[ISN] Privacy Hack on Pentium III

From: mea culpa (jerichoat_private)
Date: Wed Feb 24 1999 - 08:03:00 PST

  • Next message: mea culpa: "[ISN] China Uncovers over 100 Hacking Cases"

    Forwarded From: William Knowles <erehwonat_private>
    
    (Wired News) [2.23.99] A German computer magazine claims to have found a
    way to hack the controversial serial number in the forthcoming Pentium III
    chip.
     
    Computer Technology, or c't, says that contrary to Intel's claims, the
    identifying Processor serial number in the Pentium III can be secretly
    turned on and off without the user's knowledge by a small software
    program.
     
    Intel included the number in the chip to provide a secure identifier for
    e-commerce and help system administrators keep track of large networks.
     
    But an outcry from privacy activists, who said the ID number would make it
    impossible to remain anonymous on the Internet, forced Intel to recommend
    that computer manufacturers ship systems with the identifying number
    turned off.
     
    Intel claims this is secure because once turned off, the number cannot be
    turned on again without a hardware reset, typically when the computer is
    shut down and rebooted -- a feature Intel said was designed to make it
    near-impossible for the serial number to be reset without the users'
    knowledge. Pentium III machines will come with a special software utility
    to let users turn the number on and off.
     
    "We have proven that this is wrong," said Christian Persson, editor in
    chief of c't, a bi-weekly magazine based in Hannover. "We must ask if
    there is any use for the serial number any more."
     
    According to Persson, the magazine's on/off hack exploits the Pentium
    III's deep sleep mode, a form of hardware reset that doesn't actually turn
    the system completely off. The serial number is reset when the chip is
    woken up.
     
    Persson says the reset can be done over the Internet, via a Direct X
    control, or better, implemented as a Trojan horse in a software installer.
    "To do it in a good way, you have to hide it from the user," Persson says.
    "It's best to do it during installation of software, as a Trojan horse.
    Then you can read the number, store it anywhere on the computer, and send
    it at any time."
    
    Persson said the flaw was discovered by Andreas Stiller, a hardware editor
    and the magazine's resident chip expert. Persson said Stiller worked out
    the hack from published plans of the chip and system architecture.
     
    "It was only a question of time before crackers used this procedure
    because it is not based on secret information." Persson said.
     
    Persson said Intel in Germany confirmed that the chip's serial number can
    indeed be reset this way and now recommends computer manufacturers put a
    special on-off switch in the system BIOS -- a layer of control
    inaccessible to most users -- to prevent the serial number being switched
    on by software. 
     
    However, Intel in the US stood by its claims that the serial number can
    only be re-enabled after a hardware reset and that it has recommended all
    along that manufacturers put another switch in BIOS for extra security.
     
    "The way we designed it was to make it difficult for someone hacking or
    sending a virus over the Internet to reset the serial number without your
    knowledge," said spokesman Tom Waldrop from Intel's Santa Clara,
    California, headquarters. "It is conceivable that a control utility can be
    hacked or a serial number read but it's very difficult.  And you have to
    ask what would be done with the number after it was read? What good is it
    to anyone anyway?"
     
    Waldrop said that the deep sleep mode is only a feature of chips for
    mobile systems, which will not be available immediately. Further, Waldrop
    says Intel's on/off utility polls the CPU every 15 seconds to make sure
    the chip's status corresponds to the utility's default setting. If the
    default setting is off but the serial number has been secretly turned on,
    the utility will reset the serial number after 15 seconds. The chip does
    not have to be hardware reset to turn the serial number off, Waldrop
    noted.
     
    The Electronic Privacy Information Center, which helps organize the
    BigBrotherInside boycott campaign, called for a recall of the chip.
     
    "It looks like a pretty serious flaw," said Dave Banisar, EPIC's policy
    director. "It's been one disaster after another for Intel. It was
    inevitable that someone would discover how to do something like this. All
    of Intel's claims that people's privacy was going to be protected was
    built on a house of sand."
     
    However, Persson says that while he understands the importance of privacy
    issues, he doesn't think the Pentium III serial number is a serious
    invasion of privacy. Persson pointed out that there are unique serial
    numbers on a lot of hardware, especially hard disks, that could also be
    used for ID purposes if anyone cared to. 
     
    "Really this is not such a big issue," he says. "I must say, I do not
    understand all the fuss. I think people do not like Intel so much and use
    this to kick their ass." 
    
    
    
    -o-
    Subscribe: mail majordomoat_private with "subscribe isn".
    Today's ISN Sponsor: Internet Security Institute [www.isi-sec.com]
    



    This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:19:48 PDT