The useful gist:<p>> <i>"To fully compromise EPID, hackers would need to extract the hardware key used to encrypt the Chipset Key, which resides in Secure Key Storage (SKS)," explained Positive's Mark Ermolov.</i><p>> <i>"However, this key is not platform-specific. A single key is used for an entire generation of Intel chipsets. And since the ROM vulnerability allows seizing control of code execution before the hardware key generation mechanism in the SKS is locked, and the ROM vulnerability cannot be fixed, we believe that extracting this key is only a matter of time.</i><p>> <i>"When this happens, utter chaos will reign. Hardware IDs will be forged, digital content will be extracted, and data from encrypted hard disks will be decrypted."</i><p>And this formidable response as usual:<p>> <i>Intel says folks should install the firmware-level mitigations, "maintain physical possession of their platform," and "adopt best security practices by installing updates as soon as they become available and being continually vigilant to detect and prevent intrusions and exploitations."</i><p>When will it stop? How deep run the flaws in Intel's platform? Is AMD equally exposed?
> <i>This is used for things like providing anti-piracy DRM protections, and Internet-of-Things attestation</i><p>"Internet-of-Things attestation" ?? A poor attempt to stick a refreshing buzzword in front of a fundamentally unwanted user-betraying open-society-undermining technology.<p>Remote attestation does away with the basic foundation of <i>protocols</i> for mediating between mutually-untrusting parties, making it so users must trust the remote party. Imagine if websites attempting to enforce (browser fingerprinting, no image save, anti-adblock, etc) could successfully implement their hostile restrictions!<p>This break is great news for everybody that wants their computer to remain under <i>their own control</i>, rather than an increasingly locked down Big Tech WebTV.
Perhaps it sounds dumb but when I buy something I want to own it. It doesn't seem all that legally complicated? After I buy a thing it should stop doing things for previous owners.
The labs team at work wrote a bit [0] about why this is over-hyped (more context in the full post):<p>> Arbitrary code execution is bad! But exploiting this vulnerability requires local access at a minimum, compounded by the attacker needing to exploit a relevant device to gain a foothold on the system. This list of valid footholds is quite limited. For instance, an attacker would need to perform code execution in the ISH or other Platform Controller Hub (PCH) devices — exploiting PCIe devices (like GPUs or RAID controllers) wouldn’t suffice. Additionally, per the original blog post, other methods of exploitation require physical access. Either way, this is limited to incredibly motivated and well-resourced attackers (like a nation-state with a high-value target identified).<p>[0] <a href="https://capsule8.com/blog/ramming-down-hype-via-intel-csme/" rel="nofollow">https://capsule8.com/blog/ramming-down-hype-via-intel-csme/</a>
So it seems that the flaw can’t plausibly be exploited by a remote or adjacent attacker or software. So what’s the impact here? Warez scene wreaking havoc with lossless WEB-DLs?
Seems like something like these start to make sense again if you can live with the limitations:<p><a href="https://www.biostar.com.tw/app/en/mb/result.php?model[]=973&model[]=950&" rel="nofollow">https://www.biostar.com.tw/app/en/mb/result.php?model[]=973&...</a> should be under 100$
This reminds me of the recent iPhone bootrom vulnerability, which lead to Android on the iPhone:<p><a href="https://checkra.in/" rel="nofollow">https://checkra.in/</a>
<a href="https://projectsandcastle.org/" rel="nofollow">https://projectsandcastle.org/</a>