Friend of the Blog Trey Blalock of Firewall Consultants sent a link in yesterday which amgically trasnprted us to Ramtin Amin's Web Blog yesterday (in actuality, a Hardware Security blog of considerable reknown)(gracias Trey!). Ramtin's work is indicative of a curious intellect, and tremendous hardware investigatory chops - (plus, keen eye-hand coordination!). If you are at all fascinated by hardware security (coupled with mobile telephony, femto-cells, cabling/dongles and the like) his blog will come as a refreshing changement de rythme of to-the-point discussions of same. Don't Doddle, Chop-Chop, Enjoy!
Meanwhile, in Spectre (PDF) news, comes word from Ars Technica's Peter Bright, of a newly discovered attack vector (PDF) (dubbed NetSpectre) using the pernicious speculative-execution in-built microcode from the Minds of Intel Corporation. Now - and this is truly lovely - the vectors' not local, but external and free from the constraints of local environs (perhaps endpoint security, etc) and is consequently a more pernicious network-resident information operation. Thanks Intel You're Swell!
"That impact is now a little larger. Researchers from Graz University of Technology, including one of the original Meltdown discoverers, Daniel Gruss, have described NetSpectre: a fully remote attack based on Spectre. With NetSpectre, an attacker can remotely read the memory of a victim system without running any code on that system." - via Peter Bright,, whilst writing at Ars Technica
via Chris Williams, Editor in Chief of The Register, comes this surprising/yet not surprising fourth security flaw that now joins the Spectre/Meltdown Speculative Execution flaw in modern CPUs. Bad news for all.
"Variant 4 is referred to as a speculative store bypass. It is yet another "wait, why didn't I think of that?" design oversight in modern out-of-order-execution engineering. And it was found by Google Project Zero's Jann Horn, who helped uncover the earlier Spectre and Meltdown bugs, and Ken Johnson of Microsoft." - via Chris Williams, Editor in Chief of The Register targeting the fourth known Spectre/Meltdown flaw.
I am sure you have all read the news of Grayshift's issues battling extortionists and their ilk. I have, however, not seen any significant commentary regarding the data theft this SNAFU could facilitate.
Here's the thought problem (looking for culpability, specifically): A Law Enforcement agency has taken custody (adhering to standards of Generally Accepted Chain of Custody guidelines) of a suspect's iPhone. Unbeknownst to the trusted Sworn Officers and Forensicators (often, one in the same) examining the device, the Grayshift appliance undergoes an unfortunate successful attack - mounted by external miscreant(s) unknown, and succumbs to the exfiltration of all data on the applicance AND the slurped data on the iPhone.
Subsequent forensication by the Sworn Officers or Forensicators (again, often one in the same - at least in smaller agencies) entrusted with reasonable and prudent Chain of Custody of the device under scrutiny, discover that the Grayshift appliance and the suspect's iPhone have both undergone the indignity of significant data leakage. How does the Agency proceed in the effort to lay charges - or not - and protect the Agency, as well?
Oh, and while they are at it, perhaps they could explain why the device is attached to a forward facing TCP/UDP connection to our beloved Interweb?
Bad news for the Intel Corporation (Nasdaq: INTC) and AMD Corporation (Nasdaq: AMD) apologists... There is word, coming from Peter Bright, plying his trade at Ars Technica of newly discovered branch prediction attacks. Bad news, indeed.
"Researchers from the College of William and Mary, Carnegie Mellon, the University of California Riverside, and Binghamton University have described a security attack that uses the speculative execution features of modern processors to leak sensitive information and undermine the security boundaries that operating systems and software erect to protect important data." - via Peter Bright, plying his trade at Ars Technica
Ian Cutress - writing at eponymous AnandTech - expertly reported AMD Ryzen security flaws yesterday, via an announcement by security research firm CTS-Labs. While this appears to be bad news, let's leave the exact fix criteria to AMD, of which, has not responded (as of the writing of this post) to the annoucement from CTS-Labs (reportedly, the time-frame was a 24-hour notice, rather than the industry standard notification of 90 Calendar Days...). Stay tuned.
"CTS-Labs’ claims revolve around AMD’s Secure Processor and Promontory Chipset, and fall into four main categories, which CTS-Labs has named for maximum effect. Each category has sub-sections within." via Ian Cutress, reporting at AnandTech.
Updated 2018/03/15 0831 - Dan Goodin at Ars Technica provides additional insightful reportage, and this from Motherboard scribe Lorenzo Franceschi-Bicchierai detailing the indicators of fraud and subterfuge within (and without) the report.
As is typical of Intel Corporation (Nasdaq: INTC) the firm is attempting to shirk responsability for this attack and transfer the blame onto the company's vendors, not to mention the glad-handing exhibited by the company's CEO at CES.
It's time to rein in Intel Corporation's significantly flawed software development practice (as evidenced by the output), as the ramifications for the company's vulnerability touch many - if not all - systems worldwide. Further, what else is flawed in the company's other products (for example, automotive chips, medical device systems where the firm's hardware and software reside)?
'But the latest vulnerability—discovered in July of 2017 by F-Secure security consultant Harry Sintonen and revealed by the company today in a blog post—is more of a feature than a bug. Notebook and desktop PCs with Intel AMT can be compromised in moments by someone with physical access to the computer—even bypassing BIOS passwords, Trusted Platform Module personal identification numbers, and Bitlocker disk encryption passwords—by rebooting the computer, entering its BIOS boot menu, and selecting configuration for Intel’s Management Engine BIOS Extension (MEBx).' - via Sean Gallagher - writing at Ars Technica
Nicole Kobie, writing at New Scientist, tells the tale of newly researched voice assistant attack vectors leveraging signalling flaws (via an ultrasound attack) within both Apple Inc.'s (NasdaqGS: AAPL) and Amazon.com Inc.'s (NasdaqGS: AMZN) voice assitant offerings Siri and Alexa, respectively. The 'Dominoe Effect' of the ultrasound flaws in these products/services traverses down the device foodchain to Alexa and soo-to-be Siri enabled third party devices... Perhaps new protective sound generating devices are in order?
All Amazon and Apple Links in this Post are Non-affiliate
Folks, gird yourselves for the truly horrifying... Read the superlative security reportage by jhutchins at NoMotion, in which, the good Hutchins details the cruft-laden, and fundamentally idiotic practice of hard-coding accounts in low-end routerland. Behold SharknAT&To, and more, much more... Today's Must Read. H/T
"When evidence of the problems described in this report were first noticed, it almost seemed hard to believe. However, for those familiar with the technical history of Arris and their careless lingering of hardcoded accounts on their products, this report will sadly come as no surprise. For everyone else, prepare to be horrified." - via NoMotions' jhutchins
via Charlie Demerjian, writing at SemiAccurate, tells the tale of probably the single most egregious flaw in Intel Corporation (Nasdaq: INTC) products discovered to date. Reportedly, all Intel Corporation products, from 2008 till the present (Nehalem to Kabylake) possess the remote and local exploitable flaw. Hat Tip Update: Now Fixed.