They certainly put a lot of effort into the claims, neat exploit names though. *slow clap*
This year in tech though, my god. So many fallacies.
This year in tech though, my god. So many fallacies.
I've seen nothing to suggest Intel had anything to do with it. Israeli tech operations aren't enough to point the finger at them. The entire purpose of this report was to manipulate the stock for shorts to come out on top.
It doesn't work that way.Of course they have. What else should they say? Maybe we should demand they proof their innocence?
It's the kind of thing that should be illegal, but Viceroy profited in the past from this kind of thing, so they are going to keep doing it, until someone stops them.
I don't know who has jurisdiction for international manipulation of US markets, (SEC, FBI, CIA?), but these dudes need to have the hammer brought down on them in a very public way.
Looks like Intel is pants-pooping scared of Epyc and their own growing, persistent issues with 10nm.
It doesn't work that way.
Show some evidence that they are involved.
To paraphrase The Three Stooges: If I had some whipped cream, I'd have some salami and whipped cream. If I had some salami.WHAT IF time ...
What if ... Intel's CPU design lab was moved to Israel for security lockdown purposes?
What if ... ALL Israel CPU designs included hardware backdoors?
What if ... Zen has no hardware backdoors
What if ... AMD's 2018 substantial market share gains go into ludicrous mode in 2019 with it's 7nm Zen 2 going up against Intel's 14nm 10th generation CPUs.
What if ... The U.S. and Israeli Security State are looking at a rapid erosion of backdoor accessible CPUs over the next several years.
Exactly.
This isn't the kind of thing that will have any lasting impact on AMD, needed to benefit Intel. People shouldn't let Intel hate confound their reasoning.
Lets not mix things here.WHAT IF time ...
What if ... Intel's CPU design lab was moved to Israel for security lockdown purposes?
What if ... ALL Israel CPU designs included hardware backdoors?
What if ... Zen has no hardware backdoors
What if ... AMD's 2018 substantial market share gains go into ludicrous mode in 2019 with it's 7nm Zen 2 going up against Intel's 14nm 10th generation CPUs.
What if ... The U.S. and Israeli Security State are looking at a rapid erosion of backdoor accessible CPUs over the next several years.
Ok. If its what if time...This research has some big money and intelligence on back of it, if it's only a shortselling crap it's the most researched crap of all time.
x86 hardware is unsecure, there's more than just Intel to benefit from it.....
I nearly avoided this thread due to messenger bashing instead of talking about substance. But I have a burning question. Isn't the biggest potential worry the possibility that the computers are compromised before you even get them? This has happened in the past with the NSA:
https://www.theatlantic.com/technol...tops-purchased-online-install-malware/356548/
In that case, it would be a security risk for any country/entity that isn't in full control of the entire supply chain? It isn't a someone changed the door locks and later robbed the place issue. It is an issue that the original door locks were compromised before you even had a house to lock them with.
This isn't an AMD vs. Intel thing either. Both companies have chips that can be compromised. We should be treating this as a potential threat that can affect us all regardless of which company we root for or against. Ryzen is a great chip. But it isn't perfect. No chip is. Why can't we take any possibility, even if remote, seriously?
Positive Technologies, which in September said it has a way to drill into Intel's secretive Management Engine technology buried deep in its chipsets, has dropped more details on how it pulled off the infiltration.
The biz has already promised to demonstrate a so-called God-mode hack this December, saying they've found a way for “an attacker of the machine to run unsigned code in the Platform Controller Hub on any motherboard.”
For those who don't know, for various processor chipset lines, Intel's Management Engine sits inside the Platform Controller Hub, and acts as a computer within your computer. It runs its own OS, on its own CPU, and allows sysadmins to remotely control, configure and wipe machines over a network. This is useful when you're managing large numbers of computers, especially when an endpoint's main operating system breaks down and the thing won't even boot properly.
Getting into and hijacking the Management Engine means you can take full control of a box, underneath and out of sight of whatever OS, hypervisor or antivirus is installed. This powerful God-mode technology is barely documented and supposedly locked down to prevent miscreants from hijacking and exploiting the engine to silently spy on users or steal corporate data. Positive says it's found a way to commandeer the Management Engine, which is bad news for organizations with the technology deployed.
For some details, we'll have to wait, but what's known now is bad enough: Positive has confirmed that recent revisions of Intel's Management Engine (IME) feature Joint Test Action Group (JTAG) debugging ports that can be reached over USB. JTAG grants you pretty low-level access to code running on a chip, and thus we can now delve into the firmware driving the Management Engine.
With knowledge of the firmware internals, security vulnerabilities can be found and potentially remotely exploited at a later date. Alternatively, an attacker can slip into the USB port and meddle the engine as required right there and then.
There have been long-running fears IME is insecure, which is not great as it's built right into the chipset: it's a black box of exploitable bugs, as was confirmed in May when researchers noticed you could administer the Active Management Technology software suite running on the microcontroller with an empty credential string over a network.
For various reasons we’ll get to in a moment, AMD believes they need some kind of hardware security platform technology to continue to compete in the market in the future. Intel’s Trusted Execution Technology is not part of the x86 specification and is therefore not shared, so AMD would need to come up with their own technology. Designing and implementing such a technology is not only resource intensive but by its very nature it fragments the market, which is something AMD doesn’t necessarily have the clout to get away with all the time. So rather than design their own technology they’ve chosen to license an existing technology, and this brings us to ARM.
In order to implement a hardware security platform on their future APUs, AMD has chosen to enter into a strategic partnership with ARM for the purpose of gaining access to ARM’s TrustZone technology. By licensing TrustZone, AMD gains a hardware security platform that’s already in active use, which means they avoid fragmenting the market and the risks that would bring. Furthermore AMD saves on the years of work – both technical and evangelical – that they would have needed had they rolled their own solution. Or more simply put, given their new willingness to integrate 3rd party IP, licensing was the easy solution to getting a hardware security platform quickly.
But because TrustZone is an ARM technology (both in name and ISA) AMD needs an ARM CPU to execute it. So the key to all of this will be the integration of an ARM processor into an AMD APU, specifically ARM’s Cortex-A5 CPU. The Cortex-A5 is ARM’s simplest ARMv7 application processor, and while it’s primarily designed for entry-level and other lower-performance devices, as it turns out it fits AMD’s needs quite nicely since it won’t be used as a primary application processor.
ARM TrustZone Hardware Model; Normal World Would Be On x86
This also means that the ARM and x86 CPU cores will fit together in an interesting manner unlike any existing ARM or Intel x86 CPU. By integrating a low-power/low-performance ARM CPU in this manner an application will be split up over multiple CPUs, with the TrustZone secure backend executing on the Cortex-A5 while the frontend logic will be executing as normal on AMD’s x86 CPU and GPU cores. This gives AMD a dedicated security co-processor with all the benefits and drawbacks thereof, while on full ARM processors and on Intel’s x86 processors TrustZone and TXT respectively are hardware features of a single CPU.
By implementing a hardware security platform in this manner AMD not only gains a relatively quick turnaround time on the hardware, but on the software side too. AMD is specifically looking to leverage existing ARM applications for their tablet ambitions by taking advantage of the fact that existing TrustZone application cores can easily (if not directly) be ported over to AMD’s APUs. Developers would still need to put in some effort to write the necessary x86 frontends (in all likelihood written in scratch for Win8 as opposed to any kind of Android), but the hard part of implementing and validating the TrustZone functionality would simply carry over, leaving the new x86 frontend to talk to the existing ARM TrustZone application core. AMD isn’t in any position to talk about specific software yet, but we’re told that they’ve been working with select software partners even before this announcement in order to get a jump on developing applications.
As for the hardware details AMD hasn’t named any specific APUs that will be receiving the Cortex-A5, but they have told us that they intend to start with the low-power APUs in order to go after the tablet market. That means we’re almost certainly looking at the 2013 successor to the Zacate APU found at the heart of AMD’s Brazos platform. However AMD won’t be stopping there, and in 2014 and beyond AMD will continue to add it to further APUs until AMD’s entire APU lineup from mobile to desktop to server contains the Cortex-A5 and TrustZone functionality.
I nearly avoided this thread due to messenger bashing instead of talking about substance. But I have a burning question. Isn't the biggest potential worry the possibility that the computers are compromised before you even get them? This has happened in the past with the NSA:
https://www.theatlantic.com/technol...tops-purchased-online-install-malware/356548/
In that case, it would be a security risk for any country/entity that isn't in full control of the entire supply chain? It isn't a someone changed the door locks and later robbed the place issue. It is an issue that the original door locks were compromised before you even had a house to lock them with.
This isn't an AMD vs. Intel thing either. Both companies have chips that can be compromised. We should be treating this as a potential threat that can affect us all regardless of which company we root for or against. Ryzen is a great chip. But it isn't perfect. No chip is. Why can't we take any possibility, even if remote, seriously? The issue isn't can a chip from Intel or AMD be compromised. The answer is yes to both. Shouldn't the real issue be "can we detect that a specific chip was compromised?"
I simply cant see the really big money behind. Where do you see it?
If these exploits are true, then anyone that has ever touched your recent AMD PC potentially has had the ability to install unsigned code into the TEE. That is a major hole that makes every single Zen based system untrustable by default. If the further allegations are true then physical access isn't even required (chained attacks - which is how most exploits are weaponized).
Essentially the alleged vulnerability makes the Trusted Execution Environment - untrusted.
Yes, you did pick up on the knee jerk reaction of the usual people needing to come to AMD's defense without understanding what the vulnerabilities are.
This research has some big money and intelligence on back of it, if it's only a shortselling crap it's the most researched crap of all time.
Any Computing device being touched by someone is at risk. Especially if they have Admin privileges.
Define Admin privileges. My employers' Deskside technicians have administrative rights to the hardware, not the OS. That doesn't mean they have the ability to install unsigned code into the IME.
That's the key thing, the trusted environment allows the execution of untrusted code. Therefore the trusted environment cannot be trusted.