Intel chipsets probably compromised. How does this affect SAFE Network?

5 Likes

Screw that, I’m running my vaults on an old 386.

On a serious note, I wonder how far we are from being able to decentralize the creation of micro-processor and other electronic components. I wouldn’t mind running a slower micro-processor if it was built on an open-platform.

3 Likes

Read the Wikipedia page on Intel AMT, specifically the section on security, and download the paper by Vassilios Ververis which showed serious weaknesses in the GM45 chipset. This means that hundreds of thousands of PCs deployed with Intel vPro technology have a backdoor that can be used remotely even when the machines are switched off! Vassilios lists the following installed bases as examples:

  • Atos Origin an international IT services company[16].The company’s annual revenues are more than 5e billion and it employs over 46,000 people in 40 countries.
  • Nottingham University Hospitals (NHS) Trust is one of the largest hospitals in the UK with an annual budget of more than 555e million. The hospital has provisioned[36] and uses around 6,000 Intel vPro based desktop PCs embedded with the Intel AMT platform over two sites: Queen’s medical center and city hospital.
  • University of Plymouth the fifth largest university in the United Kingdom, deployed around 4,800 PCs with Intel DQ965GF vPro and AMT enabled motherboards[29].
  • Bangkok’s general hospital one of the largest hospitals in Thailand. They have migrated to the Intel AMT infrastructure with over 1500 PCs[77],

These are just samples. Vulnerable hardware will be everywhere, and being used by people with no knowledge of this whatever!

This is not script kiddy level stuff. But it isn’t only nation state accessible either. This guy was a PhD and found this exploit pretty much in his own. But he’s (in 2010) shown others how to do this. It seems to me that a single technically competent individual could exploit this, let alone a criminal organisation.

The implications are staggering but it doesn’t end there.

Just searching for the above guy’s name I found another more general paper that (skimming only) appears to present a large catalogue of terrifying vulnerabilities in the platform management enabled PCs: http://fish2.com/ipmi/old/itrain.html

This doesn’t just have implications for SAFENetwork, it appears to be a massive current risk to all levels of society, from nation state, to organisation and individuals.

4 Likes

I can only see one solution, @dirvine, once you’re done fixing the internet, you need to fix the hardware. Then you can take a break :wink:

5 Likes

OK…erm…how do I know if this is on my laptop. Is it just 1 particular chipset thing or just specific to Intel?

1 Like

It’s specific to the vPro feature of i-series processors, but…

I think we have to assume it’s in any/all Intel/Amd series chips because the NSA would have been all over this with NSLs and Bulldog funding to maximize deployment and ensure secrecy.

All those calls for encryption backdoors are quite possibly a smokescreen designed to hide capabilities Snowden wasn’t aware of.

We’ll never know.

Caspar Bowden responded thus:

@markhughes thx, scares bejeesus, cc @rootkovska http://people.kth.se/~maguire/DEGREE-PROJECT-REPORTS/100402-Vassilios_Ververis-with-cover.pdf also cf https://twitter.com/search?q=%40casparbowden%20%40intelvpro&src=typd

This part shows his earlier conversation with Intel: https://twitter.com/search?q=%40casparbowden%20%40intelvpro&src=typd

2 Likes

I have a deep suspicion there is much more to this than we know, I have no evidence and am usually not sceptical. With security I am very sceptical though and this is an area we have no clue what extent this massive invasion has taken.

I do believe though it will backfire badly as this kind of insanity always has consequences that are entirely the opposite of what the protagonists initially desired.

5 Likes

Is it just me donning my tinfoil hat here due to lack of technical knowledge or is there some worrying connections here and implications for the Internet of Things etc. Surely either both are good, or both bad, or both the same anyway…

and at least one use

https://communities.intel.com/community/itpeernetwork/healthcare/blog/2015/04/08/virtual-care-technology-transforms-home-healthcare-empowers-patients…

Might have to go back to the 286 as I think Intel was in a fight about not having the CPUID function in 386 and I think they were caught putting it in when they said they didn’t or took it out. May have been more to it, I think at that time the implication was they were a FBI Carnivore partner and totally for this kind of BS. They’ve always been a defense contractor, one of the founders came out of Corsair or split off or something, we might as well have been buying chips from Lockheed Martin. NSA supers are probably full of Intel components and its natural that they phone home.

I love this thread! The only kind of hardware that can be trusted is open source hardware for which valid verification techniques have been developed against hardware Trojans. Maybe we will get that one day soon. Let it be an end user owned and controlled and produced network. Imagine hardware built from the transistor level hardwired to run SAFE as fast and efficiently as possible.

Someone was saying, and it might have been Snowden himself, that what we reveal of the NSA tool kit to a degree takes it off the table and that is good, but that they don’t use their treasure trove until they need it to limit exposure and loss of opportunity. I don’t buy it, if they get a PIPA we could hear a bunch of BS about a breakthrough that allows them to pierce the veil of P2P to “protect” IP, with paid for media always refusing to cover it or spinning government hardware hack as conspiracy.

1 Like

In this case I’m far less concerned about the NSA having this backdoor than I am the fact that it appears something that almost anyone can use. Right now.

3 Likes

Please correct any of the the following, as still wearing tin foil hat and nobody has removed it for me yet:

I’m not sure anyone can can they, at least not without the Cooperation of Intel as RivetZ has done? My concern would be more about the power this gives Intel or whatever entity might be working behind the scenes.
Would I be correct in thinking that all these new Intel powered devices basically can (in theory at least) form a Network at the chip level. If you wanted to control every device and create a world wide Network under one’s control,wouldn’t the best way to do it be to sell it as a positive beneficial product, so people buy into it like lambs to the slaughter…in a dark and spooky version of Safe?
Would this not neutralise any potential anti-privacy threat from de-centralised tech such as Safe? That’s why I posted the “Health” link as an example…there are many other similar schemes on the Intel links.
What exactly is Intel’s market share likely to be and who are the "Safe competitors?

1 Like

@alkafir but what if some hacker goes extra egalitarian and has “back door for everyone” and spreads the pop up console virally?

What will Intels market share be after this espionage gets out? Intels chip design competitors had to see this coming but they took it lying down because that is how fake and tech supressed this economy has become in the last 40 years. But I am realizing because if Acimoglou and Robinsons book that tech suppression was always the game because tech disruption is generally an inclusive force.

I remember warning people about this months ago. I’m sure the developers of SAFE Network now about this.

1 Like

Not quite sure what you mean as I don’t have much tech understanding - I just see things only on a vague conceptual level and see processes etc working in my head only and try to join dots. If you mean what I think you mean, then as Rivitz etc connects the Hardware to the Software,could Software be created to counter-act the Hardware software…lol…have I wandered down the Yellow Brick Road?
Come on guys, my heads getting all sweaty here. :smiley:

Guess what? I’m not using an Intel because I suspected these attacks years ago. I don’t want to say AMD chipsets aren’t vulnerable but it has been known for a while in certain circles to avoid Intel which is why some people are loyal to AMD.

Honestly though all the chipsets may have similar vulnerabilities but the Intel being so common and so trusted it is a central point of attack just because hackers expect everyone to be using it. Diversity is good for security.

I don’t think the NSA is what we have to worry about with this. The NSA isn’t the only intelligence agency in the world. I guess people don’t mind if Chinese cyber militias monitor their communications but if it’s the NSA everyone freaks out.

1 Like

Lol…does anybody else make what they make? One way to attack this would be to sell Intel stock etc and invest in competitors.Maybe publicise vulnerabilities (only it’s not a vulnerability or it would have been fixed - its by design for a purpose, so any benign purpose must be solved another way by another entity/competitor etc). Why is it there basically, for what good purpose, what is an alternative method to achieve any legitimate aims which I think mainly revolve around creating small contained Networks?
If the answer is “Safe- Network” then it gets interesting and I really go down the rabbit -hole… :smiley:
Sorry for mixing my camp film metaphors…: :smiley:

It’s far worse than you think. These are old generation hardware trojans which are still detectable. The new generation (2013 and on) are undetectable. This means it’s not even possible to know if your hardware has a hardware trojan in it or not if it’s new.

Honestly you cannot trust your hardware anymore. Yet most people are going to download Tor or Safe Network onto their laptop and run it thinking they can’t be seen. Maybe they can’t be seen by most people but there is always that group of people who have the backdoor to any hardware.

1 Like

The only answer is for SAFE Network to become a full set top box solution similar to how Apple would do it. Maidsafe and David Irvine will have to design hardware to compliment the SAFE Network software and then sell the whole and complete package.

Otherwise we will have to trust complete strangers to design hardware, and strange untrusted foundries somewhere in China.

And just when he was looking forward to putting his feet up eh? :smiley:

2 Likes