Slashdot Mirror
Intentional Backdoor In Consumer Routers Found
New submitter janoc (699997) writes about a backdoor that was fixed (only not). "Eloi Vanderbeken from Synacktiv has identified an intentional backdoor in a module by Sercomm used by major router manufacturers (Cisco, Linksys, Netgear, etc.). The backdoor was ostensibly fixed — by obfuscating it and making it harder to access. The original report (PDF). And yeah, there is an exploit available ..."
Rather than actually closing the backdoor, they just altered it so that the service was not enabled until you knocked the portal with a specially crafted Ethernet packet. Quoting Ars Technica: "The nature of the change, which leverages the same code as was used in the old firmware to provide administrative access over the concealed port, suggests that the backdoor is an intentional feature of the firmware ... Because of the format of the packets—raw Ethernet packets, not Internet Protocol packets—they would need to be sent from within the local wireless LAN, or from the Internet service provider’s equipment. But they could be sent out from an ISP as a broadcast, essentially re-opening the backdoor on any customer’s router that had been patched."
Should be installing DD-WRT
...NSA?
Other guess, just someone at the manufacturer who wanted to do it that way. However, that does not stop NSA from discovering it in 2 seconds and exploiting it too.
Time Bomber the Book coming soon.
how is this not illegal? who has an advantage from this backdoor?
Oh, and you should really trust all the encryption protocols since Reagan.
(under breath ... suckers ...)
-- Tigger warning: This post may contain tiggers! --
...US tech firms blame Snowden for failing confidence in the safety of using US tech companies: The 'Snowden Effect' Is Crushing US Tech Firms In China
Pot, meet Kettle.
. . . the spooks used to have to break into your home to plant bugging devices.
Now, you bring the bugging devices home as consumer appliances, and install then them yourself for the spooks.
This saves them a lot of effort. Cost effective.
Schroedinger's Brexit: The UK is both in and out of the EU at the same time!
I say tomato..
Just load OpenWRT or some other open source firmware, problem solved.
What do you mean there isn't a port for your hardware? Why did you buy it in the first place? Throw it away (or donate it to someone who can do the port) and buy something that has been ported.
NEVER buy hardware without a open source port at least in progress.. You have been warned!
"File to fit, pound to insert, paint to match" - Aircraft Maintenance 101
Rather than actually closing the backdoor, they just altered it so that the service was not enabled until you knocked the portal with a specially crafted Ethernet packet.
Well, somebody paid good money for that backdoor. If Sercomm closed it, they'd have to issue a refund.
I'm not surprised that there is a backdoor ('Hey guys! Should we add a remote management feature that will automagically Just Work with ISPs 'setup disks' and/or remote troubleshooting systems even if the clueless user has forgotten their password, or would that be too scary?' is not a difficult question, especially given how many of these things are sold to ISPs in bulk and not to end users, especially the lousy combined router/modem devices), I am a trifle surprised that it's so slapped-together looking.
It's not exactly a secret that ISPs and providers of combination internet/TV/voice services tend to view customer-controlled equipment as something between a painful support headache and the blasphemous spawn of an unnatural coupling between internet piracy and absolute evil. Hence their enthusiasm for pushing their pet 'home gateway'/'set top box'/etc. with greater or lesser force, and the existence of standards like TR-069 ('CPE WAN Management Protocol') and organizations like the 'Home Gateway Initiative' that seek to standardize a nice, tame, appliance that can be used to sell services to consumers without confusing their little brains or letting them meddle.
That's what surprises me about seeing a comparatively dodgy-looking; but vendor/OEM provided, back door not only present but deliberately preserved even after being discovered, and sufficiently badly as to be rediscovered. There are remote management systems that, by design, are not under the control of the user, present for the convenience of the operator; but those are in the 'bydesign, wontfix' bucket. There are also malicious backdoors; but if this is one the party inserting it was far too arrogant for their own good. There are probably also legacy backdoors, used by some specific ISPs or the like; but those would presumably show up in their hardware, since Sercomm doesn't control enough of the market to assure that all customer-supplied devices will have the backdoor; but they do control enough that a single ISP's backdoor would be splashed all over the place.
Who is the expected user here, and what did they gain by trying to hold on to an existing backdoor so shoddily as to have it detected again?
In the pdf of his presentation he mentions that there are 24 router models confirmed vulnerable spanning Cisco, Linksys, NetGear, and Diamond. I have yet to spot the actual list of vulnerable routers, though.
He also elaborates on how a technically skilled person can figure out if any particular router is vulnerable.
The link to the list of vulnerabilities is found in the pdf. Here's a copy/pasted list of the ones known so far.
BEGIN COPIED TEXT:
Backdoor LISTENING ON THE INTERNET confirmed in :
Linksys WAG120N (@p_w999) ;) (issue 49)
Netgear DG834B V5.01.14 (@domainzero)
Netgear DGN2000 1.1.1, 1.1.11.0, 1.3.10.0, 1.3.11.0, 1.3.12.0 (issue 44)
Netgear WPNT834 (issue 79)
OpenWAG200 maybe a little bit TOO open
Backdoor confirmed in:
Cisco RVS4000 fwv 2.0.3.2 (issue 57)
Cisco WAP4410N (issue 11)
Cisco WRVS4400N
Cisco WRVS4400N (issue 36)
Diamond DSL642WLG / SerComm IP806Gx v2 TI (https://news.ycombinator.com/item?id=6998682)
LevelOne WBR3460B (http://www.securityfocus.com/archive/101/507219/30/0/threaded)
Linksys RVS4000 Firmware V1.3.3.5 (issue 55)
Linksys WAG120N (issue 58)
Linksys WAG160n v1 and v2 (@xxchinasaurxx @saltspork)
Linksys WAG200G
Linksys WAG320N (http://zaufanatrzeciastrona.pl/post/smieszna-tylna-furtka-w-ruterach-linksysa-i-prawdopodobnie-netgeara/)
Linksys WAG54G2 (@_xistence)
Linksys WAG54GS (@henkka7)
Linksys WRT350N v2 fw 2.00.19 (issue 39)
Linksys WRT300N fw 2.00.17 (issue 34)
Netgear DG834[â..., GB, N, PN, GT] version 5 (issue 19 & issue 25 & issue 62 & jd & Burn2 Dev)
Netgear DGN1000 (don't know if there is a difference with the others N150 ones... issue 27)
Netgear DGN1000[B] N150 (issue 3)
Netgear DGN2000B (issue 26)
Netgear DGN3500 (issue 13)
Netgear DGND3300 (issue 56)
Netgear DGND3300Bv2 fwv 2.1.00.53_1.00.53GR (issue 59)
Netgear DM111Pv2 (@eguaj)
Netgear JNR3210 (issue 37)
Backdoor may be present in:
all SerComm manufactured devices (https://news.ycombinator.com/item?id=6998258) :END COPIED TEXT
Linksys WAG160N (http://zaufanatrzeciastrona.pl/post/smieszna-tylna-furtka-w-ruterach-linksysa-i-prawdopodobnie-netgeara/)
Netgear DG934 probability: probability: 99.99% (http://codeinsecurity.wordpress.com/category/reverse-engineering/)
Netgear WG602, WGR614 (v3 doesn't work, maybe others...) (http://zaufanatrzeciastrona.pl/post/smieszna-tylna-furtka-w-ruterach-linksysa-i-prawdopodobnie-netgeara/)
Z
Yes, I cannot possibly fathom why anyone would dislike having a backdoor in their router unless they were pirating material from a well-known public tracker. Brilliant deduction.
Why the fuck would anybody mod this nonsense up? What is wrong with you people?
As linked in TFA: Have a link to a list of devices (Not necessarily complete).
Wouldn't it be a simple "Fix" to set up port forwarding to redirect traffic directed to port 32768 to a "dead" address. Then the port would already be allocated, and when the "Knock" arrives, the port is already in use, and data goes nowhere.
I predict we will see more of that. Congratulations to the finder! Maybe we should start to offer "public safety" bounties to people that find these acts of sabotage.
Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
No, it just means that if you have one of these devices, then you are fucked.
Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
This the good old, petty, "why are you so anal on privacy ? Do you have something to hide ?"
Or you just have kids to feed and your boss told you to implement that feature. [ps: /., I know I already posted the exact same comment, in the wrong thread above. I am merely trying to fix a mistake, but you obviously forgot to think about that case when you implemented the "duplicate post" feature...]
What about the CPUs themselves ?
Backdoors in software, while scary, can be worked around by using software you trust or write yourself.
But what about backdoors in CPUs which only trigger, for example, as a result of a specific data sequence ?
The problem with the obvious kind of hardware backdoor in the CPU is that it needs to interact with an unknown and otherwise complex operating system. And that is extremely difficult to do without associated exploit software running on the same system.
The real problematic standalone hardware 'backdoors' would be things like predictable patterns from a hardware random number generator, secret ways to override memory protection, a way to expose the private/secret keys in crypto hardware, etc.
Those more subtle 'backdoors' could then be further exploited by user land code for nefarious purposes. User land code that would have otherwise posed no danger to the system or the user.
That being said, if a 'hole' like that is discovered, it may be able to be partially worked around by trying to detect the use of the trigger patterns required to activate it, or by modifying the driver/system code that rely on those features.
The Chinese want their access too, and look what they did with the US solar industry (by hacking and swiping masks, then making panels cheaper than rare earth cost to shutter companies via predatory trade practices.)
The NSA, I'm not worried about. They don't want me out of a job. China, definitely.
If I were to venture a guess, things like turning off and on LEDs remotely sound like something that one would want to do when manufacturing as part of a functional tester. That doesn't mean that the way they are doing it is good, but I bet it is so that they can just plug in a router and connect up to their functional tester to test the system to ensure things are working correctly, such as the LEDs. Seems like if they want a feature like this to support manufacturing that it should be something that is only accessible on one *internal* (non-ISP facing) Ethernet port and only within a certain amount of time since bootup.
The 2wire/pace (3600,3800,etc) all have TCP port 3479 open to the internet.This is what you are forced to use if you have AT&T U-verse. There is no way to block it and AT&T says its for "updates and trouble shooting".
http://forums.att.com/t5/forum...
I wonder what great backdoors are in these gateways?
I have to return some videotapes...
What Snowden was turn a suspicion into knowledge. That is a big deal. (Hal Berghel pointed this out first).
Worrying about Chinese intelligence being involved because the product is from Taiwan is like worrying that North Korea is spying on you through Samsung products, or Mossad has added miniature tracking devices to gasoline imported from the Middle East.
So, you login to your router via http instead of https?
I don't care how hard are you are to find, someone will find you.
It is crap like this, and the abysmally unreliable hardware most consumer routers seem to be based on, that has convinced me not to buy consumer routers any more. Been using an old PC (running a copy of Ubuntu Server booted from a CF card) as my router for several years now.
Yeah, I know the power consumption of an old PC sucks compared to a consumer router. But after going through 3 routers in something like 5 years I was sick of dealing with that crap. The PC-based router is way more stable and reliable.
And yet, this is made in China, by chinese ownership, without other companies knowing about it.
Are you really claiming that Chinese gov. is helping NSA spy?
Not bloody likely.
I prefer the "u" in honour as it seems to be missing these days.
And for the Chinese gov. who almost certainly knew about it.
I prefer the "u" in honour as it seems to be missing these days.
Right now, most of all the western electronics come from China. As such, it makes it trivial for the CHinese gov. to do whatever they like.
It is long past time for these western companies to bring back production.
At the same time, they need to OSS the firmware so that others will feel comfortable with buying these, knowing that they can get true secured systems.
I prefer the "u" in honour as it seems to be missing these days.
No one said Intel's RdRand was compromised, just that it can't be trusted.
No different than VIA's PadLock or AMD's RNG.
For enterprises, such a vulnerability could be catastrophic and would require immediate remediation regardless of budget considerations. Or more accurately, many enterprises would be forced to choose between preserving their network security and preserving their operating capital. The cost to commerce for this could be devastating if this exploit is not confined to consumer-grade equipment.
TFA only mentions consumer grade routers. Please let that be the extent of this . . .
That's why Taiwan is run by ROC - Republic of China.
Not to be confused with PRC - Peoples Republic of China.
South Korea is run by people and North Korea is run by a muppet with a bad haircut.
Then your boss should go to jail unless he would care to kick it up the chain of command.
Why does everything need to be free? Providers need to eat and pay staff too.
DynDNS is $40/2y. Yearly, that's less than the cost of a movie and popcorn. For the type of person that uses the service, that doesn't seem like a major financial burden.
Re "Is there any evidence that anyone has been stupid enough to implement such hardware back doors in general purpose CPUs ?"
Think of more all the helper ports/chips/"cards" around the cpu and thier way back to stored data/keystorkes on an average consumer motherboard.
Wireless, networking are all part of a deeper complex hardware/software mix that an average OS may not be watching in real time.
Also recall different next gen wake for remote network even if turned off (vs unplugged with no power).
A lot of consumer products could have ways in. If not the NSA (Tailored Access Operations) just holds your next hardware upgrade shipment for a few hours and its all set.
The good thing is after Snowden more people are thinking, looking and asking real questions for the first time in a generation.
Domestic spying is now "Benign Information Gathering"
If not, I am sure you can find an under employed lawyer to sue somebody for something... maybe even if it is NOT in the EULA.
This issue is a bit more complicated than you think.
So, you login to your router via http instead of https?
DD-WRT uses matrixssl to provide SSL/TLS when using HTTPS, not OpenSSL. As such it is not vulnerable.
If you presume that a backdoor like this is intentional, and is there for some nefarious purpose like the NSA or something, they can just move it to the chips themselves. The code that runs on on the CPU is only one small part of what goes on in there. It would be very easy to have code baked in to a chip with a backdoor that couldn't be removed or altered by the OS, because it is lower level.
So don't assume an OSS firmware gets you out of trouble.
I disagree. RDRAND is compromised in architecture and design. The implementation may or may not be compromised, but that is pretty irrelevant. VIAs padlock is a completely different story, don't spout BS when you do not understand what the issue with RDRAND is. I don't know what AMD is using though.
Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
Yeah, because ISP's all use Cisco/Linksys and Netgear products much??? Most of the ones ATT used for years were all 2-Wire POS's. The cable company uses Motorola or a couple other types, most of which are all modem/routers-in-one. But from the sound of it the brands affected are the type you would buy off-the-shelf yourself for your own use, not leased from an ISP.
Regardless, a firewall is just that. Whether leased from an ISP, or purchased from a box-store, or custom ordered through a business account with Cisco or Juniper, one would expect a firewall to be a firewall without back doors, and if back doors are present, it is at best "false advertising" and trending toward equipment sabotage. If this really wasn't a "NSA conspiracy" type of back door, and was put in to "help the tech guys in india" out as you are inferring, then one would expect there to be a big admission of this so call 'feature' included with the product itself, or they're opening themselves up for a lot of law suits.
And the result is: One person goes to jail and everyone is vulnerable. It seems like a bad trade-off.
nosig today
Actually, the result is one or more people go to jail, a bunch of managers realize they came within a hair of going to jail, and the company faces a large liability which triples if they don't promptly fix the hole for real. Those responsible for the fix know it will be looked over with a fine tooth comb and that they could go to jail if they don't actually close the hole.
Sadly, the typical happening is that some lower level guy gets thrown under the bus and they ignore the hole.
I don't see Apple in that list. However, that doesn't mean it's certainly not impacted. Does anyone have any guess about this?
Make sure everyone's vote counts: Verified Voting
"How Does Heartbleed Alter the 'Open Source Is Safer' Discussion?"
My ISP gave me a new gateway about two years ago. Its made by ZyXEL. The literature for this unit states "Remote provision and management through TR-069", and even my friend lists it like this. "It defines an application layer protocol for remote management of end-user devices. As a bidirectional SOAP/HTTP-based protocol, it provides the communication between customer-premises equipment (CPE) and Auto Configuration Servers (ACS)". So they can poke into the unit any time they like, get a log listing of the last 200 places (via IP address) you visited, and change any setting at any time. This guy makes it sound like its something clandestine they are adding, but it reality, its something they are putting in as a matter of public policy.
because when the knock arrives, the first who is in charge is hardware, afterwards firmware, and than goes user setup
I'm not spouting anything, you are.
No one but you has said there is anything fundamentally wrong with it.
Here's a description, the architecture is in section 3. Point out the flaws, oh mighty one.
https://software.intel.com/en-...
Actually, the firewall business will be spun off into a subsidary with all assets and liabilities, and then the subsidary files for Chapter 11 and subsequently for Chapter 7. And no hole is fixed because there is no business case.
Then it's their choice to add a service to the router and state in the contract that I must not disable it.
Or do you consider it normal that your landlord should retain a key to the apartment you rent so he can come in at leisure to check out that everything's in order? Of course just to aid you.
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
Tell me, what motivating factors could grandma have for wanting to update the firmware in her router?
I hate printers.
a second router... My ISP provides the cable modem/router and I hang my own router/wi-fi hub off that...
Donald 'Duck' Dunn: We had a band powerful enough to turn goat piss into gasoline.
The problem with the obvious kind of hardware backdoor in the CPU is that it needs to interact with an unknown and otherwise complex operating system. And that is extremely difficult to do without associated exploit software running on the same system.
For most modern CPUs, the interaction between the world outside the ceramic chip casing and the REAL hardware CPU is handled by CPU code, better known as microcode. The most glaring example of this is the x86 based CPUs that haven't actually run x86 code in a decade. What code that is pulled in from RAM and executed on the CPU is translated on the fly by the CPU hardware into CPU microcode that actually runs on the hardware itself.
The x86 chips for instance, haven't been of an actual CISC hardware design in a decade, under the hood is essentially a RISC style core with a translator in front of it.
Don't think for a second it would be hard to deal with different OSes in the CPU core ... its what they do by design. x86 is a glaring example of this, but its not the only one architecture that does so.
Persistent Volume manager for Kubernetes - https://github.com/dwimsey/openshift-pvmanager
The NSA, I'm not worried about. They don't want me out of a job. China, definitely.
The if world was comprised only of people like you, we would all still be slaves under the pharaoh absolute authority.
I'm not sure routers are sold as firewalls. We call them that out of utilitt and some routers have firewalls built into them. But i think it is us not them.
That's why I love my rooms pointing towards the west, it makes getting up with the first ray of sunlight so much easier.
Or, just so you understand, just because YOU didn't hear about it doesn't mean it didn't exist and others (like, say ME) didn't know about it. The difference is, with closed source, an NDA can efficiently keep me from telling you earlier.
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
Where did the parent advocate having the government monitor code check-ins or ensure software quality? All he advocated was having criminal penalties for insecure software, which actually sounds like a good idea to me, provided people are able to pass the blame to their bosses and thus avoid all liability (if you fear for your job because your boss ordered you to do something insecure, then your boss should go to jail, not you. If your boss was just passing orders from his boss, his boss should go to jail, not him.).
If it truly bothers me, I can buy a compatible cable or DSL modem
I bought my own cable modem after TWC increased the monthly charge for the modem lease and I realized that if I bought my own it would pay for itself in only a year.
The configuration page for the modem has two buttons. One resets the modem. The other disables a DHCP feature which is only in effect when the modem isn't connected to the cable company's network, as the only reason for the feature is to allow you to view the modem's status pages. (Normally the device behind the modem gets its address via DHCP, and so without a cable connection, you wouldn't get an address and so you'd be unable to access the status pages.) There's literally nothing else the modem does that is under my control. I can't even update the firmware -- any firmware updates have to come over the cable network.
Apparently this is what the DOCSIS standards require. I may own the device, but the cable company determines how it operates, since they own the network.
The only good side of this is that it really doesn't matter as long as your modem isn't also your firewall. Even if your ISP couldn't spy on you by hacking your modem, they could still spy on you from the next hop towards the internet which is also under their control. It only becomes interesting if they can hack a device with access to your LAN, which is the case if your modem is also your router, which is a strong argument for why it shouldn't be.
The really shocking thing about this story is that the backdoor was (and still is) so unprotected. You expect that your ISP can snoop on your internet traffic, but when anyone anywhere on the internet can, that's a serious vulnerability. From the sound of it, the fix apparently closes the backdoor only until it is explicitly opened by the ISP, at which point it is once again available to anyone anywhere on the internet. How can people be this incompetent?
You are either ignorant or a liar. (Maybe a paid-for liar?). Just read this: https://plus.google.com/+Theod...
That is a few more people than "nobody". The flaw is that the whole design does not allow verification that it is non-compromised. The claim that including its bits in JTAG would be a security risk is completely bogus, as an attacker with access to the JTAG pins can do whatever they like already. With those bits in JTAG, it would be relatively easy to verify the analog-side is actually analog and is actually what feeds the whitener. That possibility was intentionally sabotaged, and the _only_ good reason for that is that they want to be able to compromise the CPRNG in select batches and make detection of that very hard. And no, there is no software access to those JTAG pins and yes, the hardware to query the internal CPRNG state and analog bit stream must be in place to test the CPU. That means they are switching this access explicitly off after they have verified the hardware works. So not only is this a compromised architecture and design, it is also more effort than doing it right. IT does not get more obvious than this.
Your link, BTW, is worthless. It does not go into the needed level of detail. The contrast with what you get for the VIA C3 generator (e.g.), is quite telling: http://www.cryptography.com/pu.... And VIA has a non-compromised design as they do not desperately try to hide what the analog random source spits out.
Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
Your priorities are 100% backwards. Let me walk you through why this is so dangerous.
- The NSA works at for the executive branch
- Therefore one must assume, from statements made and logic, that intelligence gathered are passed on to their bosses.
- Politicians have only 2 priorities in life: To be (re-)elected, and power. All your other piddling concerns are insignificant compared to those.
- Therefore, the most interesting thing to a politician is anyone who stands in their way from their re-election or in gaining more power.
- If left to their own devices, politicians would use the NSA on political opponents and people who stand in their way (like Joe Nacchio former CEO of Qwest). The fact they are doing these shady things would of course be classified because of "national security".
- These people become targets, their pasts are combed through, their reputations and/or lives destroyed.
- In place of the people that were destroyed, the politician will allow a yes-man to operate that are obedient to them.
Wake up! Your freedom is at stake! It damn well DOES affect you! We all whine about how our representatives suck - now we know why!
If you want to live in such a monarchy, at least have the decency to vote on it, rather than sticking your head in the sand and pretending not to see it.
Go look at a consumer-grade router box.
The back will mention their security features including the firewall.
Where did the parent advocate having the government monitor code check-ins or ensure software quality? All he advocated was having criminal penalties for insecure software, which actually sounds like a good idea to me, provided people are able to pass the blame to their bosses and thus avoid all liability (if you fear for your job because your boss ordered you to do something insecure, then your boss should go to jail, not you. If your boss was just passing orders from his boss, his boss should go to jail, not him.).
Both bosses should go to jail. Depending on the situation it's called collusion and/or conspiracy.
The next time a kiddie-porn person gets arrested for having illegal images, I imagine all he'll have to say is that somebody used this back door to use his wi-fi router to download the bad files, despite his encryption.
Get-out-of-jail-free card.
I'm not clear what point you were trying to make here, but; Your landlord will always retain a key to your apartment. If it's a large enough building, the maintenance crew will have keys as well.
where is sue? sue is idle.
No, it's not (unless you can prove they really were conspiring). Low-level managers aren't much different from engineers; they just parrot the orders from middle and upper management, and provide day-to-day guidance. They don't make strategic decisions. They frequently don't even get paid any more; they just hope to advance to middle management (or higher) where they eventually will get paid more. They're not responsible for making criminal decisions; they're just doing their jobs and hoping not to get terminated in this shitty economy.
The managers at or near the top are the ones who make decisions like this, or like the GM ignition-switch fiasco. They're the ones who need to go to prison. They get paid the most, and they make all the decisions, so they need to suffer when their deicisions result in loss of life or are otherwise grossly negligent.
which is... not trusting the implementation, not the architecture.
The complete opposite of what you said.
What information is available on a test port has nothing to do with the architecture.
Even if it was accessible via JTAG, what would stop them switching the random source when the JTAG port isn't in use?
Microcode is still patchable if a problem is found, which puts it in the same boat as the BIOS / OS kernel / etc, which albeit difficult to inspect, can still be inspected and loaded back to a known state.
Whereas a hardware backdoor cannot be inspected by standard means, and may be more insidious such as a 'leaky' crypto engine. It's possible that a direct hardware exploit requires a microcode 'helper', but that is only one protection level removed from requiring a machine code helper.
Microcode is simply a lower level machine code than the x86 machine code generated by the assemblers/compilers.
Stop spreading FUD. The architecture is designed to hide a compromised implementation, that makes it a compromised architecture, regardless of whether the implementation is actually secure or not. I never said anything about me not "trusting" the architecture either. I know it has been compromised, there is no need to "trust" or "distrust" anything. The question of "trust" does not apply.
You also do not understand JTAG or why it is important for them to have a minimal change they can make to compromise the implementation.
But I have run in people like you before. If you were a regular slashdotter, I would by now have insulted you enough for you to not be willing to talk to me anymore. Instead you are intent on keeping the conversation going. That behavior is however consistent with somebody working from a PsyOps manual. Keeping the conversation going is essential to be able to shape it.
Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
I'm kinda glad I am NOT living in your country. Laws here specifically state that he must not.
I still change the lock as one of the first actions when I move into a new apartment.
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
I do understand JTAG.
It would be trivial to set a flipflop to switch the compromised random bit stream to the real implementation when ever a command is send through the JTAG port and reset it on power-up.
Its flattering you think I'm a psyop operative. Truth is I'm just bored at work and you respond like a zealot. It's amusing.
Ah, well, pattern matching in human communications is not really reliable. My apologies then.
The thing with your flip-flop idea is that it could work, but it requires extra hardware that could be found. As it is, they probably just need to laser-cut a single interconnect, preferably not even in in the top layer and preferably just silicon, not metal, to compromise the thing. That would be really hard to find. If they implement your idea, there would be said extra flip-flop, its reset logic and connection to the JTAG logic, etc. But you are making my point: Why are they claiming JTAG is a security issue, if it is not and they could hide a compromised generator even with it? The only explanation I find is that they want an absolutely minimal change to compromise the CPRNG and that compromising the JTAG hardware in the way you describe is already above what they are willing to accept in visibility/exposure. Also note that the compromised JTAG logic would be in the design (and hence many people would see it and all CPUs would have it), while what they likely can do now is not.
Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
That was a pretty huge leap to make? Care to toss on a kenyan muslim socialist reference for good measure?
You do realise that your opinion is outdated?
The new right fascists are bilingual. They speak English and Bullshit.
I'm kinda glad I am NOT living in your country. Laws here specifically state that he must not.
I still change the lock as one of the first actions when I move into a new apartment.
Don't know where "your country" is, but in the US I used to manage an apartment building. Lease stated if you change the lock the management gets a key. No key = breach of lease and grounds for eviction, specifically stated in lease. Also except for emergencies management must provide minimum 48 hours notice to enter apartment. No 48 hours = no entry, specifically stated in lease as well. It cuts both ways in my state. We changed locks as a matter of course after a move out.
"If stupid things work...then they are not stupid."
I'm not clear what point you were trying to make here, but;
Your landlord will always retain a key to your apartment. If it's a large enough
building, the maintenance crew will have keys as well.
By doing so they assume a liability and a large one at that.
In many situations they MUST give fair notice and only enter
announced or in a physical emergency... gas leak, water leak....
Most apartments have enacted astounding checks and
visit protocols (witness and supervisor). Not to mention
lock boxes for keys.
Changing a lock is interesting because previous tenants may
have been careless or be nefarious. A number of rape and
assault cases has put serious writing on the wall as well.
An internal dead bolt and darn fine chain lock makes a lot of
sense.
Truth is stranger than fiction, but it is because Fiction is obliged to stick to possibilities; Truth isn't. Mark Twain.