Stories
Slash Boxes
Comments

SoylentNews is people

SoylentNews is powered by your submissions, so send in your scoop. Only 16 submissions in the queue.
posted by hubie on Wednesday October 23, @06:18AM   Printer-friendly

Arthur T Knackerbracket has processed the following story:

A Chinese industry group has accused Intel of backdooring its CPUs, in addition to other questionable security practices while calling for an investigation into the chipmaker, claiming its products pose "serious risks to national security."

The Cybersecurity Association of China (CSAC), in a lengthy post on its WeChat account on Wednesday described Intel's chips as being riddled with vulnerabilities, adding that the American company's "major defects in product quality and security management show its extremely irresponsible attitude towards customers."

The CSAC also accused Intel of embedding a backdoor "in almost all" of its CPUs since 2008 as part of a "next-generation security defense system" developed by the US National Security Agency. 

This allowed Uncle Sam to "build an ideal monitoring environment where only the NSA is protected and everyone else is 'naked,'" the post continued. "This poses a huge security threat to the critical information infrastructure of countries around the world, including China," the industry group claims.

The infosec org also recommends the Cyberspace Administration of China open an investigation into the security of Intel's products sold in the country "to effectively safeguard China's national security and the legitimate rights and interests of Chinese consumers."

[...] The calls for a government investigation into the American chipmaker follow a series of accusations from the White House accusing Chinese spies of burrowing into US networks and critical infrastructure systems, all of which China has denied, and a proposed ban on Chinese connected vehicle technology.

[...] Intel this year inked deals with several Chinese state-linked agencies for its Xeon processors to be used in AI workloads, according to Reuters. Considering a little over a quarter of Intel's revenue last year came from China, a security review of its products — and potential restrictions — could be a major blow to its ongoing recovery efforts.


Original Submission

 
This discussion was created by hubie (1068) for logged-in users only, but now has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 3, Insightful) by pTamok on Wednesday October 23, @07:18AM (5 children)

    by pTamok (3042) on Wednesday October 23, @07:18AM (#1378240)

    It not impossible that processor fabs are putting (hardware) backdoors a selection of units of every processor they make.

    If I wanted to put undocumented features into hardware, the best place to do it is where it, or its components are manufactured.

    An obvious way to do it is to have a documented 'debug' mode where you put a 64-bit 'instruction' into a register and trigger 'debug' which reads the register and goes off and does something. You publish a list of 64-bit codes for people to do useful 'debug stuff', but simply have some extra 64-bit codes that do 'other stuff'. Because it's difficult to search through 64-bit address space for unknown codes, finding the 'other stuff' becomes difficult. You can make it worse by requiring a specific 'door-knocking' protocol. Or use a 128-bit register. Or use a 'door-knocking protocol' on some other register or address line without an explicit debug function. Tie the function to an undocumented opcode. Put a specific sequence of NOPS and NOP-equivalent instructions into a cpu pipeline. There are lots of ways of hiding features that can be used by chip designers and chip manufacturers.

    It's why open hardware is a useful goal. Open hardware projects don't tend to get very far 'though.

    Starting Score:    1  point
    Moderation   +2  
       Insightful=1, Interesting=1, Total=2
    Extra 'Insightful' Modifier   0  

    Total Score:   3  
  • (Score: 5, Informative) by Rich on Wednesday October 23, @10:31AM (3 children)

    by Rich (945) on Wednesday October 23, @10:31AM (#1378258) Journal

    I was thinking that this simply refers to the "Management Engine", which can access networking. No one in the open really knows what's going on in here, and Intel vehemently refuses to allow people to neuter it, so it's obvious they have orders (which is also about confirmed by the back-and-forth of the corresponding AMD "feature"). See https://www.coreboot.org/Intel_Management_Engine [coreboot.org] and https://www.coreboot.org/Intel_Management_Engine [coreboot.org] for what it does. You always have your pants down when you connect anything "Core i" or newer to the internet.

    It might well be that they have some hidden privilege escalation "bug", too, but I don't think that's what the Chinese were talking about.

    • (Score: 1) by pTamok on Wednesday October 23, @11:34AM (2 children)

      by pTamok (3042) on Wednesday October 23, @11:34AM (#1378266)

      The Management Engine and equivalent technologies in AMD and ARM processers are the obvious backdoor enablers, but painting a big circle and labelling it 'Target' could well be a little bit of misdirection. I expect there to be more than one back-door, at least one of which will be subtle and have a plausible other explanation, if discovered.

  • (Score: 1, Touché) by Anonymous Coward on Thursday October 24, @01:12AM

    by Anonymous Coward on Thursday October 24, @01:12AM (#1378399)

    Like this one? No wonder the US Gov can't trust Kaspersky (to keep their mouths shut 🤣 )
    https://www.kaspersky.com/about/press-releases/kaspersky-discloses-iphone-hardware-feature-vital-in-operation-triangulation-case [kaspersky.com]
    https://securelist.com/operation-triangulation-the-last-hardware-mystery/111669/ [securelist.com]

    We discovered that to bypass this hardware-based security protection, the attackers used another hardware feature of Apple-designed SoCs.

    If we try to describe this feature and how the attackers took advantage of it, it all comes down to this: they are able to write data to a certain physical address while bypassing the hardware-based memory protection by writing the data, destination address, and data hash to unknown hardware registers of the chip unused by the firmware.

    Our guess is that this unknown hardware feature was most likely intended to be used for debugging or testing purposes by Apple engineers or the factory, or that it was included by mistake. Because this feature is not used by the firmware, we have no idea how attackers would know how to use it.

    Sure it's "most likely" not a backdoor or was included by mistake, please US Gov, don't ban us! Damn got banned anyway...