Trust no one: backdoored CPUs
We worried about compromized OSes, BIOSes, read last week about a PNG library bug that lets images run buffer exploits, now CPUs can be backdoored:
From Scheier's Crypto-gram:
Here's an interesting hardware security vulnerability. Turns out that it's possible to update the AMD K8 processor (Athlon64 or Opteron) microcode. And, get this, there's no authentication check. So it's possible that an attacker who has access to a machine can backdoor the CPU. <http://www.realworldtech.com/forums/index.cfm?action=detail&PostNum=252 7&Thread=1&entryID=35446&roomID=11> or <http://tinyurl.com/43kod>
On Sun, 15 Aug 2004, Major Variola (ret) wrote:
We worried about compromized OSes, BIOSes, read last week about a PNG library bug that lets images run buffer exploits, now CPUs can be backdoored:
From Scheier's Crypto-gram:
Here's an interesting hardware security vulnerability. Turns out that it's possible to update the AMD K8 processor (Athlon64 or Opteron) microcode. And, get this, there's no authentication check. So it's possible that an attacker who has access to a machine can backdoor the CPU. <http://www.realworldtech.com/forums/index.cfm?action=detail&PostNum=252
7&Thread=1&entryID=35446&roomID=11> or <http://tinyurl.com/43kod>
Old news. The ability to update CPU microcode has been around (publicly) since the Pentium Pro. I have no proof (other than vague memories), but I believe this was around even earlier on some of the more archaic CPU lines in the middle 80's. -- Yours, J.A. Terranson sysadmin@mfn.org 0xBD4A95BF "...justice is a duty towards those whom you love and those whom you do not. And people's rights will not be harmed if the opponent speaks out about them." Osama Bin Laden - - - "There aught to be limits to freedom!" George Bush - - - Which one scares you more?
participants (2)
-
J.A. Terranson -
Major Variola (ret)