Stories
Slash Boxes
Comments

SoylentNews is people

posted by takyon on Sunday January 07 2018, @06:36PM   Printer-friendly
from the end-of-trusted-computing dept.

Submitted via IRC for TheMightyBuzzard

AMD has fixed, but not yet released BIOS/UEFI/firmware updates for the general public for a security flaw affecting the AMD Secure Processor.

[...] Cfir Cohen, a security researcher with the Google Cloud Security Team, says he discovered a vulnerability in the Trusted Platform Module (TPM) of the AMD Secure Processor. The TPM is a component to store critical system data such as passwords, certificates, and encryption keys, in a secure environment and outside of the more easily accessible AMD cores.

"Through manual static analysis, we've found a stack-based overflow in the function EkCheckCurrentCert," Cohen says. The researcher claims that an attacker could use specially-crafted EK certificates to get remote code execution rights on the AMD Secure Processor, allowing him to compromise its security.

Cohen said that some basic mitigation techniques such as "stack cookies, NX stack, ASLR" were not implemented in AMD's Secure Processor, making exploitation trivial.

takyon: This bug is unrelated to Meltdown and Spectre. And you might be interested in this:

Coincidentally, on Reddit [1, 2], some users reported seeing a new option to disable AMD PSP support, but it's unclear if this new option is related to the patches AMD was preparing to roll out for Cohen's findings.

Source: Security Flaw in AMD's Secure Chip-On-Chip Processor Disclosed Online


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: -1, Troll) by Ethanol-fueled on Sunday January 07 2018, @06:46PM (21 children)

    by Ethanol-fueled (2792) on Sunday January 07 2018, @06:46PM (#619237) Homepage

    I'm one of those people who thinks that cars should be simple because the more shit you add to it, the more shit there is to go wrong. All this "TPM" bullshit is no exception.

    Of course the additional and unnecessary complexity of shit is the cause of these security breaches. The Jews are behind it.

    Starting Score:    1  point
    Moderation   -2  
       Troll=4, Insightful=1, Informative=1, Total=6
    Extra 'Troll' Modifier   0  

    Total Score:   -1  
  • (Score: 5, Insightful) by Justin Case on Sunday January 07 2018, @07:07PM (19 children)

    by Justin Case (4239) on Sunday January 07 2018, @07:07PM (#619243) Journal

    I was ready to vote you up until that last sentence. I hope you got a brief thrill from being pointlessly offensive.

    Anyway, yeah, we need cars and computers we can understand and assemble / repair ourselves from a few dozen interchangeable commodity parts.

    On an all-too-related topic, everyone raise your hand if you were ready to trust your life to self-driving cars a month ago. Now we know that almost every CPU ever made (if you take percentage of total) has at least one fundamentally un-fixable vulnerability. And what makes you think the endless stream of security vulnerabilities is ever going to end?

    • (Score: 0) by Anonymous Coward on Sunday January 07 2018, @07:15PM (2 children)

      by Anonymous Coward on Sunday January 07 2018, @07:15PM (#619244)

      On an all-too-related topic, everyone raise your hand if you were ready to trust your life to self-driving cars a month ago. Now we know that almost every CPU ever made (if you take percentage of total) has at least one fundamentally un-fixable vulnerability. And what makes you think the endless stream of security vulnerabilities is ever going to end?

      Isn't this more an issue of bravery and manliness? If you are scared of modern progress, what does that say about your deep emotional inadequacies? Trying to put the blame on intel is just misdirection.

      • (Score: 0, Troll) by Ethanol-fueled on Sunday January 07 2018, @07:32PM

        by Ethanol-fueled (2792) on Sunday January 07 2018, @07:32PM (#619251) Homepage

        "Bravery and manliness" is for people who choose to have control over their own cars, and generally choose to be in control of their own vehicles. I fear that may soon come to an end, and the last bastion of highway freedom will be motorcycles. California faggots will soon try to ban those as well.

      • (Score: 4, Funny) by Runaway1956 on Sunday January 07 2018, @09:45PM

        by Runaway1956 (2926) Subscriber Badge on Sunday January 07 2018, @09:45PM (#619292) Journal

        You, the sheeple, aren't man enough to operate a motor vehicle safely, so, the result is gubbermint is going to take away the opportunity for you to fuck things up. And, you, oh gullible fool, think that this is a Good Thing. Gubbermint can and will track your every move - along with every major corporation. And, you're perfectly happy with that. Bravery and manliness, you say? Why don't you try it for yourself. It's only a little bit late to make a New Year's resolution. Tell yourself that "This year, I'm going to act like a man!"

        I expect that you'll last about a day and a half, before you return to the forage offered by the mainstream media.

    • (Score: 5, Informative) by takyon on Sunday January 07 2018, @07:19PM (6 children)

      by takyon (881) <reversethis-{gro ... s} {ta} {noykat}> on Sunday January 07 2018, @07:19PM (#619245) Journal

      The solution is simple. Don't build networking into your driverless car. No V2V [wikipedia.org]. No OTA updates. Shit, if the software needs an update, it should be able to drive itself to the dealership and back. It can use stored maps + GPS. Discrepancies can be mitigated using autonomy features that determine whether the path being taken is accurate in real time. Update the maps by plugging in a USB or your phone (pwning the car instantly).

      --
      [SIG] 10/28/2017: Soylent Upgrade v14 [soylentnews.org]
      • (Score: 4, Insightful) by Arik on Sunday January 07 2018, @07:33PM

        by Arik (4543) on Sunday January 07 2018, @07:33PM (#619252) Journal
        It's simple at a technical level.

        At a social level? They make more money making insecure crap, as long as people buy it.

        It doesn't even really matter how many people it kills. As long as their insanely sloppy process 'complies with industry standards' they won't be held responsible. It will be written off as an inexplicable, unavoidable tragedy. "All software has bugs" they will say.

        I'm thinking they learned that from the same guy that told us "there are no right or wrong answers in mathematics."

        --
        If laughter is the best medicine, who are the best doctors?
      • (Score: 2) by zocalo on Sunday January 07 2018, @07:38PM

        by zocalo (302) on Sunday January 07 2018, @07:38PM (#619255)
        You could also just make the updates downloadable over the Internet as a signed binary blob. Download to USB stick, plug the stick into the vehicle, and wait for it to be verified and applied - pretty much the same process used by most cameras these days. If the user doesn't want to apply the updates themselves, I'm sure there are plenty of mechanics willing to do it for a fee/for free (my current car gets a firmware check and any updates applied for free as an line-item on a dealer service), and if they don't want to apply a given update at all I'm sure there are plenty of mechanics that will honour that request too.
        --
        UNIX? They're not even circumcised! Savages!
      • (Score: 4, Insightful) by Justin Case on Sunday January 07 2018, @07:49PM (1 child)

        by Justin Case (4239) on Sunday January 07 2018, @07:49PM (#619261) Journal

        Your suggestions make a lot of sense, which is will they will be energetically opposed.

        Don't build networking into your driverless car.

        But then, how can we show you relevant ads that tell you where to go? "Just fail to say No loudly enough, and the car will automatically drive you to our store! For your convenience of course!"

        No OTA updates.

        Be reasonable. Surely you don't think we're going to let it be your car? You merely get to pay for it.

      • (Score: 0) by Anonymous Coward on Tuesday January 09 2018, @07:18PM (1 child)

        by Anonymous Coward on Tuesday January 09 2018, @07:18PM (#620160)

        the opposite will happen. eventually all decisions of all vehicles (many times in concert with one another) will be recorded in real time on the blockchain.

    • (Score: 2, Insightful) by Anonymous Coward on Sunday January 07 2018, @07:38PM (2 children)

      by Anonymous Coward on Sunday January 07 2018, @07:38PM (#619256)

      > On an all-too-related topic, everyone raise your hand if you were ready to trust your life to self-driving cars a month ago. Now we know that almost every CPU ever made (if you take percentage of total) has at least one fundamentally un-fixable vulnerability. And what makes you think the endless stream of security vulnerabilities is ever going to end?

      If Meltdown is what made you realize that... you have been living under a mountain-sized rock. Car software is of abysmal quality, and self-driving car technology is still a long way from being usable.

      On the other hand, I'm not all that willing to trust my life to non-self-driving cars either, whether it would be me driving or some other idiot. Security vulnerabilities in your average human are oh so much worse than in any software.

      • (Score: 4, Insightful) by Justin Case on Sunday January 07 2018, @07:45PM

        by Justin Case (4239) on Sunday January 07 2018, @07:45PM (#619259) Journal

        Security vulnerabilities in your average human are oh so much worse than in any software.

        Perhaps, but you usually have to pwn humans one at a time. (Acknowledging technology-aided mass attacks do exist, like phishing SPAM, and TV preachers.)

        Software monoculture means you can pwn millions of devices through the same exploit. Millions of malicious cars on the loose? This is going to require a boatload of popcorn!

      • (Score: 0) by Anonymous Coward on Monday January 08 2018, @04:01AM

        by Anonymous Coward on Monday January 08 2018, @04:01AM (#619397)

        >Now we know that almost every CPU ever made (if you take percentage of total)

        Nowhere near. The CPUs in cars, many phones, non-x86 routers, etc. are not x86 nor ARM.

        Just because they're slower and not in your desktop doesn't mean they aren't CPUs.

    • (Score: 0) by Anonymous Coward on Sunday January 07 2018, @07:42PM (5 children)

      by Anonymous Coward on Sunday January 07 2018, @07:42PM (#619258)

      But go read up on who is running the Intel ME project now, and who lead designers were on the speculative execution for the PPro, and while unlikely, may the same holds true with AMD's implementation.

      Personally, judging by the requirements to trigger AMD's exploit it sounds like a perfect security flaw for end users and maybe the NSA/FBI, while not being a great flaw for remote hackers.

      Assuming you have write protection on the bios, it is impossible to exploit without rebooting the system, disabling write protection, installing the rogue certificate, rebooting the system again, booting into the OS and generating a new key utilizing the stack smashing certificate already installed to nvram (read: flash, not rtc nvram) in order to inject arbitrary code. And you still need to know enough about the internals of the fTPM and TrustZone OS/Kernel to be able to take this exploit and turn it into shell access, or personal code running inside the Secure Processor.

      Once you HAVE however, it sounds like it could be pretty dope for all kinds of things, including pulling out authentication keys for specific applications tied to the tpm/hardware, whether for backup or piracy purposes.

      • (Score: 3, Interesting) by frojack on Sunday January 07 2018, @08:33PM (3 children)

        by frojack (1554) on Sunday January 07 2018, @08:33PM (#619267) Journal

        Personally, judging by the requirements to trigger AMD's exploit it sounds like a perfect security flaw for end users and maybe the NSA/FBI, while not being a great flaw for remote hackers.

        The fact that Google researchers are heavily involved in finding (and releasing) these exploits suggests they see this as a serious exploit, and have probably seen unexplained penetration on some of their cloud servers.

        Or did they...?

        They found this bug through manual static analysis. What the hell is that? pouring over core dumps trying to figure why the machine crashed? Detailed execution tracing of a known exploited machine to find out what was running?

        NO, nothing of that level of sophistication.

        Manual Static Analysis turns out to be mostly painstaking source code reviews. I guess when you are Google you can get access to AMD's source code. As could just about any other state level actor.

        --
        No, you are mistaken. I've always had this sig.
        • (Score: 2) by frojack on Sunday January 07 2018, @08:35PM (1 child)

          by frojack (1554) on Sunday January 07 2018, @08:35PM (#619268) Journal

          Note horrible quoting mess in above post provided free of charge, and unhindered by the thought process. Keep the change you filthy animals.

          --
          No, you are mistaken. I've always had this sig.
        • (Score: 0) by Anonymous Coward on Monday January 08 2018, @04:04AM

          by Anonymous Coward on Monday January 08 2018, @04:04AM (#619398)

          Manual static analysis includes ASM, reversed and decompiled code, FYI.

      • (Score: 2) by Runaway1956 on Sunday January 07 2018, @09:57PM

        by Runaway1956 (2926) Subscriber Badge on Sunday January 07 2018, @09:57PM (#619298) Journal

        And you still need to know enough about the internals

        Are you sure about that? When I first discovered the script kiddies, I was contemptuous of them, like almost everyone else. But, SOMEONE developed the exploits that the script kiddies used. In this case, it will take a pretty smart individual to set the script up, but once the script is built, the script kiddy needs understand diddly. He gains access to a machine, boots, flashes, reboots, and watches shit happen automagically. The brighter kiddies may customize the script, to some extent.

  • (Score: 2) by Runaway1956 on Sunday January 07 2018, @09:39PM

    by Runaway1956 (2926) Subscriber Badge on Sunday January 07 2018, @09:39PM (#619290) Journal

    Let me reiterate what Justin Case said. You had almost earned an up mod from me, until the last sentence. Unlike Justin, I don't mine a little offensiveness, but this time, the stupidity of it just blew away the upmod. Come on, man. If you're going to spread around offensive bullshit, at least get creative. You might amuse me with something new, or different. "The Jews are behind it!" What, do you see Jews behind every rock, peeking out from every building? There aren't that many Jews in the world!