Intel breathes a sigh of relief as the spotlight moves off of them for a beat.

  • tal
    link
    fedilink
    English
    arrow-up
    43
    arrow-down
    1
    ·
    edit-2
    3 months ago

    Now onto some better news. Despite being potentially catastrophic, this issue is unlikely to impact regular people. That’s because in order to make full use of the flaw, hackers would already need deep access to an AMD-based PC or server. That’s a lot of work for a random home PC, phew, but could spell trouble for corporations or other large entities.

    Hmm.

    It does mean that any secondhand computer or CPU (or even CPU from a sketchy source) could be compromised prior to being physically sold.

    I have worried a bit before about the physical supply chain. Consider this case, earlier in the year, about someone selling counterfeit Cisco hardware (not intending to compromise computers, just make a buck):

    https://www.justice.gov/opa/pr/leader-massive-scheme-traffic-fraudulent-and-counterfeit-cisco-networking-equipment

    “Aksoy sold hundreds of millions of dollars’ worth of counterfeit computer networking equipment that ended up in U.S. hospitals, schools, and highly sensitive military and other governmental systems, including platforms supporting sophisticated U.S. fighter jets and military aircraft,” said Principal Deputy Assistant Attorney General Nicole M. Argentieri, head of the Justice Department’s Criminal Division. “Criminals who flood the supply chain with low-quality networking equipment from China and Hong Kong harm U.S. businesses, pose serious health and safety risks, and compromise national security. This case—one of the largest counterfeit trademark cases ever prosecuted in the United States—demonstrates the Criminal Division’s commitment and capacity to prosecute the most complex counterfeiting schemes and bring the perpetrators to justice.”

    “Through an elaborate, years-long scheme, Aksoy created and ran one of the largest counterfeit-trafficking operations ever,” said Attorney for the United States Vikas Khanna for the District of New Jersey. “His operation introduced tens of thousands of counterfeit and low-quality devices trafficked from China into the U.S. supply chain, jeopardizing both private-sector and public-sector users, including highly sensitive U.S. military applications like the support platforms of U.S. fighter jets and other military aircraft. Yesterday’s sentence, made possible by the investigation and prosecution of this office and our department and agency partners, now brings Aksoy to justice and holds him accountable for the breathtaking scale of his operation.”

    According to court documents and statements made in court, Aksoy ran at least 19 companies formed in New Jersey and Florida, as well as approximately 15 Amazon storefronts and at least 10 eBay storefronts (collectively, the Pro Network Entities). The Pro Network Entities imported from suppliers in China and Hong Kong tens of thousands of low-quality, modified computer networking devices with counterfeit Cisco labels, stickers, boxes, documentation, and packaging, all bearing counterfeit trademarks registered and owned by Cisco that made the goods falsely appear to be new, genuine, and high-quality devices manufactured and authorized by Cisco. The devices had an estimated total retail value of hundreds of millions of dollars. The Pro Network Entities generated over $100 million in revenue from the scheme, and Aksoy personally received millions of dollars.

    I remember that that hardware made it into even Cisco’s own authorized partners’ inventory.

    And that’s not something that’s gonna be far up in the supply chain. People don’t build Cisco hardware into a lot of other products.

    So you gotta wonder what can happen if someone has a good way to undetectably compromise CPUs and insert them into the supply chain.

    • DrDominate@lemmy.world
      link
      fedilink
      English
      arrow-up
      20
      arrow-down
      2
      ·
      3 months ago

      Unless I’m mistaken, the malware isn’t on the CPU. The exploit is CPU, but the firmware is stored on the bios chip. Used motherboards are a potential for having malware on them, but then again they always have been a risk

    • db2@lemmy.world
      link
      fedilink
      English
      arrow-up
      11
      arrow-down
      5
      ·
      3 months ago

      It does mean that any secondhand computer or CPU (or even CPU from a sketchy source) could be compromised prior to being physically sold.

      It’s worse than that, any AMD chip from any source except maybe AMD directly is suspect. Mine is a few years old from Amazon supposedly new, for all I know it came compromised and is sitting there doing what I tell it to until it triggers and I won’t even know when or if it happens.

      • SupraMario@lemmy.world
        link
        fedilink
        English
        arrow-up
        4
        arrow-down
        2
        ·
        3 months ago

        That’s not how this exploit works at all…you have to have physical access to the machine basically. This is a nothing burger.

          • SupraMario@lemmy.world
            link
            fedilink
            English
            arrow-up
            4
            arrow-down
            4
            ·
            3 months ago

            It’s not going to be there because if you’re compromised via physical access, no one is going to give a shit about this exploit… it’s like someone having the keys to your house and then being worried they’re going to smash out a window to gain access.

            • db2@lemmy.world
              link
              fedilink
              English
              arrow-up
              5
              ·
              3 months ago

              I don’t think you’re following along here. The physical access would have already happened prior to the CPU even being in my possession.

              • SupraMario@lemmy.world
                link
                fedilink
                English
                arrow-up
                4
                ·
                3 months ago

                I see what you’re saying. You’re assuming someone grabbed a bunch of cpus, fucked with them, then tossed them back into the box and sold them as new.

                • db2@lemmy.world
                  link
                  fedilink
                  English
                  arrow-up
                  1
                  ·
                  3 months ago

                  Exactly, if I were a bad actor with access to the stock that’s what I’d do. I’m sure there are multiple points along the supply chain where it could potentially happen.

                  • SupraMario@lemmy.world
                    link
                    fedilink
                    English
                    arrow-up
                    2
                    ·
                    3 months ago

                    That’s true, seems like you’d need to know where they’re going though, like a ton of work just to hopefully get one machine infected that has anything on it.

      • rhombus@sh.itjust.works
        link
        fedilink
        English
        arrow-up
        1
        ·
        3 months ago

        If I understand it correctly, the chip has the vulnerability, but the malware would be installed on the motherboard in the form of a bootkit. So getting a used CPU is not a threat, but getting a used motherboard is (and kind of always has been) a risk.

        • db2@lemmy.world
          link
          fedilink
          English
          arrow-up
          2
          ·
          3 months ago

          It allows for adulteration of firmware, the CPU has firmware. 🤷

          • rhombus@sh.itjust.works
            link
            fedilink
            English
            arrow-up
            2
            ·
            3 months ago

            CPU firmware exploits are incredibly rare, if there even are any that exist beyond proof-of-concept. The chances of getting an infected CPU from this is so unlikely it’s practically impossible.

              • rhombus@sh.itjust.works
                link
                fedilink
                English
                arrow-up
                1
                ·
                3 months ago

                Which, again, is an incredibly unlikely attack vector unless you have some government secrets on your computer. And chances are that any attack through the IME or PSP is trying to do an implant into the UEFI/BIOS and not the processor itself.

    • rc__buggy@sh.itjust.works
      link
      fedilink
      English
      arrow-up
      4
      ·
      3 months ago

      Oh man, the Pro Networking scandal is so funny to me. I wonder how many of those machines are out there running IOS right now and no one is the wiser. AFAIK there aren’t allegations of backdoors or anything, just fake Cisco gear.

    • Cocodapuf@lemmy.world
      link
      fedilink
      English
      arrow-up
      2
      ·
      3 months ago

      It does mean that any secondhand computer or CPU (or even CPU from a sketchy source) could be compromised prior to being physically sold.

      Does it mean that? I mean a computer bought from a sketchy source, sure. But just a cpu alone? Do these raptor lake cpus have any non volatile memory? Because if not, then a second hand cpu is totally safe.