Unveiled yesterday, the Microsoft Pluton security processor is the result of a joint effort that has managed to bring together the Redmond giant and three major silicon partners, namely AMD, Intel, and Qualcomm. This chip-to-cloud technology will soon bring more security advancements to Windows PCs.
https://www.notebookcheck.net/Microsoft-intros-the-Pluton-security-chip.504716.0.html
Intel helped with the 'security chip'? They have so many backdoors in their processors that even Apple dumped them.
Quote from: Henry Johannson on November 18, 2020, 15:37:36
Intel helped with the 'security chip'? They have so many backdoors in their processors that even Apple dumped them.
Apple learned from Intel mistakes and made even bigger backdoors and security/privacy threat ;D
Those new backdoors actually made me wait for fix or at least m2 generation next year.
Two concerns immediately come to mind here, in addition to what's already been mentioned regarding Intel's inability to make a chip that doesn't resemble Swiss cheese: being connected to the cloud seems like yet another way for these companies to track people and collect data, similar to what Apple was just caught doing, only in a way that would be extremely difficult to prevent, and the thought of MS doing regular updates to the CPU, when they can't even seem to go a month without causing major issues with one of their OS updates, not to mention all the many issues that have existed for months/years that aren't fixed, really concerns me. It's bad enough I have to deal with their crappy OS, I'd rather not have them screwing with the hardware, too. I'm really not sure what to think with this, it simultaneously seems like a really good and really bad idea, and unfortunately experience has shown that usually in cases like that, the bad tends to outweigh the good.
I believe most of the issues Intel had were related to multi-threading. That's irrelevant here. Really, this is pretty much about integrating TPM into a processor. Which is going to make attacking it much harder. But we're talking about physical attacks that require access, equipment and skill.
When they actually build in back doors, it's typically because government wants them. And they have ways of persuading companies if they don't feel sympathetic to their cause. About twenty years ago, it was rumoured that because technologies utilizing encryption are controlled in the US and therefore require an export permit (like firearms or ammunition), they would simply withhold such permits to anyone non-cooperative. Yes, it's a pretty safe bet that whatever they offer, it's been compromised in some way so that the US government can sift through your data, ideally without any paperwork required. I mean, having to prove you have a decent reason to invade privacy is just such a drag. :D But you can hope others can't get in. Apple, Google and Microsoft cooperate and have compromised security to ensure they can read your data (e.g. by making copies of your encryption keys). If they could do it with TPM, they'll be able to do it with Pluton.
There are very real threats with such technologies. And they have nothing to do with bad implementation. You can look up articles on why the German government refused to use devices with TPM 2.0 and Windows 8 (that's why they stayed on Win 7). Essentially, it comes down to users losing control over their devices. In the name of security, these companies are gaining way too much power. Does that remind you of anyone? Now, the chip is going to be in the processor, perhaps all the processors.
Quote from: vertigo on November 18, 2020, 20:09:52
Two concerns immediately come to mind here, in addition to what's already been mentioned regarding Intel's inability to make a chip that doesn't resemble Swiss cheese: being connected to the cloud seems like yet another way for these companies to track people and collect data, similar to what Apple was just caught doing, only in a way that would be extremely difficult to prevent, and the thought of MS doing regular updates to the CPU, when they can't even seem to go a month without causing major issues with one of their OS updates, not to mention all the many issues that have existed for months/years that aren't fixed, really concerns me. It's bad enough I have to deal with their crappy OS, I'd rather not have them screwing with the hardware, too. I'm really not sure what to think with this, it simultaneously seems like a really good and really bad idea, and unfortunately experience has shown that usually in cases like that, the bad tends to outweigh the good.
I totally agree with you and I can only hope that we'll be able to disable this "hardware feature" the same way we can disable COM/LPT ports from BIOS. I'd rather use Linux with a flawed/vulnerable processor than Windows with one that pretends to be secure and leaves room for even more problems. I have no problem being spied on, but at least give me the hardware for free if you want to do that! ;)
Quote from: _MT_ on November 19, 2020, 09:45:55
I believe most of the issues Intel had were related to multi-threading. That's irrelevant here. Really, this is pretty much about integrating TPM into a processor. Which is going to make attacking it much harder. But we're talking about physical attacks that require access, equipment and skill.
When they actually build in back doors, it's typically because government wants them. And they have ways of persuading companies if they don't feel sympathetic to their cause. About twenty years ago, it was rumoured that because technologies utilizing encryption are controlled in the US and therefore require an export permit (like firearms or ammunition), they would simply withhold such permits to anyone non-cooperative. Yes, it's a pretty safe bet that whatever they offer, it's been compromised in some way so that the US government can sift through your data, ideally without any paperwork required. I mean, having to prove you have a decent reason to invade privacy is just such a drag. :D But you can hope others can't get in. Apple, Google and Microsoft cooperate and have compromised security to ensure they can read your data (e.g. by making copies of your encryption keys). If they could do it with TPM, they'll be able to do it with Pluton.
There are very real threats with such technologies. And they have nothing to do with bad implementation. You can look up articles on why the German government refused to use devices with TPM 2.0 and Windows 8 (that's why they stayed on Win 7). Essentially, it comes down to users losing control over their devices. In the name of security, these companies are gaining way too much power. Does that remind you of anyone? Now, the chip is going to be in the processor, perhaps all the processors.
First, as you have pointed out, and I should have clarified, since it's unclear if the first couple posters realize this, there's a difference between security flaws due to processor design (accidents/incompetence/lack of adequate testing) and backdoors (intentional).
As far as the security flaws, not all flaws have been related to HT. For example, Meltdown and Spectre, both extremely serious flaws, weren't, and the patches from those alone caused a significant loss of performance, essentially making CPUs perform one to two generations slower. This is almost certainly a big part of the reason why my current computer has become so slow as to be difficult to use anymore, as these and other patches have effectively turned my i5-4300u (Haswell/4th gen) into a 1st or 2nd gen CPU performance-wise, more comparable to Sandy Bridge at best, and probably not even that. Which is especially annoying because when I was researching about it, I was frustrated by the meager performance increases between those three generations but wanted Haswell to get the most I could, and then I ended up losing it anyway. So the thought of Intel being involved in this concerns me because I'm sick of paying extra for the higher performance only to lose it down the road due to these constant issues. I realize that's much less likely in this situation, but it's still a concern. I just hope that working as a group, they can check each other and minimize the likelihood of any such issues.
Backdoors are a whole other issue, and who knows which companies have them and which, if any, don't. Some of them (pretend to?) fight the government against implementing them, but there's no telling what the real situation is. And unfortunately, until a security researcher somewhere discovers any of them, and isn't prevented from informing the public through means of intimidation or worse, we won't know. In this case (backdoors), I actually think these companies working together is a good thing. Just like they would hopefully be able to combine their knowledge and resources to minimize security flaws, their combined work on a backdoor (or multiple ones, in case one gets discovered) would hopefully at least make it/them more secure, so only the intended user(s) (government(s), companies, etc) would be able to use it, i.e. that it would be harder to discover and exploit by bad actors (well, other than those requiring it). The downside is, if hackers do figure it out, they'll have access to systems with all these chipsets. And if they are able to make it more secure, that's good for protecting against hackers, but bad because it makes it less likely to be discovered and revealed by security researchers, making it harder to know what the government(s) is/are up to.
Of course, while a more secure backdoor is better than a less secure one, obviously it would be best to not have one at all, but with government corruption the way it is, that's likely wishful thinking. And I don't blame the German government, and any other, for taking steps like that, though they're only going to be able to resist for so long unless they start making their own hardware and software. Maybe governments should start funding Linux development. And unless they want to be stuck on pre ~2016 computers indefinitely, they're going to have to start developing their own chips, too. At least we'd get more competition out of it.
Quote from: Codrut Nistor on November 19, 2020, 13:35:22
I totally agree with you and I can only hope that we'll be able to disable this "hardware feature" the same way we can disable COM/LPT ports from BIOS. I'd rather use Linux with a flawed/vulnerable processor than Windows with one that pretends to be secure and leaves room for even more problems. I have no problem being spied on, but at least give me the hardware for free if you want to do that! ;)
Unfortunately, that seems unlikely. I suspect even if you can "disable" it, all that will do is disable the security aspects, but it will still continue to do any underhanded stuff it may be designed to do. And if by flawed/vulnerable processor you mean one pre-Pluton, then you'll be stuck on that forever. And if it does have exploitable vulnerabilities, even the security of Linux may not be able to protect against them.
And the willingness of people to give up all privacy for getting something for free is what got us all into this mess in the first place. I wonder if we hadn't become numb to it all through years of Yahoo/Google/Facebook/etc if people would be taking a harder stance against government intrusions. And, of course, the Patriot Act and other post-9/11 "protective measures" haven't helped.
Quote from: vertigo on November 19, 2020, 17:19:06
As far as the security flaws, not all flaws have been related to HT. For example, Meltdown and Spectre, both extremely serious flaws, weren't, and the patches from those alone caused a significant loss of performance, essentially making CPUs perform one to two generations slower...
I'm not intimately familiar with those attacks, but I do know they utilize speculative execution and I was under the impression that the vulnerability was within the same core. Essentially, they're not providing enough isolation between threads. Cores are much more isolated from each other. Multi-threading is a bit broader term. I don't know if all attacks of these classes require sharing of a core, but some definitely do (they rely on sharing registers or L1 cache). Also, these attacks were not limited to Intel's processors. All sorts of processors are vulnerable. That discovery was really a big milestone for processor design.
Depends on the task. If it's videos or GIFs, it's more likely newer encoding for which you don't have hardware acceleration.
The thing is, TPM is a completely different game. They're quite primitive devices in comparison. Sure, you can screw up anything. I don't know whether they worked together on a common implementation. But the existing modules were generally not attacked by software. That's what they were primarily designed to resist. And off hand, I don't recall a vulnerability of that sort. They were attacked physically. And some of those attacks were already very difficult to perform (the manufacturer was quite aware of the possibility, it was simply considered too difficult and esoteric, of little practical consequence). By integrating the module into a processor, they will become practically impossible. Really, the biggest weakness was probably the exposed bus between TPM and CPU allowing you to intercept communication. The principal weakness of full disc encryption is that you have to retrieve a key before you can start booting.
As I said, they can already work around TPM when it comes to "cloud." So, this doesn't change anything. For example by not offering end to end encryption (storing data on their servers encrypted using their keys) or by utilizing key escrow (perhaps masquerading as a key recovery service). For example, Apple wanted to offer end to end encryption but in the end they changed their minds. I believe it was said it was the FBI who changed their mind. It's hardly surprising. More insidious risk comes from outfits like the NSA influencing how encryption is implemented, very carefully crafting implementations that have weaknesses. Obviously, they don't want weak encryption. That could easily backfire. They want a weakness only they can utilize. And yes, it's possible to craft such things. Even to the point where it's impossible to prove it has been done. Only that it's possible to do. Plausible deniability. They can influence companies because they consult with them (encryption is hard) and nothing is stopping them from contributing to open source projects. If they care about retrieving keys from TPMs, the existing TPMs might already be backdoored. And this will probably be the same. The only change being that the biggest supplier of TPM chips is a German company, not US. Actually discovering the backdoor is going to be even more difficult once it's integrated. And perhaps it doesn't need to be backdoored to accomplish their goal. You'd have to look into how exactly it works. E.g. if they already have the right keys (by working with OS supplier), they might be able to push an update containing a backdoor to your device that passes all checks (it has been signed with the correct keys) and siphon your data that way. The chip itself can be perfectly fine and doing its job (not even the best lock will protect you if burglar has a key). Anyway, if you don't trust your OS, you've got a big problem.
Consider how many people use wireless keyboards without verifying the communication is encrypted (which often isn't the case). Not to mention whether the encryption is any good. Every time they type a password or card information, their keyboard is just broadcasting it everywhere. It's like yelling your passwords out loud. Just at 2.4 GHz. Security is fun.
Quote from: _MT_ on November 20, 2020, 12:28:14
I'm not intimately familiar with those attacks, but I do know they utilize speculative execution and I was under the impression that the vulnerability was within the same core. Essentially, they're not providing enough isolation between threads. Cores are much more isolated from each other. Multi-threading is a bit broader term. I don't know if all attacks of these classes require sharing of a core, but some definitely do (they rely on sharing registers or L1 cache). Also, these attacks were not limited to Intel's processors. All sorts of processors are vulnerable. That discovery was really a big milestone for processor design.
Depends on the task. If it's videos or GIFs, it's more likely newer encoding for which you don't have hardware acceleration.
The thing is, TPM is a completely different game. They're quite primitive devices in comparison. Sure, you can screw up anything. I don't know whether they worked together on a common implementation. But the existing modules were generally not attacked by software. That's what they were primarily designed to resist. And off hand, I don't recall a vulnerability of that sort. They were attacked physically. And some of those attacks were already very difficult to perform (the manufacturer was quite aware of the possibility, it was simply considered too difficult and esoteric, of little practical consequence). By integrating the module into a processor, they will become practically impossible. Really, the biggest weakness was probably the exposed bus between TPM and CPU allowing you to intercept communication. The principal weakness of full disc encryption is that you have to retrieve a key before you can start booting.
As I said, they can already work around TPM when it comes to "cloud." So, this doesn't change anything. For example by not offering end to end encryption (storing data on their servers encrypted using their keys) or by utilizing key escrow (perhaps masquerading as a key recovery service). For example, Apple wanted to offer end to end encryption but in the end they changed their minds. I believe it was said it was the FBI who changed their mind. It's hardly surprising. More insidious risk comes from outfits like the NSA influencing how encryption is implemented, very carefully crafting implementations that have weaknesses. Obviously, they don't want weak encryption. That could easily backfire. They want a weakness only they can utilize. And yes, it's possible to craft such things. Even to the point where it's impossible to prove it has been done. Only that it's possible to do. Plausible deniability. They can influence companies because they consult with them (encryption is hard) and nothing is stopping them from contributing to open source projects. If they care about retrieving keys from TPMs, the existing TPMs might already be backdoored. And this will probably be the same. The only change being that the biggest supplier of TPM chips is a German company, not US. Actually discovering the backdoor is going to be even more difficult once it's integrated. And perhaps it doesn't need to be backdoored to accomplish their goal. You'd have to look into how exactly it works. E.g. if they already have the right keys (by working with OS supplier), they might be able to push an update containing a backdoor to your device that passes all checks (it has been signed with the correct keys) and siphon your data that way. The chip itself can be perfectly fine and doing its job (not even the best lock will protect you if burglar has a key). Anyway, if you don't trust your OS, you've got a big problem.
Consider how many people use wireless keyboards without verifying the communication is encrypted (which often isn't the case). Not to mention whether the encryption is any good. Every time they type a password or card information, their keyboard is just broadcasting it everywhere. It's like yelling your passwords out loud. Just at 2.4 GHz. Security is fun.
You very well could be right. I don't know much about how Spectre and Meltdown work, I just didn't see anything about HT/multithreading when looking.
Having no backdoor but a way to create one by pushing an update is still a backdoor, since bad actors could take advantage of the ability and create a backdoor for themselves, so it's effectively the same thing.
Very true about wireless keyboards, as well as people that use public Wi-Fi without a VPN. Of course, for the keyboard, the easy solution is to use a password manager, which provides protection against that and so much more. Anybody not using one is simply asking for trouble. I keep trying to convince people to use one, but nobody has bothered, which is troubling. But all I can do is educate them and leave the decision to them.
There is a criminal organization in Brazil using NSO Group's Pegasus to infect devices for hack for hire, to incite terrorism, blackmail people, produce illegal pornography and assist in assassinations. They also have other advanced malware, like UEFI implants and even persistent implants for Kindle and Raspberry Pi. Plus face/voice recognition on every camera and microphone they can get into, in public or private places.
Brazil won't do anything to stop them. Only the FBI, CIA and NSA can stop them.
There is also the possibility that they were engaged on the hack of Bezos' smartphone.
If you know of any security researcher who wants to reverse engineer the exploits they are using, I am more than willing to help them.
If you want a story about how they operate, I am willing to work with you to expose them.