New Intel Vulnerability found, Converged Security and Management Engine exploitable

Discussion in 'Frontpage news' started by Hilbert Hagedoorn, Mar 6, 2020.

  1. mbk1969

    mbk1969 Ancient Guru

    Messages:
    10,034
    Likes Received:
    7,027
    GPU:
    GF RTX 2070 Super
    What about user using the thumb on his main OS after he wiped the thumb (thinking he is safe)?
     
  2. Astyanax

    Astyanax Ancient Guru

    Messages:
    8,344
    Likes Received:
    2,789
    GPU:
    GTX 1080ti
    thats a threadripper
     
    Alessio1989, mbk1969 and airbud7 like this.
  3. airbud7

    airbud7 Ancient Guru

    Messages:
    7,835
    Likes Received:
    4,742
    GPU:
    pny gtx 1060 xlr8
    hahaha!...good one!
     
  4. airbud7

    airbud7 Ancient Guru

    Messages:
    7,835
    Likes Received:
    4,742
    GPU:
    pny gtx 1060 xlr8
    yea?...where's CrazY_Milojko been hiding? he's crazy cool
     

  5. sykozis

    sykozis Ancient Guru

    Messages:
    21,782
    Likes Received:
    1,046
    GPU:
    MSI RX5700
    Not surprised.....
     
  6. schmidtbag

    schmidtbag Ancient Guru

    Messages:
    5,482
    Likes Received:
    2,024
    GPU:
    HIS R9 290
    I didn't really make it clear when I said this before, but what I meant to say is the firmware likely already depends on binaries stored on the flash memory in order to do something harmful. So if you format the drive, the firmware might still try to execute the binary even though it no longer exists. It might even still log data, but the firmware isn't likely to be complex enough to carry out enough instructions to (for example) encrypt your data and hold it for ransom, or transmit it elsewhere. There are some limitations with the firmware:
    1. If you tamper with it too much, it might not be recognized as a generic mass storage device. Normal drivers for it might fail. Unsigned drivers on USB storage is something to be wary of.
    2. Firmware is normally stored on something like an EEPROM. Those can get very physically large and expensive every time you double their size. I wouldn't be surprised if the firmware for most flash drives is only 0.5MB. You're unlikely to fit any useful malware on something that small (which is probably why the most common flash drive malware is spoofing the drive's capacity).
    3. If the firmware is programmed to send data to another source, it is going to have to depend on the OS to do all the heavy lifting since obviously it doesn't have its own network connection. This can get very complicated to program at such a low level since the filesystem of the drive can affect the legibility of the files, the OS itself needs to understand the instructions sent to it, the security of the OS has to not be alarmed by the instructions, and in some cases, the type of network interface could be yet another obstacle. That sure is a hell of a lot of trouble.
    4. If the firmware is programmed to encrypt your data and hold it hostage, that could be done entirely on the drive itself, but it will need a lot of compute power that you probably can't fit in a modern USB chassis. If the onboard CPU is too slow where the user pulls out the flash drive before the data is done being encrypted, it will become corrupt. The goal of ransomware is to make money by giving people their data back. It's not a successful business model if there's no data to return.
     
  7. yeeeman

    yeeeman Member

    Messages:
    28
    Likes Received:
    11
    GPU:
    9600GT 512mb
  8. Turanis

    Turanis Ancient Guru

    Messages:
    1,691
    Likes Received:
    391
    GPU:
    Gigabyte RX500
    Yeah,but aaa... "This is just the normal current trend of maybe 1 low risk AMD vulnerability of every 3 high risk Intel vulnerabilities or so.
    That's because Intel was removing and breaking security elements to get higher IPCs."

    And ..."However, as spotted by Hardware Unboxed, the paper also says that "Additional funding was provided by generous gifts from Intel.
    Any opinions, findings, and conclusions or recommendations expressed in this paper are those of the authors and do not necessarily reflect the views of the funding parties."
    Gifts from Intel everywhere (and Nvidia ofc) [insert meme here]
     
    carnivore likes this.
  9. anticupidon

    anticupidon Ancient Guru

    Messages:
    5,284
    Likes Received:
    1,769
    GPU:
    Polaris/Vega/Navi
    This sounds like a Rubber Ducky.
     
  10. sykozis

    sykozis Ancient Guru

    Messages:
    21,782
    Likes Received:
    1,046
    GPU:
    MSI RX5700
    I really expected to see a post in the Frontpage News section about this by now, since I read that article this morning. It's not as big a vulnerability as some of those affecting Intel, but should still be reported. The forums over there are quite entertaining though. The bias from some posters is quite obvious. Especially the one that seems to think this is the most severe vulnerability ever found....contrary to what the researchers themselves are saying.

    Security vulnerabilities exist in every piece of hardware and software, in some form. It's impossible to create something so complex, without some sort of vulnerability existing. We, as users, are the biggest security vulnerability and provide the largest possible attack vector. Even if someone was able to create the most secure hardware and software possible, vulnerabilities would still exist in the form of the end user. That said, as time goes by, I expect more vulnerabilities will be found in both AMD and Intel processors. I even expect more vulnerabilities to be found in processors based on ARM's architectures.

    Though I tend to question research funded by corporate competitors, we are talking about a college here and not an "independent security research firm". This is very different from when CTS Labs tried to tank AMD's stock price. I would be more concerned about the funding from governments than Intel, but I guess you missed that part of the disclosure.

    NVidia has had security vulnerabilities found in their GPU drivers again. They allow remote execution, again. No thread in the news here about that either....but NVidia should have that patched soon anyway.
     
    Turanis likes this.

  11. 386SX

    386SX Maha Guru

    Messages:
    1,004
    Likes Received:
    1,007
    GPU:
    AMD Vega64 RedDevil
    mbk1969 likes this.
  12. sykozis

    sykozis Ancient Guru

    Messages:
    21,782
    Likes Received:
    1,046
    GPU:
    MSI RX5700
    Nobody wants bugs at all....but there's no reason to ignore one that's been published, regardless of how insignificant it is.
     
    fantaskarsef and 386SX like this.
  13. fantaskarsef

    fantaskarsef Ancient Guru

    Messages:
    11,869
    Likes Received:
    3,888
    GPU:
    2080Ti @h2o

    Yeah, funding by Intel, that's true. But to be frank, first, they uncovered Intel issues and vulnerabilities. So I guess, when in doubt, spend some trust on them to reveal issues of both companies, not just Intel (which they did months before this), and now AMD. Also, they are giving away their expertise to warn about such issues ahead of time, not to manipulate current stocks, as AMD, mentioned in the paper, was told about it, just like Intel was informed about their CPU issues ahead of time.
     
    Turanis likes this.
  14. Turanis

    Turanis Ancient Guru

    Messages:
    1,691
    Likes Received:
    391
    GPU:
    Gigabyte RX500
    ^ Yeah its not a drama to have funds from anyone who help your research and findings.
    (Tom's Hw became intel or nv lapdogs.)
     
    fantaskarsef likes this.
  15. vivs

    vivs New Member

    Messages:
    1
    Likes Received:
    0
    GPU:
    Inel HD Graphics
    Is there any way to recover encrypted data?
     

  16. schmidtbag

    schmidtbag Ancient Guru

    Messages:
    5,482
    Likes Received:
    2,024
    GPU:
    HIS R9 290
    Are you asking in the hypothetical situation where your data is encrypted for ransom? Because the simple answer is yes: you need the decryption key (and the software that encrypted it in the first place). The easiest solution is to pay the ransomware and hope the scammer doesn't just take your money and run. The not-so-easy solution is to brute-force hack the encryption key. Depending how it was encrypted, this might not even be worth the effort. Modern keys are not meant to be hacked so easily.

    Whether your data gets corrupt, deleted, infected by a virus, or held for ransom, the best way to recover anything is always regular backups. It's not something people like to hear, but think of it like preventative maintenance.
     
    HandR and sykozis like this.

Share This Page