Profile

Cover photo
Dave Morris
30 followers|13,940 views
AboutPostsPhotosVideos+1's

Stream

Dave Morris

Shared publicly  - 
 
Yep, demonically clever indeed.
 
This is the most demonically clever computer security attack I've seen in years. It's a fabrication-time attack: that is, it's an attack which can be performed by someone who has access to the microchip fabrication facility, and it lets them insert a nearly undetectable backdoor into the chips themselves. (If you're wondering who might want to do such a thing, think "state-level actors")

The attack starts with a chip design which has already been routed -- i.e., it's gone from a high-level design in terms of registers and data, to a low-level design in terms of gates and transistors, all the way to a physical layout of how the wires and silicon will be laid out. But instead of adding a chunk of new circuitry (which would take up space), or modifying existing circuitry significantly (which could be detected), it adds nothing more than a single logic gate in a piece of empty space.

When a wire next to this booby-trap gate flips from off to on, the electromagnetic fields it emits add a little bit of charge to a capacitor inside the gate. If it just happens once, that charge bleeds off, and nothing happens. But if that wire is flipped on and off rapidly, it accumulates in the capacitor until it passes a threshold -- at which point it triggers that gate, which flips a target flip-flop (switch) inside the chip from off to on.

If you pick a wire which normally doesn't flip on and off rapidly, and you target a vulnerable switch -- say, the switch between user and supervisor mode -- then you have a modification to the chip which is too tiny to notice, which is invisible to all known forms of detection, and if you know the correct magic incantation (in software) to flip that wire rapidly, will suddenly give you supervisor-mode access to the chip. (Supervisor mode is the mode the heart of the operating system runs in; in this mode, you have access to all the computer's memory, rather than just to your own application's)

The authors of this paper came up with the idea and built an actual microchip with such a backdoor in it, using the open-source OR1200 chip as their target. I don't know if I want to guess how many three-letter agencies have already had the same idea, or what fraction of chips in the wild already have such a backdoor in them.

As +Andreas Schou said in his share, "Okay. That's it. I give up. Security is impossible."
163 comments on original post
1
Add a comment...

Dave Morris

Shared publicly  - 
 
Yep, demonically clever indeed.
 
This is the most demonically clever computer security attack I've seen in years. It's a fabrication-time attack: that is, it's an attack which can be performed by someone who has access to the microchip fabrication facility, and it lets them insert a nearly undetectable backdoor into the chips themselves. (If you're wondering who might want to do such a thing, think "state-level actors")

The attack starts with a chip design which has already been routed -- i.e., it's gone from a high-level design in terms of registers and data, to a low-level design in terms of gates and transistors, all the way to a physical layout of how the wires and silicon will be laid out. But instead of adding a chunk of new circuitry (which would take up space), or modifying existing circuitry significantly (which could be detected), it adds nothing more than a single logic gate in a piece of empty space.

When a wire next to this booby-trap gate flips from off to on, the electromagnetic fields it emits add a little bit of charge to a capacitor inside the gate. If it just happens once, that charge bleeds off, and nothing happens. But if that wire is flipped on and off rapidly, it accumulates in the capacitor until it passes a threshold -- at which point it triggers that gate, which flips a target flip-flop (switch) inside the chip from off to on.

If you pick a wire which normally doesn't flip on and off rapidly, and you target a vulnerable switch -- say, the switch between user and supervisor mode -- then you have a modification to the chip which is too tiny to notice, which is invisible to all known forms of detection, and if you know the correct magic incantation (in software) to flip that wire rapidly, will suddenly give you supervisor-mode access to the chip. (Supervisor mode is the mode the heart of the operating system runs in; in this mode, you have access to all the computer's memory, rather than just to your own application's)

The authors of this paper came up with the idea and built an actual microchip with such a backdoor in it, using the open-source OR1200 chip as their target. I don't know if I want to guess how many three-letter agencies have already had the same idea, or what fraction of chips in the wild already have such a backdoor in them.

As +Andreas Schou said in his share, "Okay. That's it. I give up. Security is impossible."
163 comments on original post
1
Add a comment...

Dave Morris

Shared publicly  - 
 
Key findings :
* Docker is key to providing the necessary agility, control and portability that their latest development initiatives demand.
* Docker offers portability as unique value amongst container management vendors.
At the beginning of March, we ran a survey across to people interested in Docker to shine a light on the state of the current software supply chain, and how Docker plays a role in its evolution. We…
1
Add a comment...

Dave Morris

Shared publicly  - 
 
Yep, same as it ever was. We need to keep track of what is deployed where, and always remember to clean up afterwards.
1
Add a comment...

Dave Morris

Shared publicly  - 
 
Absolutely brilliant video - made me cry
 
Please take a moment to WATCH and SHARE. Tap here >> http://bit.ly/1OILl3t << to watch the full film.
Every year hundreds of Irish donkeys are being abandoned, many as a direct result of the farm subsidy scheme. Something needs to change.
View original post
1
Add a comment...

Dave Morris

Shared publicly  - 
 
This looks like a good idea, hope it catches on :-)
1
Add a comment...
In their circles
52 people
Have them in circles
30 people
Keith Noddle's profile photo
Amy Krause's profile photo
Jeff Lusted's profile photo
Paul Harrison's profile photo
Nick Holden's profile photo
Noel Winstanley's profile photo
Mobiquant's profile photo
Jonathan Tedds's profile photo
William O'Mullane's profile photo

Communities

8 communities

Dave Morris

Shared publicly  - 
 
The unnecessariat: the humans who are superfluous to corporations.
I remember AIDS. I’m older than you probably think I am, and I remember what AIDS in America meant in the eighties, when William F. Buckley suggested all “carriers” be tattooed, a…
1
Add a comment...

Dave Morris

Shared publicly  - 
 
This looks interesting.
datakit - Connect processes into powerful data pipelines with a simple git-like filesystem interface
1
Add a comment...

Dave Morris

Shared publicly  - 
 
We should not be using closed source proprietary algorithms for this.
There’s software used across the country to predict future criminals. And it’s biased against blacks.
1
Add a comment...

Dave Morris

Shared publicly  - 
 
People are looking for someone to make things right again.
John Harris watches The Donald win the presumptive nomination in Indiana and talks to voters who think he’s the only option – as well as the people who think it’s all a con
1
Add a comment...

Dave Morris

Shared publicly  - 
 
Unfortunately, I think this is probably going to be true.
Hyper-Reality presents a provocative and kaleidoscopic new vision of the future, where physical and virtual realities have merged, and the city is saturated in media.
1
Add a comment...

Dave Morris

Shared publicly  - 
 
It has now been five days since the girls moved into their new residence at 59a at the bottom of the garden and there's a sense of complete calm and all is well in the world when sitting and just watching them going about their daily business. Before going to work, I eagerly peer out of one of ...
1
Add a comment...
People
In their circles
52 people
Have them in circles
30 people
Keith Noddle's profile photo
Amy Krause's profile photo
Jeff Lusted's profile photo
Paul Harrison's profile photo
Nick Holden's profile photo
Noel Winstanley's profile photo
Mobiquant's profile photo
Jonathan Tedds's profile photo
William O'Mullane's profile photo
Communities
8 communities
Basic Information
Other names
Zarquan
Work
Occupation
Software engineer
Employment
  • Software engineer, present
Collections Dave is following
Links
Other profiles
Dave Morris's +1's are the things they like, agree with, or want to recommend.
The FCC's Historic Day: Voting Yes For Net Neutrality, Voting No On Prot...
www.techdirt.com

Today was, no hyperbole intended, probably one of the more historic -- albeit at times one of the dullest -- days in FCC history. The agency

Ex-MI6 chief calls for new compact between internet firms and spy agenci...
www.theguardian.com

Sir John Sawers says Snowden revelations shattered informal relationship but cooperation is necessary to prevent attacks

President Obama Is Waging a War on Hackers | WIRED
www.wired.com

Ha ha. New York Times accidentally posted their employee database to their website: SSN, passwords, and salaries: https://t.co/1dLdUXG2tT —

Whatsapp Just Switched on End-to-End Encryption for Hundreds of Millions...
www.wired.com

The result is practically uncrackable encryption for hundreds of millions of phones and tablets that have Whatsapp installed---by some measu

No 10 backs GCHQ chief’s criticism of internet firms | UK news | The Gua...
www.theguardian.com

Downing Street shares Robert Hannigan’s view over extremists’ use of internet but ISPs dismiss comments as ill-judged

Random acts of kindness can make the world a better place | Alex Andreou...
www.theguardian.com

Alex Andreou: Rather than to shooing away the homeless we should offer them a cup of tea. That is what’s wrong with Britain – not the presen

Ukip's polarising effect: support for staying in the EU hits 23-year high
www.theguardian.com

A new poll by Ipsos MORI finds that 56% of Britons would vote to stay in the EU - the highest level of support since 1991

‘Cleansing the stock’ and other ways governments talk about human beings...
www.theguardian.com

Those in power don’t speak of ‘people’ or ‘killing’ – it helps them do their job. And we are picking up their dehumanising euphemisms

How to Save the Net: Break Up the NSA | Magazine | WIRED
www.wired.com

The NSA has too many missions: a military mission dedicated to network attacks and political espionage, a law enforcement mission focused on

How the Kickstarter model could transform UK elections | Technology |
www.theguardian.com

Voting is in decline and politics is an arrogant, complacent industry. A threshold-style action system could change everything

EU's right to be forgotten: Guardian articles have been hidden by Google...
www.theguardian.com

Publishers must fight back against this indirect challenge to press freedom, which allows articles to be 'disappeared'. Editorial decisions

Microsoft Challenges Idea That US Government Can Go Fishing For Emails S...
www.techdirt.com

Back in April, we wrote about a magistrate judge ruling that Microsoft had to comply with a warrant asking for data that was held on servers

Commander Hadfield's Amazing Cover Of David Bowie's Space Oddity Disappe...
www.techdirt.com

A year ago, we wrote a whole post looking at the copyright questions raised by Canadian astronaut, Commander Chris Hadfield, doing a cover v

Now troubled children are an investment opportunity
www.theguardian.com

An 18% return on the most disturbed and needy children in care homes is the extreme end of Britain's outsourcing culture

Me and the NSA
stilldrinking.org

So I've been meaning to get my records from the FBI ever since high school when I discovered the Freedom of Information Act was a thing, but

Programming Sucks
stilldrinking.org

Every friend I have with a job that involves picking up something heavier than a laptop more than twice a week eventually finds a way to sli

This Parking Lot Is Paved With Solar Panels | Autopia | WIRED
www.wired.com

The Idaho couple that created an innovative road surface made of solar panels is back with a prototype, and they're looking to Indiegogo for

Design Is Why 2048 Sucks, and Threes Is a Masterpiece | Design | WIRED
www.wired.com

It's hard to overstate just how good Threes really is. Touch Arcade's review deemed it a "perfect mobile game." Ken Wong, the lead designer

The Robot Car of Tomorrow Might Just Be Programmed to Hit You | Autopia ...
www.wired.com

Suppose that an autonomous car is faced with a terrible decision to crash into one of two objects. It could swerve to the left and hit a Vol

It’s Insanely Easy to Hack Hospital Equipment | Threat Level | WIRED
www.wired.com

When Scott Erven was given free reign to roam through all of the medical equipment used at a chain of large midwest health care facilities,