back to article Intel's commitment to making its stuff secure is called into question

Intel claims that "protecting our customers’ data and ensuring the security of our products is a top priority" for the semiconductor giant – however, security researcher Stefan Kanthak argues otherwise. In an email to The Register in response to our report about the problems posed by the Manufacturing Mode in Intel's …

  1. mark l 2 Silver badge

    Are Intel going to allow end users to turn of ME completely with future processors? As if not, they clearly have not learned their lessons regarding security.

    1. Waseem Alkurdi

      Doesn't the article just show how really willing Intel is to bend to our wishes and bow before us?

      Nah, they have more serious stuff to do, such as pushing half-assed Spectre and Meltdown fixes.

  2. Mage Silver badge
    Black Helicopters

    Speed

    HW CPU design and programmers has often valued speed over security, robustness and stability. Thus we get vulnerabilities "deliberately" designed in.

    I like a language and compiler that by default has compile AND run time checking of pointers, array bounds, parameters etc with pragmas to turn it off on a carefully reviewed loop. I like to check parameters that are passed to functions & procedures I'm writing, before I do anything with them. If there is a speed or bloat penalty the tests can be in an ifdef / pragma that skips compiling them on a release version.

    It's unreal the amount of bugs this approach uncovers in supposedly tested and signed off "libraries".

    Design of the 4004 started in Intel in 1970, that's nearly fifty years ago. The Intel 80386 with its bugs was introduced 33 years ago, I think. The first Pentium was 1993 (25 years ago!).

    So NOW, in 2018 they are taking Security seriously?

    Talk of stable doors and escaped horses. Generations of them have died already!

    Why not an ACTUAL jumper(s) on motherboards to enable diagnostic modes, management engines, BIOS/EFI updates etc? You should need physical access, more than USB or other socket on outside and NEVER default access by software without a HW jumper enabling it.

    JTAG piggybacked on USB is madness too. Header only, at worst exposed by battery pack or keyboard removal (laptops). USB is too casually accessible to a malicious USB memory stick or mouse.

    Well, USB HID mode was stupidly designed too. PSUs, Mice, USB sticks, USB modems etc that can deliberately install software.

    Don't get me started on Autorun (includes net shares!), DCOM, Active X on network/Browsers, uPnP/SSID etc.

    1. DropBear

      Re: Speed

      I was just about going to upvote you then you went into that HID thing. With all the head-splitting madness that HID descriptors added to the already depression-inducing complexity of USB, what on Earth do they have to do with security of unrelated types of USB devices? At best, you're trying to fault the fact that composite USB devices can exist, simultaneously reporting several different types of peripherals attached over the same single USB port - but that has nothing to do with HID.

      It also has nothing to do with security - even if composite devices would not exist, there would be nothing preventing a suitably malicious piece of hardware to momentarily stop performing its apparent legitimate function, detach from the USB bus then re-attach and enumerate as a (single) completely different kind of evil USB device pwning your box.

      Is this perhaps about PS/2 nostalgia from a time when human-input devices used distinctly different ports than anything else (and so did everything else from everything else)...? If so, I guess I'm just not old and grumpy enough to follow you there - being able to plug a virtual keyboard/mouse RF dongle into the single USB port of a headless Orange Pi does have definite advantages; and if I never ever see a zillion-wire thicker-than-a-boa LPT cable it will still be too soon...

      1. Mage Silver badge

        Re: HID and USB in General.

        People have posted "free Mice" to finance directors, USB Memory sticks and setup malicious PSUs.

        All using HID and hidden storage to maliciously install stuff. At best a console window momentarily appears, or a message saying "the software to use your device has been installed and it's ready to use". Non-malicious storage, cameras, mice, modems etc can generate these messages.

        USB is nice idea badly implemented. HID is an even worse implementation. Even on basic physical level why didn't version 1.0 use a cable that would fit either way up and either way round, have power signalling and negotiation for which end is Host / Client and Peer to Peer? Why do USB devices "install" automatically without an OS based explanation of features and confirm / cancel?

        Because it was originally only envisaged for keyboard, mouse, joystick etc to replace Master / Slave Serial, Joystick port, PS/2, and AppleTalk (RS422? RS485) etc Keyboard mouse connector. A very lazy narrow view to make it as cheap as possible, though even so MS Win95 didn't originally support it, despite MS being on the committee with Apple and the others.

        Firewire (which supported hubs and networking as well as streaming and storage) also has vulnerabilities, but it was killed off by a combination of royalty costs and USB 2.0 (though it was still slower in reality).

        1. Anonymous Coward
          Anonymous Coward

          Re: HID and USB in General.

          "Because [USB] was originally only envisaged for keyboard, mouse, joystick etc to replace Master / Slave Serial, Joystick port, PS/2, and AppleTalk (RS422? RS485) etc Keyboard mouse connector."

          Historical notes:

          AppleTalk was the name at product launch for Apple's (not exactly*) RS422-based networking system; by the time USB came out, it had been renamed LocalTalk due to EtherTalk doing the same job over Ethernet (one might also mention PhoneNet - AppleTalk/LocalTalk using different connectors/cabling; and TokenTalk).

          USB was also meant to replace ADB (Apple Desktop Bus), used for keyboard and mouse - and even some modems - on Macs from the Mac SE and Mac II (both 1987) until being superseded by USB on the first iMac (1998).

          * It relied on the abilities of the ZIlog 8530 SCC (Serial Communication Controller) IC, which could do RS422 but when running LocalTalk didn't exactly follow the RS422 standard. IIRC, that is.

          1. Mage Silver badge
            Coat

            Re: HID and USB in General.

            Yes, and keyboards, mice, storage, cameras, headsets, modems, Wifi, etc on USB is a good idea. I've a box of keyboard adaptors (USB, PS/2, older AT) and serial adaptors (9/25/RJ45, male/female, null/straight/other, even 2.5mm & 3.5mm jacks) and parallel adaptors. My complaint with USB isn't the idea of it, but how stunningly badly it's done. Perhaps a "full" implementation of Bluetooth is scarier to write driver and interface OS/App to, but it doesn't have some of the stupidities of USB? Also usually you can disable Bluetooth.

            My coat is the one bulging with stack documentation and a gazillion USB adaptors. Hardly ANY tablet/phone (often with only one USB port) allow charging when in Host mode (it's not in the spec!), yet newer models of tablet removed the 2.5mm coax power jack. Either put TWO USB sockets, or ignore the spec (like some Windows phones) to allow a Y cable to charge and be Host or put the 2.5mm coax and let gadget charge from either USB or coax plug. Then you can't be "pawned" by a malicious PSU. You CAN cut the two data wires on a charging cable, but then you need to add resistors on the phone/tablet half of cable or else the gadget will not charge at 1A or 2A, maybe only 100mA or 500mA. Not every USB PSU and Phone/Tablet combo enables the 1A, 1.5A or 2A as it's not part of the original spec, you need a "compatible" PSU that puts the right combination of resistors/voltages on the D+ and D- pins, possibly connecting to +V and 0V.

            Intel's attitude and history is just a general symptom of the Tech industry being poor on security.

      2. JohnFen

        Re: Speed

        His criticism of USB is correct, though.

    2. oiseau
      Pint

      Re: Speed

      Why not an ACTUAL jumper(s) on motherboards to enable diagnostic modes, management engines, BIOS/EFI updates etc? You should need physical access, more than USB or other socket on outside and NEVER default access by software without a HW jumper enabling it.

      +1

      +10

      +100 ---> have a pint or two.

      1. Andromeda451

        Re: Speed

        One word: manufacturing costs.

    3. Rich 2 Silver badge

      JTAG piggybacked on USB is madness too

      I think the main reason you have JTAG over USB is because machines don't come with a serial port any more. In fact, the ONLY usable (ie, not video etc) interface many come with is USB

      1. Mage Silver badge

        Re: JTAG piggybacked on USB is madness too

        I've never seen a board using the RS232 port to give JTAG access, though it may exist. It's usually a 3.3V "TTL" header or pads. I do have four boards and SW here that allow the regular PC host USB, special driver & JTAG application to access JTAG interface on the slaved board via its USB client/slave socket. Just a regular USB cable works. I'd rather use a regular JTAG connection via an adaptor (Parallel port, Serial Port and USB port adaptors exist and are cheap. I think some of the USB - TTL serial ICs can do JTAG instead of RS232, it's basically just serial data in and out at the same time with a clock.)

        JTAG is built into chips, the In and Out is daisy chained.

        1. Anonymous Coward
          Anonymous Coward

          JTAG over USB is fine

          Just make sure it isn't automatically enabled - i.e. you have to set a jumper or otherwise boot into some special non-default mode.

    4. Bob Camp

      Re: Speed

      The last time I looked at buying a processor (two years ago), I wasn't concerned about security at all. It was all about speed. Benchmarks all measured speed and none measured security. I know everybody else did the same thing. So Intel and AMD gave the masses what they wanted, and you can't really fault them for that.

      Safety and security always seem to be an afterthought.

      1. JohnFen

        Re: Speed

        "So Intel and AMD gave the masses what they wanted, and you can't really fault them for that."

        Sure you can. If a car manufacturer produced a car that was race-car fast, but dangerous to drive, the car manufacturer can absolutely be faulted for it even if the market overwhelmingly wants race-car speeds. This is no different.

        1. Michael Wojcik Silver badge

          Re: Speed

          If a car manufacturer produced a car that was race-car fast, but dangerous to drive, the car manufacturer can absolutely be faulted for it even if the market overwhelmingly wants race-car speeds.

          Many car manufacturers do sell models that are very fast and difficult to control when they are operated at high speed. Notorious examples include many of the Porsche 911 models, the Aston Martins of the 1990s, pretty much all American muscle cars, ...

          And most of the security (safety) measures that cars incorporate are present due to government regulation, because given the choice, the market would prefer faster and cheaper over safer. There's no evidence to suggest that a significant portion of the automobile market is willing to pay more (either in direct price, or in reduced features elsewhere) for safety.

          There is no similar regulatory regime for CPUs or other IT components, except in extremely limited areas such as FIPS 140 compliance for cryptographic systems sold to the US Federal government (and FIPS 140-2 is arguably counterproductive). A "more secure" CPU would almost certainly have failed, or at least been a niche product.

          Consider that Intel ended up canceling the '432 because no one wanted to buy it. The AS/400, a not-quite-a-capability-architecture system, succeeded only among IBM's largely captive market. How many Burroughs mainframes (B5500 and its successors) or MCP-based ClearPath systems do you run into?

          By and large, people have been unwilling to spend money on security beyond the point where they believe they have achieved parity with their peers.

        2. bpfh

          Re: Speed

          Like the Cobra and the Viper?

      2. Anonymous Coward
        Anonymous Coward

        Re: Speed

        "Intel and AMD gave the masses what they wanted, and you can't really fault them for that.

        Safety and security always seem to be an afterthought."

        On the other hand, marketing for consumer-oriented CPUs is pretty much all about speed, but security has been a significant issue even for domestic PC users for decades. Intel or AMD could have concentrated consumer attention on security issues in marketing if they'd had a mind to.

        Even my mother in law (nearly 80) is aware that her Windows laptop is insecure by design from the CPU up because yes, security is always an afterthought, AND it's a problem.

        Seems to me that we've got an industry selling us stuff run by people who keep pushing "faster, shinier, more modern, buy it because it's new" and all that guff. Why? I think it's just because they're doing what they've always done and that's that - once upon a time, certainly back in the early 1980s, security really wasn't much of a problem for home computer users and lack of speed was. So they sold us more speed and security wasn't thought about. But then we got hard disc drives, and modems, and then the Internet came along, and...

        Things seem to be getting a bit better, but not as quickly as they might.

        Whyohwhyohwhy don't the firms that make our IT kit actually pull their fingers out and, erm, follow practices which already exist to improve matters? I keep reading stuff which indicates to my not-at-all-expert brain that if they all did all the time - from IC design, motherboard design, interfaces, OS design, languages, compilers, APIs, all that stuff, then there's a good chance that 99+% of the IT security risks we currently face would go away.

        I'm sure there must be a way out of this mess but I'm pretty sure we're not going to see it soon.

    5. rcxb Silver badge

      Re: Speed

      - "Why not an ACTUAL jumper(s) on motherboards to enable diagnostic modes, management engines, BIOS/EFI updates etc? You should need physical access, more than USB or other socket on outside and NEVER default access by software without a HW jumper enabling it."

      I'm not going to pay data-center staff to go around swapping jumpers on hundreds of servers every time we want to update the firmware, then put them all back again. That goes double if we want to do the firmware update in the middle of the night when load is low.

      1. Anonymous Coward
        Mushroom

        Re: Speed

        I'm not going to pay data-center staff to go around swapping jumpers on hundreds of servers .. That goes double if we want to do the firmware update in the middle of the night when load is low.”

        In that case you're happy to dispense with security. Besides if the firmware update fails you're left with a brick.

        1. Mage Silver badge

          Re: Speed

          A server could easily have the Write Protect / Update Enable jumper on the front panel. I remember cheap PC cases having keylocks AND a "Turbo button". Many still have a "Reset" button as well as "Power", a firmware /CPU /MOBO change. could make it that a long press off Reset while holding Power is reset and two momentary jabs of Reset during power up, or some other state enables "Writing". Keyboard F12 or whatever might be useless security as that is USB based, so might be possible to be redirected? Obviously no network based access should be possible to enable "write" mode.

          1. Spazturtle Silver badge

            Re: Speed

            There are 2 big parts to Intel ME, Active Management Technology (AMT) and Trusted Platform Module (TPM).

            AMT is a attempt by Intel to bring the Intelligent Platform Management Interface (IPMI) to the desktop.

            Most server boards have a dedicated Ethernet socket for IPMI, and that is the only way to access the management system.

            On desktops the ME is access though the normal networking for cost reasons. Businesses don't want to have to run 2 Ethernet cables to each desktop.

            The 2nd part of ME is the TPM which is pretty harmless, this is used to store encryption keys, DRM keys and things like that. Programs can use their own signed key to store stuff in the TPM which only they can access.

      2. RussInKansas

        Re: Speed

        So...what you're saying is that you won't spend money on security.

        Would you mind sharing the name of your company that won't pay data-center staff to do secure updates? I'm sure I'm not the only one who wants to know who to avoid.

    6. Andromeda451

      Re: Speed

      The rules changed with the WWW and most chip makers were slow to realize the full extent of the issue. Prior to ~25 years ago the large majority of PC systems were standalone desktop units, not even a modem connection. The rise of the internet further exposed the flawed worldview about the basic good of people. What a surprise. People commenting that the flaws were deliberately designed in know not what they espouse.

  3. druck Silver badge
    Unhappy

    ME lying?

    The blatant lie isn't that Intel is not responding to security vulnerabilities of various levels of severity, it's more that they are leaving probably most severe vulnerability in the chips i.e. the Management Engine.

  4. Pascal Monett Silver badge
    WTF?

    What ?

    ""The statement is typical PR, and as such of no value," he said.

    [..] Intel has made a concerted effort to pay more attention to security or at least to talk about it more."

    Oh, so you consider that Intel talking more about security is not PR ?

  5. Wolfclaw

    Securung your products does not make money, it does come at a cost though and companies don't like that, unless your in the game to find those problems and come up software to fix or protect against . Intel definately in the former, they would prefer you to buy new products to replace the vunerable ones.

    1. Gonzo wizard

      Securing your products is a way to make money - if your competitors take the view that they don't need to. The choice as to who gets my money is mine. Your choice to not secure your product would automatically exclude you from my shortlist.

      Not securing your products is also a sure fire way to turn an insecure product into one or more business-ending expensive legal cases.

      1. Michael Wojcik Silver badge

        Securing your products is a way to make money - if your competitors take the view that they don't need to. The choice as to who gets my money is mine. Your choice to not secure your product would automatically exclude you from my shortlist.

        You aren't representative of the broader market. The evidence for that is overwhelming.

        Not securing your products is also a sure fire way to turn an insecure product into one or more business-ending expensive legal cases.

        No, it is not. Such litigation (much less prosecution) is rare, and even more rarely successful. You're living in a fantasy.

      2. Anonymous Coward
        Anonymous Coward

        unsafe at any cost?

        "Not securing your products is also a sure fire way to turn an insecure product into one or more business-ending expensive legal cases."

        Lovely theory. Is there any evidence?

        Note that many of the factors that make a product insecure may also make it unsafe, and vice versa.

  6. Destroy All Monsters Silver badge

    Inhell processors are secure!

    That may be a bit excessive. Since the Spectre and Meltdown side-channel processor vulnerabilities were disclosed earlier this year – affecting AMD, ARM, Intel and others – Intel has made a concerted effort to pay more attention to security or at least to talk about it more.

    In other words, it's a bit excessive.

  7. Mike 16

    Jumpers

    Here's the thing. While I agree that in an ideal world where computers are managed by knowledgeable technicians with both the skill and the attitude to "do stuff right", any firmware mods (let alone JTAG access) would be controlled by a hardware jumper, preferably one that is either:

    A) Verified to be disconnected before the "special mode" it was needed for can be exited back to "normal mode" BIOS/UEFI)

    or

    B) In such a position in the case that the vulnerable system cannot be buttoned up and slid back into the rack.

    That just "doesn't scale". When Spectre/Meltdown or similar are discovered and (at least partially) mitigated, the small business with under 10 servers can do the trudge from one to the next with a "crash cart", and probably has one person who, because they need to be a jack-of-all-trades, has all the needed skills. Now consider even a medium-size outfit (like one of my former employers) who has three or four rows of a dozen or more racks with at least a dozen servers per rack. How many crash-carts do they have? How many adequately skilled IT techs can you cram into each aisle, if you even have them?

    One might argue that hardware designers should be more about reliability and security than the current mania for speed and cost, or that software developers should dial back the "Ship it and deal with any problems in the next release, or maybe never, Does never work for you?"

    That argument is unlikely to get much consideration from folks who need to keep the lights on in the face of financial and schedule demands. In this universe anyway. "Damage to reputation" doesn't seem to actually happen much anymore. Pretty much all the "victim companies" of massive data breaches are still in business, and no corporate officers are in jail.

    Everybody wants quality, damn few want to pay for it.

    1. Anonymous Coward
      Anonymous Coward

      Re: Jumpers

      Could HYPErvisor suppliers not provide virtual jumpers to deliver the necessary functionality?

      "Pretty much all the "victim companies" of massive data breaches are still in business, and no corporate officers are in jail."

      Sad, isn't it.

      "Everybody wants quality, damn few want to pay for it."

      Well I don't know about that, not in end user terms anyway.

      How did cars ALL end up with dual-circuit brakes or similar, back in the days when "failure mode and effect/criticality analysis" was still a thing?

      Corporate directors and similar want their easy money without being held accountable, and customers have to pay for it. Greed is good, apparently.

      Remind me: What was it that stopped animals being routinely used as part of product testing (in some parts of the world) in cruel and unnecessary ways?

    2. Piro Silver badge

      Re: Jumpers

      Instead of a jumper, that could be left in the wrong position, why not a button on the rear of the server that does nothing except wake up a circuit that sets a timer in motion while the virtual, solid state "jumper" is closed.

      After an hour, it resets, and the firmware is no longer open for writes.

      That way nobody has to actually take anything out of the racks.

  8. wownwow

    "Foreshadow Inside" still?

    The fundamental problem is the repeated spec violations! The security problems that are unique to Intel, e.g. "Meltdown" and "Foreshadow," are caused by Intel violating the specs.

  9. fidodogbreath

    "protecting our customers’ data and ensuring the security of our products is a top priority"

    Facebook Equifax, and Yahoo said that, too.

    1. nlight
      Pint

      That's the slogan of every company. So happy that there's someone is protecting us, this haven called Internet where everything is transparent and decentralized.

    2. Michael Wojcik Silver badge

      All priorities are top priorities, for sufficiently large values of "top".

  10. bombastic bob Silver badge
    Unhappy

    Intel started to use .NET Framework in many of its drivers' GUI applications

    that's another problem - swallowing Micro-shaft's coolaid!

    'dangerous at any speed' - more or less applies here, too.

    /me points out that a SIMPLE interface using a dialog box and the Win32 API doesn't need a bunch of ".Nuttiness" and is FAR less likely to have security issues [unless written by an IDIOT]. Yes, you'll have to do parameter checking to implement it and that's the point, actually... [amazingly enough sscanf (and its slightly more secure incarnations) still works]

  11. Big Al 23

    Isn't the reason why Intel currently has unending security issues...

    ...due to their lack of concern with security when they intentionally bypassed industry standard CPU execution protocol in all of the CPU designs over the past several decades? When did customer security become paramount at Intel?

  12. Anonymous Coward
    Big Brother

    How to validate the Security and Management Engine

    Intel recently consolidated CSME updates ..This makes it simpler for them to validate and apply fixes and make them available to end users.

    Why not release the source code to the CSME which I understand is written in MINIX.

  13. Anonymous Coward
    Trollface

    that photo...

    I can't get this LGA chip to stay in the Socket AM2 here. Maybe if I put a lock on it?

  14. veti Silver badge

    The articles say it all

    It's "a top priority", "a critical priority". In other words, it's one of many such "priorities". How many, exactly? - might actually be an interesting question to ask, next time they lay themselves open to such interrogation.

    I'm sure they're "sincere in their desire to be more secure", just like I'm sincere in my desire to be more healthy. Wanting something, no matter how "sincere", is not enough. You also need to be willing to give up something else to get it. What, specifically, is Intel willing to cut down on, to improve security?

  15. Anonymous Coward
    Anonymous Coward

    "I'm not going to pay data-center staff......"

    Yes, I'd like to know who you work for too.

    But for those with a slightly more positive attitude, you know, you weirdos wanting to actually serve their customers to the best of their ability, in the hope of continuing in business with a reputation, rather than just taking the p*ss:

    Specify servers to have these jumpers provided and wired up to front panel switches.

    If you're too mean to pay for this, then frankly, f*ck off.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like