Researchers find almost EVERY computer with an Intel Skylake and above CPU can be owned via USB

[MageTank]

Now, I am no rocket surgeon, but wouldn't having physical access to a PC be required to implement this kind of security exploit? If so, pretty sure security is already compromised once you've allowed unauthorized access to your unprotected USB ports to become a reality. 

 

I guess there is the potential for this kind of exploit to be used in retail USB devices (kinda like what we've seen with the backdoors being sold on specific phone brands and even manufacturers like Lenovo's computers), but even that is highly unlikely in the grand scheme of things.

 

Hopefully somebody with a better understanding of the significance of this issue can explain it to me in greater detail, because this seems like a non-issue to me if it requires physical access to implement. 

 

EDIT: As I was typing this out, @DeadEyePsycho beat me to the punch. Now I feel less uninformed. 

[leadeater]

13 minutes ago, DeadEyePsycho said:

This isn't going to affect 99.9% of people because it requires physical access to your machine. Getting a bit sensationalist over this aren't we? Newsflash: physical access makes every attack immensely easy.

 

9 minutes ago, MageTank said:

Now, I am no rocket surgeon, but wouldn't having physical access to a PC be required to implement this kind of security exploit? If so, pretty sure security is already compromised once you've allowed unauthorized access to your unprotected USB ports to become a reality. 

 

I guess there is the potential for this kind of exploit to be used in retail USB devices (kinda like what we've seen with the backdoors being sold on specific phone brands and even manufacturers like Lenovo's computers), but even that is highly unlikely in the grand scheme of things.

 

Hopefully somebody with a better understanding of the significance of this issue can explain it to me in greater detail, because this seems like a non-issue to me if it requires physical access to implement. 

 

EDIT: As I was typing this out, @DeadEyePsycho beat me to the punch. Now I feel less uninformed. 

Yep, most of the security concerns are for businesses and the people/organisations doing the security research are mostly focusing on that market sector, not that they ignore the home market it's just that business computers are at greater risk than homer user computers are because of the physical access and security problems. Libraries, kiosks etc are all very weak to this.

[PETRGangKing]

Anybody who poses any kind of security risk can already pretty much do whatever they want with physical access anyway. 

[mr moose]

This is just another issue that goes with the territory.  The more advanced our tech gets the more complicated it becomes and the more problems we face.

[WereCat]

2 hours ago, MageTank said:

Now, I am no rocket surgeon, but wouldn't having physical access to a PC be required to implement this kind of security exploit? If so, pretty sure security is already compromised once you've allowed unauthorized access to your unprotected USB ports to become a reality. 

 

I guess there is the potential for this kind of exploit to be used in retail USB devices (kinda like what we've seen with the backdoors being sold on specific phone brands and even manufacturers like Lenovo's computers), but even that is highly unlikely in the grand scheme of things.

 

Hopefully somebody with a better understanding of the significance of this issue can explain it to me in greater detail, because this seems like a non-issue to me if it requires physical access to implement. 

 

EDIT: As I was typing this out, @DeadEyePsycho beat me to the punch. Now I feel less uninformed. 

Hmmm... what about buying 2nd hand parts?

[elkenrod]

This just in:. "Every computer can be owned via a keyboard"

[Mooshi]

So..I should be happy I am on Ryzen this gen? lol

[SoftPoison]

I think some people are missing the point here. The IME is a terrifying thing, having complete control over the entire system, and the fact that some researchers were able to get into it (again) is worrisome.

Once someone gains access to it they can do whatever they like, for example install a rootkit that is completely undetectable by an antivirus, that can't be removed. Here is a proof of concept doing just that, created back in 2015 for pre-2013 processors.

Exploitation can be automated so that it can be integrated into conventional malware. USB devices can be emulated fairly easily, meaning that the exploit in question could possibly appear in the wild sometime in the future.

[mr moose]

7 hours ago, SoftPoison said:

I think some people are missing the point here. The IME is a terrifying thing, having complete control over the entire system, and the fact that some researchers were able to get into it (again) is worrisome.

Once someone gains access to it they can do whatever they like, for example install a rootkit that is completely undetectable by an antivirus, that can't be removed. Here is a proof of concept doing just that, created back in 2015 for pre-2013 processors.

Exploitation can be automated so that it can be integrated into conventional malware. USB devices can be emulated fairly easily, meaning that the exploit in question could possibly appear in the wild sometime in the future.

But that's the nature of the beast, there are no real work around's.  Anything designed by humans will inherently have human frailty.   The most competent engineers will build the most competent and secure software, but it won't be perfect and it will only take one slightly more competent person to find a hole. 

[leadeater]

10 hours ago, elkenrod said:

This just in:. "Every computer can be owned via a keyboard"

Destroy all keyboards!!

[leadeater]

1 hour ago, mr moose said:

but it won't be perfect and it will only take one slightly more competent person to find a hole.

And sometimes even an idiot, you only have to get lucky once.

[Trik'Stari]

..... don't just plug in random USB devices that you don't know anything about?

 

That's all I've got really. I've got a Haswell I3, I5, and now a 7700k so.... I guess I'm fucked?

[Bananasplit_00]

On 2017-11-10 at 3:24 PM, samcool55 said:

To keep it simple, there are levels where you can get access to. The lower the level, the more you can do and the less easy it is to detect/get access to.

Lowest level most users should get access to is 0. This hack or whatever allows access to level -3 (not 3). It's lower than the BIOS. it's some piece of microcode on the CPU itself afaik.

negative three you say... then you should be able to access the MINUX running on your computer then?

[jagdtigger]

6 hours ago, Trik'Stari said:

..... don't just plug in random USB devices that you don't know anything about?

 

That's all I've got really. I've got a Haswell I3, I5, and now a 7700k so.... I guess I'm fucked?

So no new USB devices for you, it will get hard pretty soon... Because imagine if a trusted manufacturer gets hacked and all their USB stuff will contain a nasty surprise, and seeing how many breaches happened so far its likely that it will happen(especially with the ones that make those cheap ones)...

[DexterSmythe]

But... But... Macs don’t get viruses. Ha!

[samcool55]

14 hours ago, Bananasplit_00 said:

negative three you say... then you should be able to access the MINUX running on your computer then?

Yes and no, 0 is the lowest you should have access to, the higher levels are 1,2,3 and i don't know how far it goes, should also be accessible for the user.

You shouldn't get access to the negative levels (-1, -2 ,-3,...) That's basically off-limits.

 

It's comparable with the levels in a hosptial. Ground floor and above is usually fine. Going below ground however is usually a place normal people shouldn't be unless they have a specific reason and are allowed access.

 

However with this hack we sort of do get access and we should indeed get sort of access to the MINUX thingy. The details are for now not clear. But we will see more information later. (they should show a demo in december for example)

[Bananasplit_00]

11 minutes ago, samcool55 said:

Yes and no, 0 is the lowest you should have access to, the higher levels are 1,2,3 and i don't know how far it goes, should also be accessible for the user.

You shouldn't get access to the negative levels (-1, -2 ,-3,...) That's basically off-limits.

 

It's comparable with the levels in a hosptial. Ground floor and above is usually fine. Going below ground however is usually a place normal people shouldn't be unless they have a specific reason and are allowed access.

 

However with this hack we sort of do get access and we should indeed get sort of access to the MINUX thingy. The details are for now not clear. But we will see more information later. (they should show a demo in december for example)

I know well how the levels work, but that'd a pretty good way to put it. Anyway will be interesting to see what can be dug up from the MINUX install, if this is something you can without too much trouble pull off at home i for one will be sure to dig about with it

[Trik'Stari]

19 hours ago, jagdtigger said:

So no new USB devices for you, it will get hard pretty soon... Because imagine if a trusted manufacturer gets hacked and all their USB stuff will contain a nasty surprise, and seeing how many breaches happened so far its likely that it will happen(especially with the ones that make those cheap ones)...

*Internal desire to do threadripper build intensifies*

[SoftPoison]

6 hours ago, Trik'Stari said:

*Internal desire to do threadripper build intensifies*

It's only a matter of time until the PSP gets exploited too. The only safe thing now is to build a computer from scratch, purely out of transistors.