Slashdot Mirror
EFF Warns Most Of Intel's Chipsets Contain 'A Security Hazard' (eff.org)
The EFF is issuing a warning about the "tiny homunculus computer" in most of Intel's chipsets -- the largely-undocumented "Management Engine" which houses more than just the AMT module. An anonymous reader quotes their report:
While AMT can be disabled, there is presently no way to disable or limit the Management Engine in general. Intel urgently needs to provide one....vulnerabilities in any of the other modules could be as bad, if not worse, for security. Some of the other modules include hardware-based authentication code and a system for location tracking and remote wiping of laptops for anti-theft purposes... It should be up to hardware owners to decide if this code will be installed in their computers or not. Perhaps most alarmingly, there is also reportedly a DRM module that is actively working against the user's interests, and should never be installed in a Management Engine by default...
While Intel may put a lot of effort into hunting for security bugs, vulnerabilities will inevitably exist, and having them lurking in a highly privileged, low-level component with no OS visibility or reliable logging is a nightmare for defensive cybersecurity. The design choice of putting a secretive, unmodifiable management chip in every computer was terrible, and leaving their customers exposed to these risks without an opt-out is an act of extreme irresponsibility... EFF believes that Intel needs to provide a minimum level of transparency and user control of the Management Engines inside our computers, in order to prevent this cybersecurity disaster from recurring. Unless that happens, we are concerned that it may not be appropriate to use Intel CPUs in many kinds of critical infrastructure systems.
TLDR: "We have reason to fear that the undocumented master controller inside our Intel chips could continue to be a source of serious vulnerabilities in personal computers, servers, and critical cybersecurity and physical infrastructure."
While Intel may put a lot of effort into hunting for security bugs, vulnerabilities will inevitably exist, and having them lurking in a highly privileged, low-level component with no OS visibility or reliable logging is a nightmare for defensive cybersecurity. The design choice of putting a secretive, unmodifiable management chip in every computer was terrible, and leaving their customers exposed to these risks without an opt-out is an act of extreme irresponsibility... EFF believes that Intel needs to provide a minimum level of transparency and user control of the Management Engines inside our computers, in order to prevent this cybersecurity disaster from recurring. Unless that happens, we are concerned that it may not be appropriate to use Intel CPUs in many kinds of critical infrastructure systems.
TLDR: "We have reason to fear that the undocumented master controller inside our Intel chips could continue to be a source of serious vulnerabilities in personal computers, servers, and critical cybersecurity and physical infrastructure."
I've read about security issues with Intel chips. Makes me think I should go with AMD. But then I wonder, since AMD has a smaller market share, maybe they just aren't scrutinized as much.
Does anybody really know how 'safe' AMD chips are'? This is not a rhetorical question, and I'm not advocating or editorializing, just wondering.
In theory, theory and practice are the same; in practice they're different. (Yogi Berra & A. Einstein)
this black box has been around for years. probably a CIA backdoor with a gag order preventing them from documenting.
It's a purposefully built backdoor for the authorities that you should not try to use as a mortal. Only NSA and GCHQ should know about it. Now get in this black truck with us, we got a couple of questions to ask you.
Nobody wanted to believe it was bad or real. The few who agreed it existed and was probably an issue immediately countered with "well, they all have backdoors I'm sure..." -but is that true? Do AMD x86 chips have backdoor subsystems on par with Intel ME? Complete with compartmentalized always-on internet subsystem, access to everything even when the OS is offline and the machine is "off"? If we're going to say this is serious enough to avoid Intel chipsets can we be reasonably assured that the major alternative isn't also as bad in that regard? It seems like a good thing to clear up off the bat.
If all major chipsets do contain backdoors then it's pick your poison. If not, why the heck isn't this more widely known?
According to the article:
So, which computers have "Remote Configuration" with OEM Setup? These are the computers that are vulernable the moment you take them out of the box and plug them in.
For example, are Lenovo ThinkCentres vulnerable out-of-the-box? I recently read a report of an indivual complaining that his ThinkCentre M58P is affected by this vulnerability:
http://openbsd-archive.7691.n7.nabble.com/How-are-people-dealing-with-the-Intel-AMT-BIOS-vulnerability-backdoor-td318400.html
".. presently no way to disable or limit the Management Engine in general.
Now this is the feature that screams of interference by a spy agency. If this feature was for Management, then YOU COULD MANAGE IT!
It would be turned off by default. You could turn it off. You could permanently disable it. I have been asking for these capabilities for years. I know I am not the only one. When I talk to other security folks and IT admins, the majority of them want to be able to manage and control the possibility of remote management.
See, I think this is the fundamental misapprehension, these days. :)
Don't just stand there, get that other dog!
This just reiterates the reason EOMA68 came about and why ThinkPenguin has funded its development for years. EOMA68 aims to reduce the cost of designing and manufacturing devices that are in the users control by modularizing critical components (CPU/RAM/etc). By taking these core components and putting them onto a card it reduces the cost of designing and manufacturing systems. By basing designs on open modular standards the user and community can retain control. And by basing on open modular standards anyone can design systems and devices around chipsets and SoCs we the community are in complete control of as we will have the complete corresponding source code for everything. So far there is a laptop and desktop design around EOMA68 and the first EOMA68 card is an AllWinner A20 dual-core with 2GB of ram, but there is a 4GB card with a Rockchip quad-core CPU in the works... and obviously much faster cards will follow.
If you don't want a backdoor in your processor, you'll need to use an ancient processor.
But fortuitiously, for the 95% of us who aren't ardent gamers, aren't bitcoin miners, and aren't wrangling huge data bases, ancient processors should be more than adequate. A 386SX16 might be a bit lightweight for playing cat videos. But a 15 year old VIA C5 will do a surprising amount of the things people actually want to do about as well as more modern CPUs.
You can't see ANYTHING from a car, You've got to get out of the goddamned contraption and walk...Edward Abbey
Time to fire up my Raspberry Pi.
Not a bad idea. I'd use mine, except I seem to have mislaid it. It's not very big you know. Maybe I'll epoxy the next one to a rock or something.
You can't see ANYTHING from a car, You've got to get out of the goddamned contraption and walk...Edward Abbey
A remote--triggered anti-theft system automatically precludes a complete factory-reset, at least while it is on.
After all, what good would a remote-trigger anti-theft system do if a theif could just "reset" a stolen laptop before selling it?
In a perfect world, enabling anti-theft would "lock out" a factory-reset and disabling the anti-theft would require a key of some sort.
The key here - pun intended - is that the user needs to be able to factory-reset an "unlocked" device and know with confidence - perhaps because a dedicated/single-purpose LED lights up at the end of a successful reset - that the device reset successfully.
Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
If this vulnerability shut down all the hospitals in the UK, you'd see some action maybe. Without a crisis, you just have some snooty security gurus gnashing their teeth, which they do all the time, right?
This is a big problem -- getting chip / system / OS designers to spend time and money to debug systems beyond what end users ignorantly are willing to pay for.
Fiat Lux.
Mount it to the wall with a couple sheetrock screws.
Namely the vPro and selected Xeon chips that were marketed to business users at extra cost. You had to pay extra to get these features on the chip, so most chips sold to individual consumers didn't come with them.
Recently I've got the feeling that most of my computers' CPUs are woefully underpowered all the sudden, thanks to H.265/HEVC videos.
"When information is power, privacy is freedom" - Jah-Wren Ryel
Luck is the best defence? Wtf are you smoking?
My TRON program should take of the Master Control Program, and shut that right down.
If telephones are outlawed, then only outlaws will have telephones.
outdated, now it's:
yum install nsa-backdoor gchq-backdoor
Get with the times, neckbeard!
"First they came for the slanderers and i said nothing."
If its a feature, why you can't disable or see how it works?
outdated, now it's:
yum install nsa-backdoor gchq-backdoor
Get with the times, neckbeard!
+1 Unintentionally Funny, given that yum has been deprecated in favor of dnf in newer distros.
Shit, I better trim my beard now that I made that simple mistake!
"First they came for the slanderers and i said nothing."
If you don't want a backdoor in your processor, you'll need to use an ancient processor.
But fortuitiously, for the 95% of us who aren't ardent gamers, aren't bitcoin miners, and aren't wrangling huge data bases, ancient processors should be more than adequate. A 386SX16 might be a bit lightweight for playing cat videos. But a 15 year old VIA C5 will do a surprising amount of the things people actually want to do about as well as more modern CPUs.
What are you smoking? A 15 year old VIA C5 would barely run java with decent performance. Load any web page today and there are over 25 java scripts being run in the background. The only thing that saved java was the increase in CPU power. Core 2 CPUs from 2006/2007 (about 10 years ago) would be the bare minimum.
AMD has a similar feature.
On AMD, it's called IPMI.
The difference is that IPMI is a vendor neutral industry standard (and could be found on chipset of any vendor),
whereas Intel's ME is their own "NIH-Syndrom" spin of the same concept.
The difference is that IPMI is considered a "special feature", and can only be found on specific server/workstation chipsets.
The AMD 990FX doesn't feature this micro server.
You need to order specific workstation motherboard from manufacturer such as SuperMicro.
(You know, the manufacturer with such a filmsy UEFI implementation, that the FlashROM can randomly commit suicide when you simply add a boot option).
Or from manufacturer of servers (HP, etc.)
the FSF warned about these backdoors in both Intel and AMD CPUs a while ago. I think the said the last processor made without this "backdoor" was an AMD processor made in 2011.
Huh.... no. Wrong.
For the record : both Intel's ME and industry standard IPMI live inside the motherboard chipset, not inside the CPU.
(i.e.: they live where they have access to all the critical component to function : network card, embed GPU's framebuffer, etc.).
On AMD's side, IPMI is *still* only featured on server chipset. Again, there's no IPMI in gamer-oriented chipsets such as 990FX. /.ers : the tower under their desk in their basement geek-cave is safe. It's the server at work at their day-jobs.
So for most AMD-powered
On Intel's side ME is much more widely spread even on normal desktop chipset (the idea is to make the life of sys admins in enterprises easier).
Tehcnically it's not much a "backdoor" (i.e.: something hidden) as it is a "maintenance entrance" (i.e.: makes the life of the sysadmin easier so he can remotely VNC and diagnostic a server that won't boot, flash computer's firmware UEFI/BIOS, etc.)
The problem is that the quality of this small server is horrendously bad. To the point that any motivated script kiddy can pwn all the workstations and servers across the whole enterprises network easily, simply by downloading some ready to use package.
(Luckily, most of the ME and IPMI implementation only listen to the secondary network port, and thus should be only visible on the private administration network. The bad news is that pro laptops also have ME and that can be enabled on the *WIFI* network)
So to keep with the above metaphore, ME and IPMI are a "maintenance access" door, which actually isn't even locked, but whose whole security boils down to a small sticky note say "please, sysadmins only".
Life would have been much more easy if the ME / IPMI firmware running on the embed system was open-sourced....
"Sufficiently advanced satire is indistinguishable from reality." - [Tips: 1DrYakQDKCQ6y52z6QbnkxHXAocMZJE61o ]
IPMI and TrustZone are 2 entirely different concepts.
IPMI is a separate full blown soc that run a micro server offereing a web interface for admins and a java-based VNC
(AMD's equivalent of intel'sME/AMT)
TrustZone is about having a separate core that handle a couple of security tasks that, by purpose, need to be shielded from CPU activity.
namely handling private keys
(it's cousin of Intel's Trusted Platform).
IPMI is the scary one, because it has full access to tons of critical component (network, framebuffer, firmware settings, etc.) even it the main CPU is shut down (it's a full blown independent server inside a dedicaded SoC on the motherboard, usually inside the chipset)
TrustZone basically only handles key signing/encryption/etc. so isn't that much critical.
Same goes for Intel's ME vs Trusted-whatever-its-called now.
"Sufficiently advanced satire is indistinguishable from reality." - [Tips: 1DrYakQDKCQ6y52z6QbnkxHXAocMZJE61o ]
thanks to H.265/HEVC videos.
Problems are patents.
There exist *several separate* patent pools, and a few extern patent holder.
So paying the IP rights for H265/HEVC is nightmarish patent minefield.
So most manufacturer end up NOT enabling hardware H265/HEVC.
Thus you end up with VLC doing the work on your CPU.
Luckily things are very likely to get better soon with AOMedia's AV-1
(similar to other opensource efforts as OPUS, Vorbis, etc. it's designed to be patent-free)
(and its has all the big names behind it - including Google and Netflix, i.e.: most of the content watched only - but also hardware manufacturer, etc.)
"Sufficiently advanced satire is indistinguishable from reality." - [Tips: 1DrYakQDKCQ6y52z6QbnkxHXAocMZJE61o ]
If we're talking about open libre hardware, then the BeagleBone Black would be a better option.
IPMI is usually only available on chipset targeting the server/workstation market.
- Firstly IPMI is still just as separate on Intel server boards and forms an alternative.
- Secondly IPMI style functionality is a small subset of what Intel's IME does.
- Thirdly AMD's equivalent is the PSP, which just like IME is in every Intel chip, PSP is in every AMD chip.
- Fourthly the Trust Zone functionality in AMD's PSP seems to go even a step ahead
of Intel's IME based on marketing materials in terms of being not in the interests of the user. But I'm inclined to believe that this has more to do with Intel's lack of marketing rather than lack of functionality.
So no in summary voting AMD with your wallet is just dumping one abusive partner for another.
But a 15 year old VIA C5 will do a surprising amount of the things people actually want to do about as well as more modern CPUs.
You're absolutely delusional or completely ignorant of just what it is that people actually want to do and the power required to do it. What people want to do is watch videos, read dynamic websites, edit word documents within their browsers. What the Via C3-800 was capable of would be an exercise in frustration just loading an operating system compatible with a modern browser that would meet the requirements of people (i.e. run a modern web browser).
It would also be capable of it if you tricked out the entire system to its maximum, but even then the 2GB max RAM on supported motherboards would lead to nothing other than a fist being put through the computer screen.
A 4 year old smartphone, not even a top of the line smart phone is far more powerful than the processor you're talking about, running an OS that is generally light weight and yet what people "want to do" still pisses them off.
Secondly IPMI style functionality is a small subset of what Intel's IME does.
It's still a small separate SoC, which runs its own small operating system, webserver and java-based VNC solution (which already implies TONS of access),
and is connected and listening to the network constantly, even when the main CPU is completely shut down (or even unable to boot) (which was the entire purpose of this kind of system).
In practice the code quality of the system running on this chip is still so awefull that, it's still vera pwnable.
- Thirdly AMD's equivalent is the PSP, which just like IME is in every Intel chip, PSP is in every AMD chip.
- Fourthly the Trust Zone functionality in AMD's PSP seems to go even a step ahead
From what I've understood, all these various "Security Processor" mainly deal with storing private key in a secluded part of the system.
They're mainly handling cryptography-related questions.
They don't have a networking stack (and could not be listening on the network even if the CPU is unpowered, they *are* part of the CPU).
Except libreboot's rant about them, I haven't seen yet any concrete proof that they can - by themselves - handle anything more nefarious than "store private key inside, perform signature and encryption/decryption if provided with the correct PIN".
In marketing material, they seems to be attached to wild possibility (remote wiping stolen computers), but there's evidence that these kind of functionality require coordination between multiple component, and the security processor's role boils down "contains the crypto key to the data saved on the mass storage device". They actual communication of the remote command require kludges in the UEFI / IntelAMT / IPMI.
Even TFA specifically speaks about the security hazard contained in *the chipsets* (not the CPU).
But I haven't been *actively* investigating these capabilites.
so maybe recently, Intel and AMD have discretely been moving extra functionality into their secure processors
(network access, full memory r/w access, always-on even when the main CPU is turned off, etc.)
"Sufficiently advanced satire is indistinguishable from reality." - [Tips: 1DrYakQDKCQ6y52z6QbnkxHXAocMZJE61o ]
Ah good news, it would be no help as another technological footnote like Vorbis & Theora.
regarding Vorbis : back in the days it did see some success. By virtue of being BSD-like licensed (i.e.: a permissive license) it was used to compress audio in several game engines (e.g.: at ID starting from Quake3 and up). Also Spotify apparently used it on their app, at least for some time.
regarding Theora : Google used it on Youtube as a possible alternative, so still some use.
But yes, both pale in comparison with OPUS (the offspring of Xiph and Skype collaboration) which incredibly widespread (again permissive license AND best quality in A/B/X tests AND patent free), seems like any modern communication application uses it : it's used for WhatsApp, Skype (well obviously), etc. but also even in some un expected places (Digital Radio Mondial - the digital success of AM Radio, same relationship as DAB+ to FM Radio - supports OPUS. It's not in the official specs, but the major software suite all have ways to use it).
And again the number of AOMedia members is impressive, so it's clearly going to be a success.
The things which changed in the recent time :
- Patent real-word problems: Frauenhofer was some pain back in the MP3 era (hence some in the wild usage of Vorbis). During the MPEG4 AVC / H 264 era, a nice single central patent pool made the things not that much difficult. Theora was a nice concept or patent-free-ness, but in practice there wasn't much difficulties in obtaining the necessary license. Nowaday H265 / HEVC is pure madness. To the point that several hardware manufacturer have backpedalled and we currently see a *decrease* of device manufactured with H265 support enabled. There is definitely room for a patent-free / freely licensed codec.
- Quality : Vorbis was a provably better than MP3 back then (hence tiny better success in the wild). But Thoera was just a repurposed old codec from On2 (VP3) that just got opensourced, not much more arguments going for it.
Compare the situation nowadays with OPUS which completely blasts everything in ABX tests except for the ultra-low-bandwith ( 4 kbits) which are beyond its scope anyway.
Currently AV-1 is the offspring of the Daala efforts of Xiph (and there's some really interesting idea going in: perceptual vector quantization, chroma-from-luma, lapped transforms, rANS entropy coding, etc.), Google's VP10 (now we are several generations down) and Cisco's thor.
Even at the current state of development, it's already showing promises.
So yeah, big thing are in the making.
"Sufficiently advanced satire is indistinguishable from reality." - [Tips: 1DrYakQDKCQ6y52z6QbnkxHXAocMZJE61o ]
This thoroughly evil Intel backdoor is also a problem for low latency - every so often, the response latency just gets blown to hell and there is nothing that can be done about it, except switch to a different chip. It is high time Intel came clean about it. Just pure evil, nothing less. Can't say anything good about this, or about the idiot PHBs that came up with it.
When all you have is a hammer, every problem starts to look like a thumb.
This is an interesting product but it uses ARM, that is not completely open. Yeah they supposedly dont have a management engine of any sort yet but it's still not "open" like they claim.
.... Java and javascript are completely unrelated things. What the fuck is with all these people who don't know shit getting modded informative on slashdot lately? Are we fucking reddit now?
Yes, there is a difference between Java and Javascript. Javascript processed on the server side is fine, as the client has to do very little. However, javascript being processed on the client side has just as bad a processing overhead as java. A lot of web pages now have forms, apps, etc. that are based on javascript that would load very poorly on a pentium based system. You can argue that its due to bad or poor web programming practices, but it is a reality.