NSA Have Backdoors Built Into Intel And AMD Processors

[nortec]

Thoughts?

 

http://www.eteknix.com/expert-says-nsa-have-backdoors-built-into-intel-and-amd-processors/

 

[whatthe_fuzz]

it says Microsoft updates so it looks like I'll be moving to Linux

[The Syndicate]

If this is true, I wonder if it's for all processors or just the ones sold in the USA.

[Vitalius]

Thoughts?

 

http://www.eteknix.com/expert-says-nsa-have-backdoors-built-into-intel-and-amd-processors/

Our government really needs to get bent over a barrel soon. Or we are just all screwed.

 

If this is true, I wonder if it's for all processors or just the ones sold in the USA.

Considering that the NSA can/has/does watch everyone with a computer (literally), I completely doubt that is true. They want to know what everyone is doing.

[Lyons]

'think the NSA has hardware level backdoors build into Intel and AMD processors'

 

'claims that because cracking encryption is so infeasible the NSA uses hardware level backdoors instead'

 

'made possible by the fact Intel and AMD can update the microcode on the small reprogrammable part of the CPU'

 

'Thus the NSA can theoretically be part of this microcode and could be involved in exploiting it'

 

'Though after all that there are of course those who will say this is complete nonsense and that the reason it is undetectable is because it does not exist and it is just conspiracy theory. Indeed Intel has denied such speculation.'

 

Load of bollocks, misleading title. This will not and has not happened. I hate this sensationalist media crap, It's like the apparent Kinect and NSA connection. It's POSSIBLE but there is literally zero evidence for it, nor a reason to believe these companies will implement backdoors at the levels we're talking about.

[DudeWazap]

I have always wondered. Does the NSA have enough employs to be constantly watching everybody? Because that is a lot of people to watch over.

[bcredeur97]

I've never updated my PC... windows update is disabled since i installed windows.

[Lyons]

I have always wondered. Does the NSA have enough employs to be constantly watching everybody? Because that is a lot of people to watch over.

 

No, that's not how they operate. The PRISM operation datamines and searches for keywords and phrases and also uses the collected data to look back at certain things on a case by case basis.

[Vitalius]

Load of bollocks, misleading title. This will not and has not happened. I hate this sensationalist media crap, It's like the apparent Kinect and NSA connection. It's POSSIBLE but there is literally zero evidence for it, nor a reason to believe these companies will implement backdoors at the levels we're talking about.

Way to use absolutes.

Firstly, as the article states, 

 

who works in the field of Penetration Testing says he has demonstrated proof of this concept and proved what is almost an undetectable and incurable back door.

So obviously it's possible.

Secondly,

 

Intel and AMD can update the microcode on the small reprogrammable part of the CPU which gets updated every time a Microsoft update is installed.

And apparently insanely easy to implement.

Lastly,

The NSA took phone records from Verizon without letting them know anything or say anything. Do you think computer companies are exempt? 

It's not the actuality that's disturbing (although it is), it's the possibility and likelihood that is disturbing. 

[Lyons]

Way to use absolutes.

Firstly, as the article states, 

 

So obviously it's possible.

Secondly,

 

And apparently insanely easy to implement.

Lastly,

The NSA took phone records from Verizon without letting them know anything or say anything. Do you think computer companies are exempt? 

It's not the actuality that's disturbing (although it is), it's the possibility and likelihood that is disturbing. 

 

The likelihood of something like this happening is so low. It's sensationalist media, and the title is misleading.

[TheBLOODYTOXIC]

Humm, this

 

 

'think the NSA has hardware level backdoors build into Intel and AMD processors'

 

'claims that because cracking encryption is so infeasible the NSA uses hardware level backdoors instead'

 

'made possible by the fact Intel and AMD can update the microcode on the small reprogrammable part of the CPU'

 

'Thus the NSA can theoretically be part of this microcode and could be involved in exploiting it'

 

'Though after all that there are of course those who will say this is complete nonsense and that the reason it is undetectable is because it does not exist and it is just conspiracy theory. Indeed Intel has denied such speculation.'

 

Load of bollocks, misleading title. This will not and has not happened. I hate this sensationalist media crap, It's like the apparent Kinect and NSA connection. It's POSSIBLE but there is literally zero evidence for it, nor a reason to believe these companies will implement backdoors at the levels we're talking about.

 

 

Everybody is beeing so paranoic, NSA is not capable to look into all the people that they may or may not wired

 

Tinfoilhats everywhere ppl

[DudeWazap]

No, that's not how they operate. The PRISM operation datamines and searches for keywords and phrases and also uses the collected data to look back at certain things on a case by case basis.

Oh okay. I never really understood what the NSA did but I understand now. Thanks for clarifying that for me. ^_^

[Lyons]

Oh okay. I never really understood what the NSA did but I understand now. Thanks for clarifying that for me. ^_^

 

Basically, they have ZERO interest in your day to day personal information. No one is reading it, no one is posting it back on your Facebook to embarrass you. The only way anything will come back to you is if you are under real suspicion, in which case it's probably your fault. This has been going on for YEARS. Anything you don't want them to know is already logged. Get over it.

[Vitalius]

Get over it.

I believe this attitude is what results in government getting too powerful. Among other things. 

The system never works 100% as intended. Human corruption is far too dominant for that to happen. Because of this, certain systems simply shouldn't be in place. 

[Lyons]

I believe this attitude is what results in government getting too powerful. Among other things. 

The system never works 100% as intended. Human corruption is far too dominant for that to happen. Because of this, certain systems simply shouldn't be in place. 

 

Damn it feels good to be non-American, non-tin foil, and non-paranoid. I didn't pay for it, you did.

[ajoy39]

"Is possible" and "they do it" are pretty big distinctions. I get that the NSA is the topic of the moment, but please don't post an article with the thread title that the NSA *HAS* backdoors when the article only states that they theoretically could. 

[LAwLz]

Damn it feels good to be non-American, non-tin foil, and non-paranoid. I didn't pay for it, you did.

Sadly, America is so terrible even other countries are affected by it. Just because you aren't in America doesn't mean you are safe from the NSA's dirty hands.

[Lyons]

Sadly, America is so terrible even other countries are affected by it. Just because you aren't in America doesn't mean you are safe from the NSA's dirty hands.

 

I love their 'world police' mentality.  <_<

[mr moose]

Damn it feels good to be non-American, non-tin foil, and non-paranoid. I didn't pay for it, you did.

 

Really, I reckon our government is just as bad, they found my backdoor and have had successful penetration repeatedly over the last 5 years.  :blink:

 

EDIT: just to stay on topic I think the paranoia in America is getting a little out of hand.

[qwertywarrior]

smells like BS

[Lyons]

Really, I reckon our government is just as bad, they found my backdoor and have had successful penetration repeatedly over the last 5 years.  :blink:

 

EDIT: just to stay on topic I think the paranoia in America is getting a little out of hand.

 

I guess it's alight if that's the sort of thing you're into... :blink:  

[LAwLz]

smells like BS

Well like Lyon said there is a lot of "think", "claim", "possible" "theoretical" and such words being thrown around.

Someone might also claim that the NSA possibly has the potential, and it's theoretically possible, that they might be able to travel through time. The chance of that actually being true is ridiculously small though.

 

Someone on reddit explained why this article is bollocks pretty well.

It wouldn't "switch off the rng" -- that's trivially detectable by any standard randomness check. To forestall the Dilbert criticism, randomness checks do exist; they compute statistics over a large number of random samples to make sure they fall within appropriate bounds, making it easy to say "we reject the hypothesis that this generator is not random with p < 1e-6".

 

Instead a hypothetical microcode backdoor would change the random number generation in a pre-determined way. A stream cipher could be seen as a keyable random number generator; without knowing the key and initial vector (seed), the outputs appear to an unprivileged observer to be random. (That's an important feature, as predictable outputs leak information about what is encrypted with that cipher.)

 

That's where the backdoor would come in. If a hardware RNG were replaced clandestinely with a keyed-PRNG with a key known to the attacker, the attacker would have a much easier time brute-forcing anything generated on that computer (like subsequent session encryption keys) that uses those trusted random numbers. There's even speculation that this has happened in a public NIST standard, where the random seed can be reverse-engineered from the output if a private key was kept by somebody like the NSA (only the "public keys" are published with the algorithm.)

 

In reality, this is why no single source of randomness should be fully trusted by a secure algorithm. Even hardware random number generators require trust in the hardware to properly work, and even a working hardware-RNG can be manipulated by someone with physical access, such as by energizing circuits with microwaves.

 

If used as a single input to a bigger entropy pool, however, then in-processor RNGs cannot hurt and will probably help.

 

Beyond that, if the NSA or whomever controls the trusted update channel, then your threat model is already screwed. The microcode of a CPU is probably not even a great place to do it, when instead the NSA (with collusion from Microsoft) could hypothetically distribute a Windows Update to make a targetted system phone home on schedule -- that's a much easier-to-exploit vulnerability.