At 10:26 PM 9/17/1999 +0100, Antonomasia wrote:
>From: Lucky Green <[EMAIL PROTECTED]>
>
>> after he began talking about some very curious, very complex, very
>> undocumented instruction he discovered in late-model CPU's. Instructions
>> that will put the processor into a mode that makes OS protections
>> irrelevant.
>
>This is scary. It could be time to hoard antique computers.
>
I would like to see some discussion of what are the actual possible CPU
subversions. All the obvious subversions would seem to require a
cooperating OS. In many ways, CPUs seem to be limited as targets since they
see only opcodes and databytes, it certainly would not 'know' it was
working on cyphertext any more than it would know know it was recalcing a
spreadsheet or calculating a pixel.
A compromised OS could, of course, be saving keystrokes to a file, or
sending them out in packets. But the CPU does not see files or packets or
keystrokes, only individual opcodes.
The only obvious effective subversions I can think of off hand are:
RNG (can be potentially countered by replacing with trusted software)
Radiation of signal for TEMPEST. (Since the CPU cannot determine what it is
actually doing, it would have to radiate its entire operation
stream...hundreds of millions of ops per second, mostly doing background
stuff. Without a cooperating compromised OS, it would be up to the attacker
to sort out the meaningfull from the noise...not an easy task...especially
if there are 2 or more units located in close proximity).
With all the techies on this list, I would like to hear other types of CPU
attacks discussed wo we can anticipate problems. What would these
'specialized' opcodes look like?
jay
