Stories
Slash Boxes
Comments

SoylentNews is people

posted by martyb on Wednesday January 17 2018, @07:51PM   Printer-friendly
from the oughta-be-a-law dept.

Vox Media website theverge.com reports that Rep. Jerry McNerney (D-CA) wants answers about the recent computer chip chaos.

Congress is starting to ask hard questions about the fallout from the Meltdown and Spectre vulnerabilities. Today, Rep. Jerry McNerney (D-CA) sent a letter [(pdf)] requesting a briefing from Intel, AMD, and ARM about the vulnerabilities’ impact on consumers.

[...] The two vulnerabilities are “glaring warning signs that we must take cybersecurity more seriously,” McNerney argues in the letter. “Should the vulnerabilities be exploited, the effects on consumers’ privacy and our nation’s economy and security would be absolutely devastating.”

Privately disclosed to chipmakers in June of 2016, the Meltdown and Spectre bugs became public after a haphazard series of leaks earlier this month. In the aftermath, there have been significant patching problems, including an AMD patch that briefly prevented Windows computers from booting up. Intel in particular has come under fire for inconsistent statements about the impact of the bugs, and currently faces a string of proposed class-action lawsuits relating to the bugs.

Meltdown can be fixed through a relatively straightforward operating-system level patch, but Spectre has proven more difficult, and there have been significant patching problems in the aftermath. The most promising news has been Google’s Retpoline approach, which the company says can protect against the trickiest Spectre variant with little negative performance impact.

The letter calls on the CEOs of Intel, AMD, and ARM to answer (among other things) when they learned about these problems and what they are doing about it.


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 2) by Snotnose on Wednesday January 17 2018, @09:36PM (7 children)

    by Snotnose (1623) on Wednesday January 17 2018, @09:36PM (#623822)

    What exactly is congress expecting? That the management of these chipmakers, or even people designing the chips, could foresee this particular type of weakness? When I read a decent explanation [raspberrypi.org] of how information can be leaked from the kernel, I was thinking, who could have foreseen that?

    I think it's more like chip makers haven't had hackers first and forment in their minds, unlike software makers have for the past 30 years.

    I write device drivers and poke around in kernels when the boss isn't looking. A lot of what I do is getting the product spec from the manufacturer, taking sample code or a table of registers/values, adjusting some values as needed, and popping it into my code. I seldom (ok, never have before) stopped to think "Hmmm, what happens if I do this, this, this, then don't do that?". I suspect this is how the chip maker's are struggling to think now. Kinda like the designers of TCP/IP would never think people would do 2/3 of a three way handshake and refuse to finish it, all for the purpose of tying up a socket.

    --
    Why shouldn't we judge a book by it's cover? It's got the author, title, and a summary of what the book's about.
    Starting Score:    1  point
    Karma-Bonus Modifier   +1  

    Total Score:   2  
  • (Score: 3, Interesting) by DannyB on Wednesday January 17 2018, @09:57PM (6 children)

    by DannyB (5839) Subscriber Badge on Wednesday January 17 2018, @09:57PM (#623843) Journal

    In a microprocessor instruction set, not every possible binary pattern is used as a valid instruction. I wonder if or how many undocumented instructions there are? What they might do?

    Imagine trying to explore that.

    Might they all trap as invalid opcode unless some other special condition is met?

    Suppose:
    1. store certain pattern of magic values V1 . . . Vn into registers R1 . . . Rn.
    2. Execute a certain specific invalid opcode

    *poof* [magic black smoke appears and quickly disburses]

    Now several other invalid opcodes are enabled to give you magical powers instead of invalid opcode exceptions. You can now use registers as you see fit once again. The magic values were merely to authenticate your magical status. One of the new invalid opcodes is to return everything back to the non magical state.

    Your mere mortal user space code would walk among the clouds like gods, tiptoeing through kernel space and doing other mischief.

    --
    People today are educated enough to repeat what they are taught but not to question what they are taught.
    • (Score: 3, Interesting) by Azuma Hazuki on Wednesday January 17 2018, @10:40PM (4 children)

      by Azuma Hazuki (5086) on Wednesday January 17 2018, @10:40PM (#623872) Journal

      So, you're thinking of a HCAYD (halt and capture all yer data) opcode then? I wish i were merely joking, but this is precisely the kind of sneaky shit I'd do in this situation. Once I read about undocumented opcodes the first concern was "shit, THIS is where the boys at the puzzle palace have their backdoor, isn't it?"

      --
      I am "that girl" your mother warned you about...
      • (Score: 3, Insightful) by frojack on Thursday January 18 2018, @12:52AM (3 children)

        by frojack (1554) on Thursday January 18 2018, @12:52AM (#623936) Journal

        Well, yes, in a purely evil world.

        But look we are talking about Intel here. Made up of smart people, but not blindingly so. Not god like or devil like. Just ordinary nerds who like beer and football an nice cars, and good looking women. They change jobs, retire, get fired at similar rates to other high functioning nerds.

        Look how many people knew about the Volkswagen pollution defeat. It was whispered about for years, and finally one company figured out how to test for it, notified US Authorities and Game Over. Even with the wagons circled, and protected by their government, the truth is coming out and some high placed German executives dare not step outside their own country.

        Honest Question: How long could this have been kept secret if it were actually planned, and even narrowly known?

        How many programmers seriously consider the possibility that the value the put into a register at line 358 in the code might no longer be the same at line 361 due to a gama ray or something. Who sets and checks parity on every value written and read back?

        So I'm invoking Occam's Razor. I doubt anyone thought any of these shortcuts could be leveraged in the real world. It took 30 years to find the first examples.

        --
        No, you are mistaken. I've always had this sig.
        • (Score: 2) by Azuma Hazuki on Thursday January 18 2018, @05:58AM

          by Azuma Hazuki (5086) on Thursday January 18 2018, @05:58AM (#624037) Journal

          Hanlon's Razor, a different one, has long since lost its edge with these people. We are dealing with a situation where ignorance, at least in terms of its effects, differs little from malice.

          --
          I am "that girl" your mother warned you about...
        • (Score: 2) by DannyB on Thursday January 18 2018, @02:26PM

          by DannyB (5839) Subscriber Badge on Thursday January 18 2018, @02:26PM (#624135) Journal

          I always thought I was a bit paranoid. After Snowden I realized that every paranoid thing I had thought was not only reality but already had been reality for a long time. Now I realize that no matter how paranoid a scenario I may imagine, it is probably not paranoid enough.

          These people can and would implement magical invalid opcodes in microprocessors. After all, they implemented the Management Engine. Who would have even thought of that? There are no limits to how far these people will go to access your pr0n collection.

          Management Engine was kinda sorta publicly known but remained under the radar for years until fairly recently. It's baked into microprocessors that are in everything now.

          The beauty of an invalid opcode implementation like what I described is that you can't detect it even though any reasonable amount of exploration. The "unlock magic mode" opcode traps as an invalid opcode unless an improbable pattern of values are in certain registers.

          I continued thinking about this later after I had posted. Let me continue that thought. One way this type of magic might get discovered is by scanning executable code for invalid opcodes. So let's not use any invalid opcodes. The magic mode opcode would require the improbable pattern of values in all registers, followed by a Jump To Subroutine PC relative addressing into the immediate argument value of some nearby instruction. That other instruction's immediate argument value is the invalid opcode, and it then does a return so that execution continues after the jump to subroutine instruction. All other invalid opcodes are implemented the same way. You must code the invalid opcode as an immediate value argument in some other nearby instruction, then JSR to it, it returns and performs it's magic function. This improved approach to what I described protects against discovery of invalid opcodes by mere scanning of executables for invalid opcodes.

          There could be a whole menu of new invalid opcodes. Instructions to access kernel memory. Change processor privilege level. Communicate with the management engine in devious ways. Dare to imagine the possibilities.

          Don't even think that they might not devise some devilish thing like this. They don't care about you or me. They just want absolute power. And absolute power tweets absolute crazy.

          --
          People today are educated enough to repeat what they are taught but not to question what they are taught.
        • (Score: 2) by schad on Thursday January 18 2018, @04:47PM

          by schad (2398) on Thursday January 18 2018, @04:47PM (#624199)

          I've worked at Intel, and they are staggeringly paranoid about their IP. There are so many levels of classification, including compartmentalized need-to-know, that it may well be possible to slip in a back door that won't be detected. The asinine secrecy probably makes back doors easier to create.

    • (Score: 5, Interesting) by dbe on Thursday January 18 2018, @12:12AM

      by dbe (1422) on Thursday January 18 2018, @12:12AM (#623916)

      Ask and you shall be answered...
      https://www.youtube.com/watch?v=KrksBdWcZgQ [youtube.com]

      Basically this guy did exactly that, looking at holes in the binary instruction code tables and "glitches" in the application notes where the PDF tables cells were left blanks...
      Then using fuzzing to create new undisclosed instructions.
      The interesting part is how he could find the length of each instruction by using a read only page and sticking the instruction close enough from the boundary to not create an exception.

      TLDR, the processors are full of magic unknown/undocumented instructions...

      -dbe