Forwarded From: William Knowles <erehwonat_private> (Wired News) [2.23.99] A German computer magazine claims to have found a way to hack the controversial serial number in the forthcoming Pentium III chip. Computer Technology, or c't, says that contrary to Intel's claims, the identifying Processor serial number in the Pentium III can be secretly turned on and off without the user's knowledge by a small software program. Intel included the number in the chip to provide a secure identifier for e-commerce and help system administrators keep track of large networks. But an outcry from privacy activists, who said the ID number would make it impossible to remain anonymous on the Internet, forced Intel to recommend that computer manufacturers ship systems with the identifying number turned off. Intel claims this is secure because once turned off, the number cannot be turned on again without a hardware reset, typically when the computer is shut down and rebooted -- a feature Intel said was designed to make it near-impossible for the serial number to be reset without the users' knowledge. Pentium III machines will come with a special software utility to let users turn the number on and off. "We have proven that this is wrong," said Christian Persson, editor in chief of c't, a bi-weekly magazine based in Hannover. "We must ask if there is any use for the serial number any more." According to Persson, the magazine's on/off hack exploits the Pentium III's deep sleep mode, a form of hardware reset that doesn't actually turn the system completely off. The serial number is reset when the chip is woken up. Persson says the reset can be done over the Internet, via a Direct X control, or better, implemented as a Trojan horse in a software installer. "To do it in a good way, you have to hide it from the user," Persson says. "It's best to do it during installation of software, as a Trojan horse. Then you can read the number, store it anywhere on the computer, and send it at any time." Persson said the flaw was discovered by Andreas Stiller, a hardware editor and the magazine's resident chip expert. Persson said Stiller worked out the hack from published plans of the chip and system architecture. "It was only a question of time before crackers used this procedure because it is not based on secret information." Persson said. Persson said Intel in Germany confirmed that the chip's serial number can indeed be reset this way and now recommends computer manufacturers put a special on-off switch in the system BIOS -- a layer of control inaccessible to most users -- to prevent the serial number being switched on by software. However, Intel in the US stood by its claims that the serial number can only be re-enabled after a hardware reset and that it has recommended all along that manufacturers put another switch in BIOS for extra security. "The way we designed it was to make it difficult for someone hacking or sending a virus over the Internet to reset the serial number without your knowledge," said spokesman Tom Waldrop from Intel's Santa Clara, California, headquarters. "It is conceivable that a control utility can be hacked or a serial number read but it's very difficult. And you have to ask what would be done with the number after it was read? What good is it to anyone anyway?" Waldrop said that the deep sleep mode is only a feature of chips for mobile systems, which will not be available immediately. Further, Waldrop says Intel's on/off utility polls the CPU every 15 seconds to make sure the chip's status corresponds to the utility's default setting. If the default setting is off but the serial number has been secretly turned on, the utility will reset the serial number after 15 seconds. The chip does not have to be hardware reset to turn the serial number off, Waldrop noted. The Electronic Privacy Information Center, which helps organize the BigBrotherInside boycott campaign, called for a recall of the chip. "It looks like a pretty serious flaw," said Dave Banisar, EPIC's policy director. "It's been one disaster after another for Intel. It was inevitable that someone would discover how to do something like this. All of Intel's claims that people's privacy was going to be protected was built on a house of sand." However, Persson says that while he understands the importance of privacy issues, he doesn't think the Pentium III serial number is a serious invasion of privacy. Persson pointed out that there are unique serial numbers on a lot of hardware, especially hard disks, that could also be used for ID purposes if anyone cared to. "Really this is not such a big issue," he says. "I must say, I do not understand all the fuss. I think people do not like Intel so much and use this to kick their ass." -o- Subscribe: mail majordomoat_private with "subscribe isn". Today's ISN Sponsor: Internet Security Institute [www.isi-sec.com]
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:19:48 PDT