Discussion in 'Frontpage news' started by Hilbert Hagedoorn, Mar 6, 2020.
What about user using the thumb on his main OS after he wiped the thumb (thinking he is safe)?
thats a threadripper
yea?...where's CrazY_Milojko been hiding? he's crazy cool
I didn't really make it clear when I said this before, but what I meant to say is the firmware likely already depends on binaries stored on the flash memory in order to do something harmful. So if you format the drive, the firmware might still try to execute the binary even though it no longer exists. It might even still log data, but the firmware isn't likely to be complex enough to carry out enough instructions to (for example) encrypt your data and hold it for ransom, or transmit it elsewhere. There are some limitations with the firmware:
1. If you tamper with it too much, it might not be recognized as a generic mass storage device. Normal drivers for it might fail. Unsigned drivers on USB storage is something to be wary of.
2. Firmware is normally stored on something like an EEPROM. Those can get very physically large and expensive every time you double their size. I wouldn't be surprised if the firmware for most flash drives is only 0.5MB. You're unlikely to fit any useful malware on something that small (which is probably why the most common flash drive malware is spoofing the drive's capacity).
3. If the firmware is programmed to send data to another source, it is going to have to depend on the OS to do all the heavy lifting since obviously it doesn't have its own network connection. This can get very complicated to program at such a low level since the filesystem of the drive can affect the legibility of the files, the OS itself needs to understand the instructions sent to it, the security of the OS has to not be alarmed by the instructions, and in some cases, the type of network interface could be yet another obstacle. That sure is a hell of a lot of trouble.
4. If the firmware is programmed to encrypt your data and hold it hostage, that could be done entirely on the drive itself, but it will need a lot of compute power that you probably can't fit in a modern USB chassis. If the onboard CPU is too slow where the user pulls out the flash drive before the data is done being encrypted, it will become corrupt. The goal of ransomware is to make money by giving people their data back. It's not a successful business model if there's no data to return.
Please also take the time, if you already are so interested in vulnerabilities, to make an article about the newly discovered Zen vulnerability related to its L1 cache: https://www.tomshardware.com/news/new-amd-side-channel-attacks-discovered-impacts-zen-architecture
People need to understand that these continous stream of vulnerability news is not all about Intel. Amd also has vulnerabilities, but researchers are way less interested in amd hardware and also amd hw is newer.
Yeah,but aaa... "This is just the normal current trend of maybe 1 low risk AMD vulnerability of every 3 high risk Intel vulnerabilities or so.
That's because Intel was removing and breaking security elements to get higher IPCs."
And ..."However, as spotted by Hardware Unboxed, the paper also says that "Additional funding was provided by generous gifts from Intel.
Any opinions, findings, and conclusions or recommendations expressed in this paper are those of the authors and do not necessarily reflect the views of the funding parties."
Gifts from Intel everywhere (and Nvidia ofc) [insert meme here]
This sounds like a Rubber Ducky.
I really expected to see a post in the Frontpage News section about this by now, since I read that article this morning. It's not as big a vulnerability as some of those affecting Intel, but should still be reported. The forums over there are quite entertaining though. The bias from some posters is quite obvious. Especially the one that seems to think this is the most severe vulnerability ever found....contrary to what the researchers themselves are saying.
Security vulnerabilities exist in every piece of hardware and software, in some form. It's impossible to create something so complex, without some sort of vulnerability existing. We, as users, are the biggest security vulnerability and provide the largest possible attack vector. Even if someone was able to create the most secure hardware and software possible, vulnerabilities would still exist in the form of the end user. That said, as time goes by, I expect more vulnerabilities will be found in both AMD and Intel processors. I even expect more vulnerabilities to be found in processors based on ARM's architectures.
Though I tend to question research funded by corporate competitors, we are talking about a college here and not an "independent security research firm". This is very different from when CTS Labs tried to tank AMD's stock price. I would be more concerned about the funding from governments than Intel, but I guess you missed that part of the disclosure.
NVidia has had security vulnerabilities found in their GPU drivers again. They allow remote execution, again. No thread in the news here about that either....but NVidia should have that patched soon anyway.
Somebody wants a bug for AMD in this mess of Intel bugs?
Here ya go: https://mlq.me/download/takeaway.pdf
You're welcome ...
Nobody wants bugs at all....but there's no reason to ignore one that's been published, regardless of how insignificant it is.
Yeah, funding by Intel, that's true. But to be frank, first, they uncovered Intel issues and vulnerabilities. So I guess, when in doubt, spend some trust on them to reveal issues of both companies, not just Intel (which they did months before this), and now AMD. Also, they are giving away their expertise to warn about such issues ahead of time, not to manipulate current stocks, as AMD, mentioned in the paper, was told about it, just like Intel was informed about their CPU issues ahead of time.
^ Yeah its not a drama to have funds from anyone who help your research and findings.
(Tom's Hw became intel or nv lapdogs.)
Is there any way to recover encrypted data?
Are you asking in the hypothetical situation where your data is encrypted for ransom? Because the simple answer is yes: you need the decryption key (and the software that encrypted it in the first place). The easiest solution is to pay the ransomware and hope the scammer doesn't just take your money and run. The not-so-easy solution is to brute-force hack the encryption key. Depending how it was encrypted, this might not even be worth the effort. Modern keys are not meant to be hacked so easily.
Whether your data gets corrupt, deleted, infected by a virus, or held for ransom, the best way to recover anything is always regular backups. It's not something people like to hear, but think of it like preventative maintenance.