks like authorities should be involved?
1. Re:Thank you! by Anonymous Coward · 2009-01-06 11:09 · Score: 5, Interesting
  
  That is completely different that what DRM for multimedia is. For multimedia, they want you to be able to view the content without being able to copy them, which is fairly ridiculous.
  For TPM (or whatever the marketing acronym is now), they're just using hardware to ensure that only signed binaries are executed. There's valid reasons to want this as a user. For instance, sign the kernel. On first run, error out saying the app isn't signed and ask you to sign it yourself (or for things like linux distros, the binaries are signed by the distro or repo). Thus viral infections by modifying binaries & rootkits become much more difficult (e.g. theoretically a system that starts out non-compromised cannot become so by modifying existing programs and would need you to actively sign compromised apps before they start).
  Here's the overlap and the reason it's bad: from what I understand, the signing authority must be the TPM chip maker. Thus you're relying on potentially someone you don't trust to perform the signing, instead of being able to chose whome to trust. Very likely, it'll be used to strip the user of the capability to do what they want. For example, wanna play a DVD? Only friendly, region-obeying, DVD playing software is allowed. Wanna play music? Only software that honors DRM restrictions allowed.
2. Re:Thank you! by Deanalator · 2009-01-06 11:20 · Score: 3, Interesting
  
  Bullshit, not a single person working on TPM at Intel thinks it will ever work for DRM. I say this as someone who as talked with several of the security architects and TCG liaisons (in a non-professional setting).
  TPM does close to nothing to prevent local attacks. What it is meant for is to prevent remote attackers from digging too deep by providing a safe place to store keys.
  It is used to sign code. What Joanna did is what she always does, she found a fun way to get arbitrary code to execute when only signed code is supposed to be able to.
3. Re:Thank you! by IamTheRealMike · 2009-01-06 12:14 · Score: 4, Insightful
  
  Keyword, at Intel. TC is the work of a large committee, with many companies. If you read the specs the conflicting goals are obvious. Simple question - is the TPM meant to resist hardware attacks or not? Sometimes it is, sometimes it isn't. It's not very good at this currently, you could beat 1.1 TPMs with a piece of wire (literally), but Intel are moving them inside the south bridge, where hardware attacks will be much harder.
  In theory at least TC can be used to implement better DRM, because it makes it harder for people to debug the implementation. But there are still many unimplemented features needed to make this work, eg, trusted I/O, and no real roadmap to implement them. And even when done, it'll be years before the technology is widespread, and it's so complicated I'm sure Joanna and friends will be able to find many more problems with it.
  The real promise of TC is a way out of the malware quagmire. Being able to run a web browser and know - for sure - that it's not been compromised by a password sniffer or the like, well, that's a useful thing and that's what TXT lets you do (when complete). A remote voting app that can prove to the server that it's a real human casting the vote and not a bot? A very useful thing, perhaps even a necessary precondition for digital democracy. TC can make this happen. DRM? Well if you want a crappy inferior very complex form of DRM then sure, go ahead, but it'll be less secure and more expensive than the equivalent implemented in controlled hardware like the PS3, Xbox360, mobile phones etc ...
4. Re:Thank you! by Just+Some+Guy · 2009-01-06 12:27 · Score: 3, Insightful
  
  Bullshit, not a single person working on TPM at Intel thinks it will ever work for DRM.
  Funny, as it's the first listed possible application on Wikipedia. How could TPM possibly not be used for DRM? All the ingredients are there. From the same article:
  
  Sealed storage could prevent users from moving sealed files to the new computer. This limitation might exist either through poor software design or deliberate limitations placed by publishers of works. The migration section of the TPM specification requires that it be impossible to move certain kinds of files except to a computer with the identical make and model of security chip.
  
  Isn't that almost the very definition of DRM?
  
  --
  Dewey, what part of this looks like authorities should be involved?
5. Re:Thank you! by Anonymous Coward · 2009-01-06 12:43 · Score: 4, Insightful
  
  Excuse me... let me phrase that correctly: "Bullshit, not a single person working on TPM at Intel will admit that was designed for DRM."
  The entire reason for the project (started back in the late 90s) was DRM - or, as one Intel engineer at a talk I attended put it - "making a system secure against its owner". Only later they decided, after users started to realise just what TXT really means for them (total control by the likes of Microsoft), that they would smother the whole "for DRM" thing and flatly refuse to ever discuss it. Instead they always emphasise the "security" aspects instead. Only morons are fooled - hello there.
  Anyone who thinks that Intel is not about DRM is an idiot. Intel is *THE* DRM kingpin (HDCP etc etc).
6. Re:Thank you! by Alsee · 2009-01-06 13:16 · Score: 5, Insightful
  
  Orly?
  What a load of crap. At best you are merely naive.
  I am a programmer, and in particular I have studied the Trusted Platform Technical Specification documentation. All 332 pages of dense technicaleese. There is one particular page I would like to cite. In the TCPA Main TCG Architecture v1_1b.pdf on page 277 the documentation comes right out and announces the fact it is designed to be secure against "rogue Owners".
  You are either mistaken, or you're full of crap. The chip is in fact designed to lock the computer against the owner. Yes, locks that are designed to protect the computer against it's owner will also prevent outside attackers from doing things that the owner himself is forbidden to do. However that is incidental. A hostile Trusted Computing system trying to lock computers against their owners is fundamentally different than a system designed to secure computers for the owner.
  If you really do believe that this is solely intended for the benefit of the owner, perhaps you could answer some questions for me.
  Why the absolute refusal to implement the EFF's Owner Override proposal? It would give the owner full control of his own computer while still securing against remote attacks. You could even secure against local attackers (other than the owner) by placing adding some sort of Owner Authentication element to the Override system.
  Or how about my proposal? I merely want a printed copy of the master key to my own computer. I merely want the option to buy a computer that comes with a printed copy of my master key. (Technical note: I am referring to the PrivEK key, and having the option to export the RSK key encrypted to the PrivEK would be beneficial for ease and security reasons.) Go ahead, explain to why I am absolutely forbidden to know the master key to my own computer. Go ahead and explain why they absolutely refuse to PERMIT anyone to manufacture any compatible Trust Chip that permits the owner to know their own master key.
  And best of all, explain to me all of the documented systems and plans to REVOKE and (for all practical purposes) brick any chip if they ever detect that you have learned the master key locked inside you computer, if you ever learn the master key to control your own computer, if they ever detect that you have the power and control to override any DRM system based on the chip.
  And don't even try the line about how this revocation system is "not part of the chip itself". The chip was explicitly designed to secure the computer against the owner, the chip was explicitly designed to to support that revocation system, and the chip's technical documentation and design specification explicitly mention this revocation system.
  The design specs endlessly list all of the things that the owner MUST be forbidden to be able to do, all of the things the owner MUST be forbidden to know, the specification even has a section that mandates that any owner's data under "non-migable keys" MUST be effectively impossible to back up and MUST be irretrievably lost if the chip ever dies.
  And on and on and on. Yes, the chip was explicitly designed to consider the owner to be the enemy. The chip is explicitly designed to be secure against "attacks" by the owner. Yes, the current generation of chips are relatively vulnerable to physical attack - by the owner or by a hostile attacker. However it is fundamentally designed to lock against the owner, there is a supplemental specification on how to increase the physical security against the owner and how to certify hardware as possessing stronger anti-owner physical security, and there is mention in the CHIP speck itself and in supplemental specifications on how to revoke and lock-out any chip where an owner does manage to gain local override control over his own computer.
  Yes, there are some people working on Trusted Computing with the intent of securing your computer for you, of protecting you against remote attackers. However that does not change the fact tha
  
  --
  - - You can't take something off the Internet! That's like trying to take pee out of a swimming pool.
7. Re:Thank you! by hairyfeet · 2009-01-06 20:20 · Score: 2, Interesting
  
  Bingo! We have a winner! You would have to be nuts to use TPM when something as mundane as a mobo failure can cause all your data to go poof. But I have a more fundamental problem with it. If I buy a car you better hand me the damned keys, I buy a house, a lockbox, same thing. There ain't no way in hell I'm shelling out good money on a PC that has a lock that they won't give me the damned keys to.
  I avoid software that expects us to pay full price for a rental, and TPM is the same thing. Without the keys those that have the keys can flip the switch and my money just went to a doorstop. So I'll keep building my own desktops and buying laptops without any stupid locks that I don't have the keys for. The big OEMs can push that crap all they want, it just gives me a reason to avoid them. I am sure that as long as computers are built overseas there will be somebody willing to build one without a TPM chip to save a few bucks. And I'll be happy to buy from them. Voting with your wallet: its a good thing.
  
  --
  ACs don't waste your time replying, your posts are never seen by me.
8. Re:Thank you! by jhol13 · 2009-01-07 04:25 · Score: 2, Insightful
  
  Being able to run a web browser and know - for sure - that it's not been compromised by a password sniffer or the like, well, that's a useful thing and that's what TXT lets you do (when complete).
  No it won't. If the said browser behaves erroneously on a particularly crafted web page the web page creator might be able (depending on the error) to take full control of the machine, e.g. by injecting remotely controllable ("telnet") Javascript applet.
  For voting the TC cannot *prove* anything - again a simple overflow (either buffer or integer or ...) bug can make the bot look exactly like human to the TC. TC can "prove" provided there are no bugs. Which is lame.
Another repeat: the unlockable lock by Anonymous Coward · 2009-01-06 10:45 · Score: 5, Insightful

Never a lock has been created that can't be broken.
Any time you see "unbreakable", "unsinkable" or similar claims, call your bookie: they will. The question is when, not if.
1. Re:Another repeat: the unlockable lock by RiotingPacifist · 2009-01-06 11:13 · Score: 2, Funny
  
  Just use the analog hole, SACDs may be cracked eventually if somebody else starts using them though.
  
  --
  IranAir Flight 655 never forget!
2. Re:Another repeat: the unlockable lock by Chabo · 2009-01-06 11:23 · Score: 2, Interesting
  
  It's up to app designers to make the default bitrate more towards the "transparent" region.
  
  I've been trying to get my friends (the more technically-oriented ones, anyway) to rip to FLACs to keep on their primary machine, and to use my program (see my sig) to convert to decent-quality Oggs or MP3s for portable use.
  
  I convert to Oggs mainly because MP3s aren't designed for gapless playback, and they work with Rockbox. "-q 6" gives VBR at around 192kbps -- more than enough for a portable player going over a pair of earbuds, and I have the FLACs for when I'm sitting at home, with my good headphones.
  
  --
  Convert FLACs to a portable format with FlacSquisher
3. Re:Another repeat: the unlockable lock by Nethead · 2009-01-06 11:38 · Score: 2, Funny
  
  The one I keep in my truck.
  http://www.amazon.com/Bare-Tool-Cordless-Reciprocating-Contractors-Special/dp/B000VEUVZE
  
  --
  -- I have a private email server in my basement.
Bug in 'system software' by Daemonax · 2009-01-06 11:32 · Score: 2, Interesting

Is this 'system software', a driver for Windows, or is it a bug in the firmware and therefore compromises the security this provides regardless of OS? Also, if it's firmware, is it the type that's burnt into the hardware and can't be changed, or the type that's loaded by the OS? If the later, this seems to me like a good reason for companies like Intel to release the source code for firmware.
Invisible Things Labs is J. Rutkowska (Blue Pill) by paleshadows · 2009-01-06 11:48 · Score: 5, Informative
"Invisible Things Labs" means, more or less, Joanna Rutkowska, discussed in these related slashdot stories
Re:TXT execution technology by LostInTransportation · 2009-01-06 11:52 · Score: 2, Funny

Real programmers use butterflies.
Wrong Wrong Wrong by Glasswire · 2009-01-06 12:39 · Score: 4, Insightful

vPro is mostly about AMT OOB management which is secure and is in it's 5th generation. TXT is relatively new component which is implemented virtually nowhere yet and has virtually nothing to do with the AMT functionality that has been and is being implemented hundreds of sites. AMT management is 97% of what vPro really is and is what the industry system OEMs generally mean when they say vPro. TXT is a future technology waiting for ISV enablement whereas core AMT/vPro is real and here now. Saying that because TXT may be compromised AND suggesting that the primary, working part of vPro is insecure is outrageously misleading.
1. Re:Wrong Wrong Wrong by wildstoo · 2009-01-07 00:39 · Score: 2, Informative
  
  From Wikipedia:
  
  Intel Active Management Technology (AMT) is hardware-based technology for remotely managing and securing PCs out-of-band.
  Also from Wikipedia:
  
  Out-of-band is a technical term with different uses in communications and telecommunication. It refers to communications which occur outside of a previously established communications method or channel.
  In this case it means remotely changing system (BIOS) settings etc. while workstations/servers are 'powered down'. There's more to it than that, of course. Check the features list on that linked article.