SoylentNews is people
SoylentNews
What Is a Side Channel Attack?:
Modern cybersecurity depends on machines keeping secrets. But computers, like poker-playing humans, have tells. They flit their eyes when they've got a good hand, or raise an eyebrow when they're bluffing—or at least, the digital equivalent. And a hacker who learns to read those unintended signals can extract the secrets they contain, in what's known as a "side channel attack.".
Side channel attacks take advantage of patterns in the information exhaust that computers constantly give off: the electric emissions from a computer's monitor or hard drive, for instance, that emanate slightly differently depending on what information is crossing the screen or being read by the drive's magnetic head. Or the fact that computer components draw different amounts of power when carrying out certain processes. Or that a keyboard's click-clacking can reveal a user's password through sound alone.
[...] For a sufficiently clever hacker, practically any accidental information leakage can be harvested to learn something they're not supposed to. As computing gets more complicated over time, with components pushed to their physical limits and throwing off unintended information in all directions, side channel attacks are only becoming more plentiful and difficult to prevent. Look no further than the litany of bugs that Intel and AMD have struggled to patch over the last two years with names like Meltdown, Spectre, Fallout, RIDL, or Zombieload—all of which used side channel attacks as part of their secret-stealing techniques.
The most basic form of a side channel attack might be best illustrated by a burglar opening a safe with a stethoscope pressed to its front panel. The thief slowly turns the dial, listening for the telltale clicks or resistance that might hint at the inner workings of the safe's gears and reveal its combination. The safe isn't meant to give the user any feedback other than the numbers on the dial and the yes-or-no answer of whether the safe unlocks and opens. But those tiny tactile and acoustic clues produced by the safe's mechanical physics are a side channel. The safecracker can sort through that accidental information to learn the combination.
[...] Attacks like Spectre and Meltdown left firms like Intel and other computer manufacturers in a cat-and-mouse game of chasing after their products' accidental information leaks, constantly releasing updates to hide data that's exposed in side channel attacks or pad it with other noise that makes it harder to decipher. As computers become more and more complex, and if the computing industry continues to prioritize performance over security, side channels will still appear, says Michigan's Genkin. In some cases like Spectre and Meltdown, researchers are even digging into years-old mechanics and pulling out secrets that were available for the taking all long—at least, for anyone who could decipher the accidental byproducts of a computer's processes.
"They were always there," says Genkin. "The reason you hear more and more about them is that as we dig further, we find more and more side channels to exploit. And as we find out just how bad they are, we are also learning how to defend against them."
(Score: 2) by TheReaperD on Monday June 22 2020, @04:48PM (4 children)
If Intel tries to say that they couldn't have anticipated these kind of attacks on their processors... BULLSHIT! At my job at the time, I had a regular invitation to the Intel Developer Conference (I might be mangling the name of the conference as it was over 10 years ago) and the combination of the sales droids and an engineer were touting their great new remote management system called vPro. Since they had an actual engineer there, I asked him, in detail how the system worked. When he told me that the remote management engine was a system on chip (SoC) that was walled off from the regular processor functions that could even wake a computer from a power-off state and take admin control of the computer at privileges above ring 0 (WTF?!), I was more than a little alarmed. I asked him what were the security implications of having this SoC remote management system. He said there were no security implications because the user had no access to the SoC enclave. I told him that was utter and complete bullshit because, if there's any way of interacting with the enclave, there was a method for a bad actor to take advantage of it, and with the above ring 0 (highest security access ring built into the processor) privileges, you're just asking for an unmitigable attack from hackers. I flat out said, this was a really, really bad idea. He no longer wanted to talk to me and he and the sales droids avoided me the rest of the conference (and I was never invited back). I even went so far as to contact my former father-in-law who was a Premier Engineer at Intel at the time about my concerns. He was not involved in processor design at the time, but he agreed the concern was serious enough to take to his boss. He told me later that he was no longer able to discuss it with me. And, sure enough, vPro was launched, right on schedule. I recommended my employer switch to all AMD processors, at the time, due to this issue. (Now AMD has something similar, but so far, it hasn't been hit as bad. I do not know how the AMD system works as I'm no longer in IT.)
Now, this doesn't include anything about process speculation attacks as that was too low-level for me so, I missed that one. This is exclusively about the SoC enclave attacks that became possible when they released vPro.
Disclaimers: I am not, nor have I ever been, an employee of Intel. I received this information at an Intel conference that was available for IT personnel and management of invited companies and government bodies at their Folsom, CA facility. I did not receive any private information that would not have been available to any other attendee of the conference, if they had asked. The Premier Engineer I mentioned did not discuss any Intel proprietary information or intellectual property with me, nor was he able to, as he was not a member of the processor design team at the time of vPro's development, nor did he speak of this issue after he said he was no longer able to discuss it. I do not know what, if any, conversations he had with Intel's management or what their content may have been. I do not, nor am I able to obtain, his permission to post any further information about him, as he is deceased. This is my own opinion of the security implications of the Intel vPro system based on the information available to me at the time. As I am not an Intel engineer, nor do I have access to Intel proprietary information or intellectual property, my view of this issue may be incomplete or inaccurate.
Ad eundum quo nemo ante iit
(Score: 2) by takyon on Monday June 22 2020, @05:06PM (2 children)
It's too late, the assassins have already been dispatched.
[SIG] 10/28/2017: Soylent Upgrade v14 [soylentnews.org]
(Score: 2) by TheReaperD on Monday June 22 2020, @08:37PM (1 child)
Actually, I welcome the assassins with open arms and firearms. It's the lawyers I want to keep off my lawn (housing prices would go to hell).
Ad eundum quo nemo ante iit
(Score: 0) by Anonymous Coward on Monday June 22 2020, @11:54PM
No no, if Lawyers are congregating on your lawn, the prices aren't going to hell - you're in hell. The souls milling around include non-lawyers too if you take the time to look, just, few in comparison.
(Score: 0) by Anonymous Coward on Tuesday June 23 2020, @11:18AM
It came out far too fast, it very rapidly went from its own 'secure' chip to blocking off bios rewriting from the end user without cryptographic signatures, neatly killing projects like coreboot, and it has proven itself susceptible to exactly the kind of dangers that make older hardware 'forced obsolescence' while also ensuring new hardware can't be trusted as safe out of the box. Combined with the EULA and telemetry Microsoft added to Windows 10, it looks more and more like a broad ranging information gather mechanism designed for one or more groups of special interests. Interests who are not in favor of plebian control of their technology or understanding of its true operation.