Bitcoin Forum
December 07, 2016, 10:37:56 AM *
News: To be able to use the next phase of the beta forum software, please ensure that your email address is correct/functional.
 
   Home   Help Search Donate Login Register  
Pages: [1] 2 »  All
  Print  
Author Topic: an example of high-profile chip-level backdoor  (Read 3481 times)
niko
Hero Member
*****
Offline Offline

Activity: 742


There is more to Bitcoin than bitcoins.


View Profile
June 07, 2012, 08:50:37 PM
 #1

http://www.csmonitor.com/USA/2012/0607/Report-Hackers-could-access-US-weapons-systems-through-vulnerable-chip

I found the article interesting. Apparently a backdoor has been hard-wired into an FPGA. This has obvious implications for designers of bitcoin-related hardware.

They're there, in their room.
Your mining rig is on fire, yet you're very calm.
1481107076
Hero Member
*
Offline Offline

Posts: 1481107076

View Profile Personal Message (Offline)

Ignore
1481107076
Reply with quote  #2

1481107076
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
Gabi
Legendary
*
Offline Offline

Activity: 1050


View Profile
June 07, 2012, 08:54:04 PM
 #2

This is LOL
terrytibbs
Hero Member
*****
Offline Offline

Activity: 560



View Profile
June 07, 2012, 09:05:07 PM
 #3

im in ur fpga stealin ur hashez
niko
Hero Member
*****
Offline Offline

Activity: 742


There is more to Bitcoin than bitcoins.


View Profile
June 08, 2012, 05:41:48 AM
 #4

im in ur fpga stealin ur hashez

It's ways more serious than that. I'm not surprised with this being possible, but I am amused to read that it actually happened.

They're there, in their room.
Your mining rig is on fire, yet you're very calm.
rjk
Sr. Member
****
Offline Offline

Activity: 420


1ngldh


View Profile
June 08, 2012, 05:51:45 AM
 #5

im in ur fpga stealin ur hashez

It's ways more serious than that. I'm not surprised with this being possible, but I am amused to read that it actually happened.
As far as we know, the major FPGA manufacturers don't give a flying fuck about Bitcoin and haven't coded anything into the devices to interrupt mining. The reason is that the devices that most miners are using are extremely common and in use elsewhere in other applications, and indeed Bitcoin might only represent a fraction of a fraction of a percentage of the total sales of such devices around the world.

If you look, you would notice that the article is specifically referring to an expensive custom FPGA designed for governmental use, likely one that would cost tens of thousands of dollars per chip. Quite a bit different than the $150 chips that most of the Bitcoin miners use.

Mining Rig Extraordinaire - the Trenton BPX6806 18-slot PCIe backplane [PICS] Dead project is dead, all hail the coming of the mighty ASIC!
nimnul
Sr. Member
****
Offline Offline

Activity: 255


View Profile WWW
June 08, 2012, 06:45:36 AM
 #6

It is not a backdoor. It is a manufacturer diagnostic facility that can be used to bypass security checks. I'd call that "a vulnerability".

The chip manufacturer says it is present physically on the chip but cannot be used. So it is not clear from this usual journalist rubbish what exactly did they found. And I'm too lazy to find and read the original paper.

Such "backdoors" has been known for very long time. They have been used to unlock the phones. These days phones have very secure means to forbid flashing custom firmware - for example, Motorola E398 had a special facility in the chip to check RSA signature on firmware before executing it. However, this check could be disabled programmatically, and people eventually found how.

The only news here is that such "backdoor" was found by examining not software but hardware and I think the paper focuses not on the vulnerability but on the novel method of chip analysis.

Can someone comment on this? I'm not sure I described it correctly.


P4man
Hero Member
*****
Offline Offline

Activity: 504



View Profile
June 08, 2012, 07:44:27 AM
 #7

This is a storm in a glass of water.

If you are worried about hardware backdoors, just imagine if your PC or laptop had a real hardware backdoor that would allow an attacker to connect remotely over LAN, Wifi or 3G to access your harddrive, your RAM, your display, your keyboard, your microphone, your camera. It would render any and all of your attempts to protect your privacy null and void, including any encryption. Something immune to software protection or detection, completely OS independent, in fact, even independent of the main cpu and therefore impossible to detect. Something that works out of band, even when your PC is powered off. Something that you cant disable, even if you think you can, because it can remotely be enabled again. All it would take is someone having the key to this backdoor

Sounds far fetched? Yet if you have an intel laptop or PC with AMT/vpro; thats precisely what you got.  

http://en.wikipedia.org/wiki/Intel_Active_Management_Technology

And it would be a stretch to believe some 3 letter agencies wouldnt have the keys.

nimnul
Sr. Member
****
Offline Offline

Activity: 255


View Profile WWW
June 08, 2012, 01:42:32 PM
 #8

FUD?

P4man
Hero Member
*****
Offline Offline

Activity: 504



View Profile
June 08, 2012, 03:25:58 PM
 #9

FUD?

If thats a reply to my post, just read the documentation, its completely public and in fact marketed heavily by intel for its legitimate use. Look here:
http://software.intel.com/en-us/articles/architecture-guide-intel-active-management-technology/

Its basically the mother of all root kits.

nimnul
Sr. Member
****
Offline Offline

Activity: 255


View Profile WWW
June 08, 2012, 04:42:00 PM
 #10

The argument "And it would be a stretch to believe some 3 letter agencies wouldnt have the keys." is an invalid FUD argument.

P4man
Hero Member
*****
Offline Offline

Activity: 504



View Profile
June 08, 2012, 04:46:04 PM
 #11

The argument "And it would be a stretch to believe some 3 letter agencies wouldnt have the keys." is an invalid FUD argument.

You honestly think the NSA or CIA wouldnt have asked intel to get access to say, laptop of Al Qaeda suspects or that intel would have said "No" ?
I do think thats a stretch.

BTW, even if intel said no, some hackers managed to crack older versions of VPro.
http://news.softpedia.com/news/Intel-vPro-Hacked-101286.shtml


A good read here:
http://invisiblethingslab.com/resources/bh09usa/Ring%20-3%20Rootkits.pdf

RodeoX
Legendary
*
Offline Offline

Activity: 2114


The revolution will be monetized!


View Profile
June 08, 2012, 04:52:12 PM
 #12

The argument "And it would be a stretch to believe some 3 letter agencies wouldnt have the keys." is an invalid FUD argument.

You honestly think the NSA or CIA wouldnt have asked intel to get access to say, laptop of Al Qaeda suspects or that intel would have said "No" ?
I do think thats a stretch.

BTW, even if intel said no, some hackers managed to crack older versions of VPro.
http://news.softpedia.com/news/Intel-vPro-Hacked-101286.shtml
Agreed. Not a stretch at all. In fact it would surprise me if they did not have keys.

The gospel according to Satoshi - https://bitcoin.org/bitcoin.pdf

Free bitcoin=https://bitcointalk.org/index.php?topic=1610684
RodeoX
Legendary
*
Offline Offline

Activity: 2114


The revolution will be monetized!


View Profile
June 08, 2012, 05:06:36 PM
 #13

The argument "And it would be a stretch to believe some 3 letter agencies wouldnt have the keys." is an invalid FUD argument.

You honestly think the NSA or CIA wouldnt have asked intel to get access to say, laptop of Al Qaeda suspects or that intel would have said "No" ?
I do think thats a stretch.

BTW, even if intel said no, some hackers managed to crack older versions of VPro.
http://news.softpedia.com/news/Intel-vPro-Hacked-101286.shtml
Agreed. Not a stretch at all. In fact it would surprise me if they did not have keys.

if they did not have the keys they should be shot for incompetence... the us govt pays for most of that work anyway.
Right. Their job is to have access to any and all information. Not to use it, but to be able to get it when/if needed.

The gospel according to Satoshi - https://bitcoin.org/bitcoin.pdf

Free bitcoin=https://bitcointalk.org/index.php?topic=1610684
nimnul
Sr. Member
****
Offline Offline

Activity: 255


View Profile WWW
June 08, 2012, 05:08:21 PM
 #14

Malware can be embedded basically anywhere. AMT just offers yet another way. Relevant technologies (SMM and to some extent option ROMs - google "PCI Rootkits") were there since 80s.

And general fear of   backdoors embedded in hardware go back into cold war era. Russia, for example, still uses its own outdated 180nm technology for military chips out of this fear.

Existence of such backdoors could have been revealed long ago. Many countries import US hardware and use them in critical applications, so their security agencies should have been fired for not finding the backdoors if they existed.

rjk
Sr. Member
****
Offline Offline

Activity: 420


1ngldh


View Profile
June 08, 2012, 05:33:19 PM
 #15

Option ROMs are why INT19 traps are disabled by default in most BIOSes. Wonder if the next hardware spying system will be a cheap RAID card with its own BIOS.

Mining Rig Extraordinaire - the Trenton BPX6806 18-slot PCIe backplane [PICS] Dead project is dead, all hail the coming of the mighty ASIC!
P4man
Hero Member
*****
Offline Offline

Activity: 504



View Profile
June 08, 2012, 05:38:54 PM
 #16

Option ROMs are why INT19 traps are disabled by default in most BIOSes. Wonder if the next hardware spying system will be a cheap RAID card with its own BIOS.

Why? its already integrated in the northbridge, has its own embedded cpu, but uses the same bios chip as the rest of the system. See the last PDF I linked above.

rjk
Sr. Member
****
Offline Offline

Activity: 420


1ngldh


View Profile
June 08, 2012, 05:49:28 PM
 #17

Option ROMs are why INT19 traps are disabled by default in most BIOSes. Wonder if the next hardware spying system will be a cheap RAID card with its own BIOS.

Why? its already integrated in the northbridge, has its own embedded cpu, but uses the same bios chip as the rest of the system. See the last PDF I linked above.
Right but for remote activation you would need to use the built in ethernet port, I would think, and if there is a separate NIC installed you would have to attack from a different angle. So the attack could instead originate from an expansion card.

Mining Rig Extraordinaire - the Trenton BPX6806 18-slot PCIe backplane [PICS] Dead project is dead, all hail the coming of the mighty ASIC!
Bitco
Full Member
***
Offline Offline

Activity: 123


View Profile
June 08, 2012, 09:20:02 PM
 #18

This has nothing to do with bitcoin mining.

This was a FPGA which had a security feature where you could program the chip and then lock out further changes.  Well, the manufacturer left themselves a back door where they could unlock the chip, and this was discovered.

All bitcoin miners use unlocked chips where you can load your own software, so this is completely irrelevant to bitcoin mining.
Littleshop
Legendary
*
Offline Offline

Activity: 1316



View Profile WWW
June 08, 2012, 09:33:24 PM
 #19

The argument "And it would be a stretch to believe some 3 letter agencies wouldnt have the keys." is an invalid FUD argument.

You honestly think the NSA or CIA wouldnt have asked intel to get access to say, laptop of Al Qaeda suspects or that intel would have said "No" ?
I do think thats a stretch.

BTW, even if intel said no, some hackers managed to crack older versions of VPro.
http://news.softpedia.com/news/Intel-vPro-Hacked-101286.shtml


A good read here:
http://invisiblethingslab.com/resources/bh09usa/Ring%20-3%20Rootkits.pdf

The power of Vpro to infect a computer remotely is amazing if it was compromised. Heck, you can even turn Vpro on remotely even when it is turned off!  That is the most troubling part of all with vpro.  The only solution to stop vpro is to use a separate nic card from the built in one. 

This has nothing to do with bitcoin mining.

This was a FPGA which had a security feature where you could program the chip and then lock out further changes.  Well, the manufacturer left themselves a back door where they could unlock the chip, and this was discovered.

All bitcoin miners use unlocked chips where you can load your own software, so this is completely irrelevant to bitcoin mining.

Not only that, but it assumes a level of access to the pretty much says that the hardware/software talking to the chip needs to be pwned as well.  The backdoor is not a non issue, but not at all the kind of problem the original article headline makes it seem.

niko
Hero Member
*****
Offline Offline

Activity: 742


There is more to Bitcoin than bitcoins.


View Profile
June 09, 2012, 01:20:35 AM
 #20

This has nothing to do with bitcoin mining.

This was a FPGA which had a security feature where you could program the chip and then lock out further changes.  Well, the manufacturer left themselves a back door where they could unlock the chip, and this was discovered.

All bitcoin miners use unlocked chips where you can load your own software, so this is completely irrelevant to bitcoin mining.

My first thoughts after reading the article were not pointed at present-day Bitcoin miners, but at Bitcoin users in general. Bitcoin enables decentralized, peer-to-peer monetary transactions, and therefore also shifts the responsibility for secure storage and handling of coins to the peers themselves. The past year is full of sad examples of just how unprepared the public is.

Vast majority of discussions pertaining to secure storage and handling of Bitcoins is focused on software (Windows vs. Linux, malware, bots, cracking of passwords, hacking of exchanges, VPS), and the issue of hardwired backdoors has been largely neglected. Sure, few of you in this thread appear to be well versed in this topic, but you have to admit that an average, even advanced, user typically has no idea. This article could be a wake-up call to anyone planning to handle significant amounts of coins, or to develop Bitcoin gadgets (from handheld wallets to ATMs to authentication cards to, yes, miners).

They're there, in their room.
Your mining rig is on fire, yet you're very calm.
Pages: [1] 2 »  All
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!