SoylentNews is people
SoylentNews
Vox Media website theverge.com reports that Rep. Jerry McNerney (D-CA) wants answers about the recent computer chip chaos.
Congress is starting to ask hard questions about the fallout from the Meltdown and Spectre vulnerabilities. Today, Rep. Jerry McNerney (D-CA) sent a letter [(pdf)] requesting a briefing from Intel, AMD, and ARM about the vulnerabilities’ impact on consumers.
[...] The two vulnerabilities are “glaring warning signs that we must take cybersecurity more seriously,” McNerney argues in the letter. “Should the vulnerabilities be exploited, the effects on consumers’ privacy and our nation’s economy and security would be absolutely devastating.”
Privately disclosed to chipmakers in June of 2016, the Meltdown and Spectre bugs became public after a haphazard series of leaks earlier this month. In the aftermath, there have been significant patching problems, including an AMD patch that briefly prevented Windows computers from booting up. Intel in particular has come under fire for inconsistent statements about the impact of the bugs, and currently faces a string of proposed class-action lawsuits relating to the bugs.
Meltdown can be fixed through a relatively straightforward operating-system level patch, but Spectre has proven more difficult, and there have been significant patching problems in the aftermath. The most promising news has been Google’s Retpoline approach, which the company says can protect against the trickiest Spectre variant with little negative performance impact.
The letter calls on the CEOs of Intel, AMD, and ARM to answer (among other things) when they learned about these problems and what they are doing about it.
(Score: 4, Interesting) by DannyB on Wednesday January 17 2018, @08:39PM (20 children)
What exactly is congress expecting? That the management of these chipmakers, or even people designing the chips, could foresee this particular type of weakness? When I read a decent explanation [raspberrypi.org] of how information can be leaked from the kernel, I was thinking, who could have foreseen that?
"The approach will not be easy. You are required to maneuver straight down this trench and skim the surface to this point. The target area is only two meters wide. It's a small thermal exhaust port, right below the main port. The shaft leads directly to the reactor system. A precise hit will start a chain reaction which should destroy the station."
Of course, new chips and death stars won't be vulnerable, now that we know about the exploit.
But then, the death star vulnerability could have been deliberately planted. I wonder about the chip vulnerability?
To transfer files: right-click on file, pick Copy. Unplug mouse, plug mouse into other computer. Right-click, paste.
(Score: 0) by Anonymous Coward on Wednesday January 17 2018, @09:12PM (2 children)
For many years now, there have been mumblings about how caches or hyperthreading could be used to leak secrets. Although neither is fundamental to Spectre or Meltdown, both are part of the currently published attacks.
There is also a little bit of similarity with rowhammer. Some of the same researchers are even involved.
So although the specific attacks were not known, people were clearly headed in that direction. Intel should have been aware. Instead, Intel actively made things worse by introducing memory transactions in the latest chips. Memory transaction support makes these attacks much faster and easier.
(Score: 0) by Anonymous Coward on Wednesday January 17 2018, @10:59PM (1 child)
Was literally warned about back in the 1996-1999 range.
I had multiple people arguing with me about it, and I had mostly scoffed because at the time it would have essentially required pegging the cpu and degrading system performance for a non-trivial length of time to get most of the data out. With current generation hardware and software, especially online software, already pegging out at least one core at all times, it is much harder to differentiate valid use from exploits/data analysis attempts.
(Score: 2) by frojack on Thursday January 18 2018, @12:25AM
Scale that to several thousand machines in a Typical Google or Amazon Data Center. [amazonaws.com].
How would you even know this was happening?
I would thing Amazon would be more at risk for this than Google, because Amazon rents you machines, real or virtual, for your own use, whereas most of google's machines are for Google's own use - not so much customer instances.
No, you are mistaken. I've always had this sig.
(Score: 0) by Anonymous Coward on Wednesday January 17 2018, @09:19PM (8 children)
> What exactly is congress expecting? That the management of these chipmakers, or even people designing the chips, could foresee this particular type of weakness?
I'm ready to give Spectre a pass -- we do speculative execution, we *have* to touch the cache, which then we can't un-touch if we guessed wrong. Fine.
But Meltdown? Hey, let's touch memory we wouldn't have privileges for, then check privileges only if it's time to commit the speculative work? What could possibly go wrong?
Was this done maliciously by someone who knew it could be exploited later, or was it an innocent mistake by someone eager to squeeze out that last percent of speedup and beat competition? We'll never know, but that's what we'll have to live with as long as proprietary hardware with secret, closed design/development/fabrication is the only feasible option.
(Score: 2) by DannyB on Wednesday January 17 2018, @09:49PM (4 children)
I agree with you about both Spectre and Meltdown. Got to have speculative execution. But why leak timing info for memory you aren't allowed to fondle.
But this is the biggest insight in what you said, and I don't have mod points left:
That is a profound concern. As systems grow ever more complex, instead of more simple and open, we can never be sure that there isn't a small thermal exhaust port that can lead to the destruction of the entire death star.
And we still have to worry about software binary problems like "Trusting Trust". Can you be sure the binary of your C compiler isn't compromised even though the source code appears clean, but recompiling the clean source with the compromised compiler will bake the compromise into the newly compiled compiler.
To transfer files: right-click on file, pick Copy. Unplug mouse, plug mouse into other computer. Right-click, paste.
(Score: 2) by DannyB on Wednesday January 17 2018, @10:02PM
I wrote it after this comment, but further down is a hypothetical type of invalid opcode compromise that could be baked into a microprocessor.
To transfer files: right-click on file, pick Copy. Unplug mouse, plug mouse into other computer. Right-click, paste.
(Score: 0) by Anonymous Coward on Wednesday January 17 2018, @10:02PM (2 children)
> And we still have to worry about software binary problems like "Trusting Trust"
There's David A. Wheeler's proposed solution for that: Diverse Double Compilation [dwheeler.com] where you take your suspect compiler's clean sources, and build them with itself (A) and another, unlikely-to-be-malicious-in-the-same-manner compiler (B). You get C and D, respectively. They're different binaries (built with different compilers, duh), but they're the *same* functionality (same source specifying what they do). So, for identical inputs, C and D should produce identical outputs.
Now, we compile the clean A sources again, with C and D. Same input should give us identical binary output. If the original A binary was clean, then C should have been clean, thus the output of C should match the (clean) output of D. If they don't, you can tell it's time to start hand-assembling your sources :)
(Score: 2) by DannyB on Wednesday January 17 2018, @10:16PM (1 child)
Yes. That is why it would be good to have a number of C compilers written in other languages. Especially a few written in interpreted languages. Python. JavaScript. Lisp. Etc. (Even if JIT'ed) These C compilers aren't meant to be fast or to generate great code. They are merely intended to work and provide a diversity of C compilers that also happen to run on many hardware platforms. I'm sure you can find a way to compile your target compiler using multiple of these compilers on multiple platforms. Then take those resulting binaries and re-compile your target compiler with each of those binaries which should generate identical optimized binaries of your target compiler.
To transfer files: right-click on file, pick Copy. Unplug mouse, plug mouse into other computer. Right-click, paste.
(Score: 0) by Anonymous Coward on Thursday January 18 2018, @06:46PM
(Score: -1, Flamebait) by Anonymous Coward on Wednesday January 17 2018, @11:05PM (2 children)
Israeli techies or pro-Zionist Jewish sympathizers involved at Intel.
Intel ME is now wholly developed in Israel. Much of the 686 development since the 90s and especially today is coming out of Israel.
And how much of the really black art computer espionage research that has been DOCUMENTED has come out of Israel?
Mossad would have a field day with an exploit like meltdown, and perhaps they already have.
(Score: 2) by frojack on Thursday January 18 2018, @12:32AM (1 child)
For some people all problems are Jewish problems.
No, you are mistaken. I've always had this sig.
(Score: 0) by Anonymous Coward on Friday January 19 2018, @06:59AM
remember kids, don't touch the third rail or you're a nazi!
(Score: 2) by Snotnose on Wednesday January 17 2018, @09:36PM (7 children)
I think it's more like chip makers haven't had hackers first and forment in their minds, unlike software makers have for the past 30 years.
I write device drivers and poke around in kernels when the boss isn't looking. A lot of what I do is getting the product spec from the manufacturer, taking sample code or a table of registers/values, adjusting some values as needed, and popping it into my code. I seldom (ok, never have before) stopped to think "Hmmm, what happens if I do this, this, this, then don't do that?". I suspect this is how the chip maker's are struggling to think now. Kinda like the designers of TCP/IP would never think people would do 2/3 of a three way handshake and refuse to finish it, all for the purpose of tying up a socket.
My ducks are not in a row. I don't know where some of them are, and I'm pretty sure one of them is a turkey.
(Score: 3, Interesting) by DannyB on Wednesday January 17 2018, @09:57PM (6 children)
In a microprocessor instruction set, not every possible binary pattern is used as a valid instruction. I wonder if or how many undocumented instructions there are? What they might do?
Imagine trying to explore that.
Might they all trap as invalid opcode unless some other special condition is met?
Suppose:
1. store certain pattern of magic values V1 . . . Vn into registers R1 . . . Rn.
2. Execute a certain specific invalid opcode
*poof* [magic black smoke appears and quickly disburses]
Now several other invalid opcodes are enabled to give you magical powers instead of invalid opcode exceptions. You can now use registers as you see fit once again. The magic values were merely to authenticate your magical status. One of the new invalid opcodes is to return everything back to the non magical state.
Your mere mortal user space code would walk among the clouds like gods, tiptoeing through kernel space and doing other mischief.
To transfer files: right-click on file, pick Copy. Unplug mouse, plug mouse into other computer. Right-click, paste.
(Score: 3, Interesting) by Azuma Hazuki on Wednesday January 17 2018, @10:40PM (4 children)
So, you're thinking of a HCAYD (halt and capture all yer data) opcode then? I wish i were merely joking, but this is precisely the kind of sneaky shit I'd do in this situation. Once I read about undocumented opcodes the first concern was "shit, THIS is where the boys at the puzzle palace have their backdoor, isn't it?"
I am "that girl" your mother warned you about...
(Score: 3, Insightful) by frojack on Thursday January 18 2018, @12:52AM (3 children)
Well, yes, in a purely evil world.
But look we are talking about Intel here. Made up of smart people, but not blindingly so. Not god like or devil like. Just ordinary nerds who like beer and football an nice cars, and good looking women. They change jobs, retire, get fired at similar rates to other high functioning nerds.
Look how many people knew about the Volkswagen pollution defeat. It was whispered about for years, and finally one company figured out how to test for it, notified US Authorities and Game Over. Even with the wagons circled, and protected by their government, the truth is coming out and some high placed German executives dare not step outside their own country.
Honest Question: How long could this have been kept secret if it were actually planned, and even narrowly known?
How many programmers seriously consider the possibility that the value the put into a register at line 358 in the code might no longer be the same at line 361 due to a gama ray or something. Who sets and checks parity on every value written and read back?
So I'm invoking Occam's Razor. I doubt anyone thought any of these shortcuts could be leveraged in the real world. It took 30 years to find the first examples.
No, you are mistaken. I've always had this sig.
(Score: 2) by Azuma Hazuki on Thursday January 18 2018, @05:58AM
Hanlon's Razor, a different one, has long since lost its edge with these people. We are dealing with a situation where ignorance, at least in terms of its effects, differs little from malice.
I am "that girl" your mother warned you about...
(Score: 2) by DannyB on Thursday January 18 2018, @02:26PM
I always thought I was a bit paranoid. After Snowden I realized that every paranoid thing I had thought was not only reality but already had been reality for a long time. Now I realize that no matter how paranoid a scenario I may imagine, it is probably not paranoid enough.
These people can and would implement magical invalid opcodes in microprocessors. After all, they implemented the Management Engine. Who would have even thought of that? There are no limits to how far these people will go to access your pr0n collection.
Management Engine was kinda sorta publicly known but remained under the radar for years until fairly recently. It's baked into microprocessors that are in everything now.
The beauty of an invalid opcode implementation like what I described is that you can't detect it even though any reasonable amount of exploration. The "unlock magic mode" opcode traps as an invalid opcode unless an improbable pattern of values are in certain registers.
I continued thinking about this later after I had posted. Let me continue that thought. One way this type of magic might get discovered is by scanning executable code for invalid opcodes. So let's not use any invalid opcodes. The magic mode opcode would require the improbable pattern of values in all registers, followed by a Jump To Subroutine PC relative addressing into the immediate argument value of some nearby instruction. That other instruction's immediate argument value is the invalid opcode, and it then does a return so that execution continues after the jump to subroutine instruction. All other invalid opcodes are implemented the same way. You must code the invalid opcode as an immediate value argument in some other nearby instruction, then JSR to it, it returns and performs it's magic function. This improved approach to what I described protects against discovery of invalid opcodes by mere scanning of executables for invalid opcodes.
There could be a whole menu of new invalid opcodes. Instructions to access kernel memory. Change processor privilege level. Communicate with the management engine in devious ways. Dare to imagine the possibilities.
Don't even think that they might not devise some devilish thing like this. They don't care about you or me. They just want absolute power. And absolute power tweets absolute crazy.
To transfer files: right-click on file, pick Copy. Unplug mouse, plug mouse into other computer. Right-click, paste.
(Score: 2) by schad on Thursday January 18 2018, @04:47PM
I've worked at Intel, and they are staggeringly paranoid about their IP. There are so many levels of classification, including compartmentalized need-to-know, that it may well be possible to slip in a back door that won't be detected. The asinine secrecy probably makes back doors easier to create.
(Score: 5, Interesting) by dbe on Thursday January 18 2018, @12:12AM
Ask and you shall be answered...
https://www.youtube.com/watch?v=KrksBdWcZgQ [youtube.com]
Basically this guy did exactly that, looking at holes in the binary instruction code tables and "glitches" in the application notes where the PDF tables cells were left blanks...
Then using fuzzing to create new undisclosed instructions.
The interesting part is how he could find the length of each instruction by using a read only page and sticking the instruction close enough from the boundary to not create an exception.
TLDR, the processors are full of magic unknown/undocumented instructions...
-dbe