Slashdot Mirror
Researchers Discover and Abuse New Undocumented Feature in Intel Chipsets (zdnet.com)
At the Black Hat Asia 2019 security conference, security researchers from Positive Technologies disclosed the existence of a previously unknown and undocumented feature in Intel chipsets. From a report: Called Intel Visualization of Internal Signals Architecture (Intel VISA), Positive Technologies researchers Maxim Goryachy and Mark Ermolov said this is a new utility included in modern Intel chipsets to help with testing and debugging on manufacturing lines. VISA is included with Platform Controller Hub (PCH) chipsets part of modern Intel CPUs and works like a full-fledged logic signal analyzer. According to the two researchers, VISA intercepts electronic signals sent from internal buses and peripherals (display, keyboard, and webcam) to the PCH -- and later the main CPU. Unauthorized access to the VISA feature would allow a threat actor to intercept data from the computer memory and create spyware that works at the lowest possible level. But despite its extremely intrusive nature, very little is known about this new technology.
"I'm just spitballing here, but I've read that a lot of computers have rootkits on them. What if we baked a root kit right into the hardware so everyone could have one without having to go through the trouble of installing one?"
This exploit requires physical access.
If black-hats have physical access to your computer, you are already in deep doo-doo.
This is fantastic for DIY and debugging.
"No, one rootkit is no good. Make sure we bake in a few of different types in case something goes wrong with one. Redundancy is the key to reliability."
No really, I am. Who woulda thunk it.
It's getting to the point where Intel CPUs having another vulnerability is about as newsworthy as Trump tweeting something stupid: it happens far too often and no one wants to think about it.
Since these features are meant for use on the assembly line you can't just remove them.
But you can design them to be permanently disabled as one of the last steps before the chip leaves the manufacturing plant.
Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
Called Intel Visualization of Internal Signals Architecture (Intel VISA), Positive Technologies researchers Maxim Goryachy and Mark Ermolov said this is a new utility included in modern Intel chipsets to help with testing and debugging on manufacturing lines.
How is that "undocumented" other than Intel only provides the docs to paying developers?
That is it, I am done. Now where is my 286 ?
Not even Intel knows all the backdoors in their shitty chips. SAD.
Um, did you forget to take your meds today? Blink if you need help, okay?
Really.
http://nymag.com/intelligencer/2018/12/mueller-sentencing-memos-michael-cohen-trump-2020-prison.html
Close, but not quite. This is a feature someone designing and manufacturing a motherboard would use. Once that's done THEN one would disable it, much like test points and other debug features are disabled.
Only if this feature brought out signals otherwise hidden. Otherwise competitors already have logic analyzers and more importantly other equipment that can look deeper.
so, 286 is still better
Running qemu-arch, definitely. However I am not sure if qemu properly emulates all features of processors earlier than the 486. I don't think it even includes 386 compatibility anymore (if it ever really had it.)
Having said that, a lot of systems can be emulated on arm processors. The ones that run with reduced performance are mostly arches with larger register files than ARM, which is mostly legacy processor architectures at this point.
"Very little is known about this new technology."
Actually, this is not new technology, and absolutely everything is known about it, and it is very well-documented.
...NSA here, please ignore that little feature, nothing to see here!
https://media.giphy.com/media/...
https://tenor.com/view/fizzer1...
Higuita
Maybe Intel VISA is a newly coined phrase, but there have been access to the PCH has been around for along time. In my experience (at Intel, on dev teams) This is used firstly for debug at development time and then at manufacturing time for passing certain test. Both used to have a physical device to do this, so just doing it remotely wouldn't work. Also, all features were available at dev time for obvious reasons. By manufacturing time, it should be mostly locked down and before it goes out the door, totally locked.
What I'm afraid of is security has become lax enough to allow remote access to this. Like a lazy engineer/architect (ever had one of those?) didn't want to walk his butt into the secure lab so they just put some back door in with telling anyone. Or worse after by off from the development team.
Also, yes these are undocumented because they are never meant for outside use (Intel, OEMs, etc) Just debug and optimization. No one else would really want access, but nefarious peeps would.
This could be a big issue if there really is something here. I'm hoping Intel didn't get lazy, but who knows.
Enough with all the dumbass stuff from Intel, Microsoft and Apple.
My next laptop will be a freakin' Raspberry Pi 3 running a non-systemD Linux distro of some sort.
The Pentium Pro was just the first processor with a microcode update facility that could be updated dynamically outside of a factory setting. I've heard that either some or all of the original Pentiums may have been capable of this as well, but it was either undocumented for security reasons or required access to CPU facilities that motherboard hardware of the era didn't support outside of development systems.
The CPU microcode has been very concerning for me, since a large portion of it since the 1990s has been developed in Israel. Given the Israeli intelligence apparatus is both more intelligent and more ruthless than its American counterpart, I assume they have full access to the signing keys and microcode documentation, even if no one else does. During the Pentium Pro era there were only 4 guys within the state of California with access to the microcode documentation and signing facilities and the documentation folders for that hardware was an instant fire offense if it left the designated development area, even just one room over. So Intel, at least in the past, took the security of the Microcode VERY seriously, but at the same time has had almost 28 years for key developer assets to be compromised, bribed, or voluntarily leak documentation on the microcode architecture and firmware to interested parties. Since it is signed it gives hostile 3rd parties quite an advantage, since malware combined with the correct microcode updates can do things that would be impossible to reproduce on an uncompromised platform without a copy of the microcode update used.
Intel ME on the other hand looks more and more like Clipper 2.0/Palladium rather than a real remote management/user benefit security platform. In addition, since Skylake the entire platform is developed in Israel which should concern you just from the lack of scrutiny on the blackbox firmware it uses and who may have access to the both the signing key and source code for developing their own modules for infiltration and exfiltration from believed secure systems. The best and only defense you can have is an IDS mirroring all traffic to and from Intel hardware watching for that unusual traffic pattern that is a 1 in a billion chance of discovering the attack. In reality, with amazon s3, microsoft azure, etc the exfiltration of data without discovery would be almost impossible to discover without a very narrow whitelist of outgoing connections for the systems in question. If anyone has gone to this level of investigation and had a reason for those systems to be targetted and compromised, they have kept quiet about the attack and their ability and knowledge to discover it. We as consumers or businesses without a dedicated intrusion prevention/forensics team have no chance at all of catching such an attack.
Intel put the features in, failed to document them, failed to disable them and KNOWS researchers will be looking for them.
The only abuse is Intel not taking responsibility for its incompetence.
"We should build a wall around these processors to keep the undocumented features from accessing the rest of the system" -POTUS
I'd say THAT counts as a blink
Seriously and no joke at all, please please please seek some professional help.
Yet Rachel Maddow the freak lost viewers: ~20% & climbing. So much for "Russian Collusion" bullshit the TWISTO cannonfodder "SA/Brownshirt" EXPENDABLES spewed, lol!
* "DOWN, scumbag - DOWN!" because you do ALL you've ever KNOWN how to do - LOSE, loser!
YOU LOST HERE TOO & so BADLY vs. FACT I noted that YOU HAD TO TRY "downmod hide" this very same post last 3x TIMES I posted it, lol https://it.slashdot.org/commen... & https://it.slashdot.org/commen... & https://it.slashdot.org/commen...
KEEP IT UP - please: I'll just RUN YOU DRY of your LIMITED (like you) 'downmodpoints', inevitably - lol!
APK
P.S.=> You TRAITOR fucks are going to get what you dished out in return VERY SOON (mark my words) - retaliation of a likes you have NO CLUE albeit w/ one LARGE difference - it will be FACTUAL real information (Hillary Uranium One w/ Mueller for example, lol) - you're REALLY "going down", soon (& the entire PLANET's already LAUGHING @ "your kind" w/ your JEW Media masters too)... apk
Another JEW down? To be expected. Our president however?? Different story https://www.washingtonpost.com...
* On COHEN? His kind is TAUGHT to LIE from their own "talmud":
Szaaloth-Utszabot, The Book of Jore Dia 17: "A Jew should and must make a false oath when the Goyim asks if our books contain anything against them."
&
Schabouth Hag. 6d: "Jews may swear falsely by use of subterfuge wording."
APK
P.S.=> It's what they do & WHAT GOT THEM TOSSED INTO FURNACES &/or Zyklon B showers + BANNED nation to nation thru time:
Argentines in the 1940 under Peron, Spanish inquistion, France (1306), Egypt (despoiled/robbed by jews), Arabs (pre & post 1948), England (1330 Edward longshanks), Romans under titus, Russia pogroms and Germany who got rid of them from their nations!
FACT - I welcome ANYONE to validly disprove it (from NON-JEW sources because all they DO is lie): UPDATE & FACT YOU COULDN'T & TRIED "downmod hiding" a FAIR CHALLENGE put to you lol https://it.slashdot.org/commen... ... apk
You project your meds addictions addict & as usual trying to stop ME w/ your abused downmods FAILS https://it.slashdot.org/commen...
* ACCEPT IT - it truly IS all "your kind" has ever done &/or knows how to do - lose.
APK
P.S.=> https://www.infowars.com/rache... lol - you're LOSING (even losing those you DUPED which is such GOOD news)... apk
See subject & PROVE it: I work for myself for 12 yrs. now in a successful business of my own.I don't have to be a "wageslave" anymore (spent from 16-46 escaping it - you obviously haven't & NEVER WILL in your BURGERKING job, lol).
Yes - It'll be funnier than hell seeing you "flail" since trolls like you live under bridges w/ junkies, no home of your own (since you SHOT IT UP YOUR ARM, lol) let alone FULLY PAID OFF as I do!
I tossed another roughly 35k into my home since 2010 to IMPROVE it!
DO YOU EVEN HAVE A HOME OF YOUR OWN LOSER? Prove it - prove me wrong (that it's also fully paid off too).
My Car's in those GTA type games so it must be a NICE SPORTSCAR & soon to be CLASSIC in PERFECT CONDITION only 37k miles in 13++ yrs. I've owned it, Mobil 1 15k mile synthetic the WHOLE way (changed every 5k miles or so)!
Perfect motor/body/tranny - you name it). As to its brakes? That's about right & I do the work, MYSELF (I'm not "helpless henry" STUPID paying shops to do an EASY brakejob like you either).
APK
P.S.=> Additionally - PROVE you've done BETTER work than I have which DOZENS of REGISTERED /.ers like/use'/praise as I have that keeps folks safer/faster online (along w/ 200++k users worldwide) - prove it (lol - I KNOW you'll "Run, Forrest: RUN!!!" & WHY? Hell - you're JEALOUS "Lil' Jowie" the DO-NOTHING "ne'er-do-well" PSYCHO that STALKS me ALL DAY LONG on /. like the LOON LOSER you are proving yourself to be constantly)... apk
Who else remembers the Clipper chip saga from the first light of eternal September?
Bruce Schneier's Applied Cryptography (1994) had just come out, and it was a glorious rip in the kimono of the grotesquely secretive surveillance state. (At one point, in the institution's formative adolescence, even the NSA's name was hard to find out.)
In those glorious, turbulent years of eternal onset we—the open source greybeards of minimal middle—managed to score some surprising victories over the rather clumsy NSA, clearly dazed by those first insistent rays of sunshine, now stumbling around in the public sphere like John Oliver fresh out of bed, blinded by paparazzi flashbulbs en route to his underwear drawer.
I enjoyed this comedic spectacle while it was happening to the power of ten.
Meanwhile, another part of my brain was going "they'll be baaack". If you catch Rommel with his pants down at 06:00, enjoy it while you can; by 0:900 you'll wish you hadn't. Clearly the hard-boiled eggheads of this imperious and paranoid institution weren't going to consume their crumpets of crow quavering cadaverously. Now there's so much crepuscular silicon—how shall we best phrase this?—of mixed utility that you need avail yourself of the extended edition of Hogwart's Almanac merely to decode the confounding acronyms.
Clinton's Clipper comeuppance was the most glorious greybeard insurgency I've ever witnessed, but with a teeny, tiny fly embedded in the silver lining: we basically started a land war in Asia we could not ultimately win. Not even a historic Snowden dump changed matters much at the end of the day. With the persistence of the North Vietnamese (augmented by Mexican mechanization) minions of the NSA have cunningly scrabbled subsoil, stealth supply lines all the way to Moscow's front door.
This story is a somewhat different offensive than Operation Typhoon. They don't want to conquer Moscow, they want to become Moscow, under cover of ubiquitous onion domes, now tinier than anyone had once imagined, shrouded in RF-transparent Mandelbrot onion skin: you are in a maze of twisty little passages, all alike.
All said and done—and duly intercepted—the moral of starting a land war in Asia remains mostly the same.
Why do you always run from APK asking you fair questions giving you a chance to prove him wrong on you https://it.slashdot.org/commen... as you stalk him by unidentifiable anon posts?
Not a 'rootkit'. Sheesh, I'm naturally paranoid, and I'm the one saying this. See: https://it.slashdot.org/commen...
Chinese are such amateurs.
See subject pusscake: Answer my question here w/ proof https://it.slashdot.org/commen... of what I asked you show you have (a good job, a home + vehicle fully paid off etc.) big talker!
* What's the matter? CAT GOT YOUR TONGUE/SPEECHLESS ARE YOU?? Yes, lol!
(Afraid to show everyone you're a WASTE of LIFE everyone NOW KNOWS you are? Yes).
APK
P.S.=> You're a pitiful little FRUITCAKE hiding behind a FAKE NAME online, RoTfLmAo & you have the NERVE to feed me your offtopic crap, JEALOUS "Lil' Jowie" you DO-NOTHING lazy uneducated unskilled loser? LOL, please... apk
Huawei is looking to ditch Intel chips in favor of its own chips. I wonder if this is why Washington is so trying to keep Huawei out of new telecom ( they want to ensure Intel IS in new telecom ). It might also explain why the Europeans can't find evidence of Huawei spying. Washington just doesn't want to lose access to Merkel's ( and everyone else's ) phone.
You live and learn, or you don't learn much.
You're a bore, faggot troll.