208
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
this post was submitted on 10 Aug 2024
208 points (83.3% liked)
Technology
59438 readers
4166 users here now
This is a most excellent place for technology news and articles.
Our Rules
- Follow the lemmy.world rules.
- Only tech related content.
- Be excellent to each another!
- Mod approved content bots can post up to 10 articles per day.
- Threads asking for personal tech support may be deleted.
- Politics threads may be removed.
- No memes allowed as posts, OK to post as comments.
- Only approved bots from the list below, to ask if your bot can be added please contact us.
- Check for duplicates before posting, duplicates may be removed
Approved Bots
founded 1 year ago
MODERATORS
Hmm.
It does mean that any secondhand computer or CPU (or even CPU from a sketchy source) could be compromised prior to being physically sold.
I have worried a bit before about the physical supply chain. Consider this case, earlier in the year, about someone selling counterfeit Cisco hardware (not intending to compromise computers, just make a buck):
https://www.justice.gov/opa/pr/leader-massive-scheme-traffic-fraudulent-and-counterfeit-cisco-networking-equipment
I remember that that hardware made it into even Cisco's own authorized partners' inventory.
And that's not something that's gonna be far up in the supply chain. People don't build Cisco hardware into a lot of other products.
So you gotta wonder what can happen if someone has a good way to undetectably compromise CPUs and insert them into the supply chain.
Unless I'm mistaken, the malware isn't on the CPU. The exploit is CPU, but the firmware is stored on the bios chip. Used motherboards are a potential for having malware on them, but then again they always have been a risk
It's worse than that, any AMD chip from any source except maybe AMD directly is suspect. Mine is a few years old from Amazon supposedly new, for all I know it came compromised and is sitting there doing what I tell it to until it triggers and I won't even know when or if it happens.
That's not how this exploit works at all...you have to have physical access to the machine basically. This is a nothing burger.
That's to get it installed, not if it's already there.
It's not going to be there because if you're compromised via physical access, no one is going to give a shit about this exploit.... it's like someone having the keys to your house and then being worried they're going to smash out a window to gain access.
I don't think you're following along here. The physical access would have already happened prior to the CPU even being in my possession.
I see what you're saying. You're assuming someone grabbed a bunch of cpus, fucked with them, then tossed them back into the box and sold them as new.
Exactly, if I were a bad actor with access to the stock that's what I'd do. I'm sure there are multiple points along the supply chain where it could potentially happen.
That's true, seems like you'd need to know where they're going though, like a ton of work just to hopefully get one machine infected that has anything on it.
If I understand it correctly, the chip has the vulnerability, but the malware would be installed on the motherboard in the form of a bootkit. So getting a used CPU is not a threat, but getting a used motherboard is (and kind of always has been) a risk.
It allows for adulteration of firmware, the CPU has firmware. 🤷
CPU firmware exploits are incredibly rare, if there even are any that exist beyond proof-of-concept. The chances of getting an infected CPU from this is so unlikely it’s practically impossible.
You forget that the CPU has a nanny CPU built in these days.
Which, again, is an incredibly unlikely attack vector unless you have some government secrets on your computer. And chances are that any attack through the IME or PSP is trying to do an implant into the UEFI/BIOS and not the processor itself.
Oh man, the Pro Networking scandal is so funny to me. I wonder how many of those machines are out there running IOS right now and no one is the wiser. AFAIK there aren't allegations of backdoors or anything, just fake Cisco gear.
Does it mean that? I mean a computer bought from a sketchy source, sure. But just a cpu alone? Do these raptor lake cpus have any non volatile memory? Because if not, then a second hand cpu is totally safe.
This is an attack vector that hadn't occurred to me and I find it disturbing. Wow.