Category: Technical Labour

This is the most demonically clever computer security attack I’ve seen in years.

Originally shared by Yonatan Zunger

This is the most demonically clever computer security attack I’ve seen in years. It’s a fabrication-time attack: that is, it’s an attack which can be performed by someone who has access to the microchip fabrication facility, and it lets them insert a nearly undetectable backdoor into the chips themselves. (If you’re wondering who might want to do such a thing, think “state-level actors”)

The attack starts with a chip design which has already been routed — i.e., it’s gone from a high-level design in terms of registers and data, to a low-level design in terms of gates and transistors, all the way to a physical layout of how the wires and silicon will be laid out. But instead of adding a chunk of new circuitry (which would take up space), or modifying existing circuitry significantly (which could be detected), it adds nothing more than a single logic gate in a piece of empty space.

When a wire next to this booby-trap gate flips from off to on, the electromagnetic fields it emits add a little bit of charge to a capacitor inside the gate. If it just happens once, that charge bleeds off, and nothing happens. But if that wire is flipped on and off rapidly, it accumulates in the capacitor until it passes a threshold — at which point it triggers that gate, which flips a target flip-flop (switch) inside the chip from off to on.

If you pick a wire which normally doesn’t flip on and off rapidly, and you target a vulnerable switch — say, the switch between user and supervisor mode — then you have a modification to the chip which is too tiny to notice, which is invisible to all known forms of detection, and if you know the correct magic incantation (in software) to flip that wire rapidly, will suddenly give you supervisor-mode access to the chip. (Supervisor mode is the mode the heart of the operating system runs in; in this mode, you have access to all the computer’s memory, rather than just to your own application’s)

The authors of this paper came up with the idea and built an actual microchip with such a backdoor in it, using the open-source OR1200 chip as their target. I don’t know if I want to guess how many three-letter agencies have already had the same idea, or what fraction of chips in the wild already have such a backdoor in them.

As Andreas Schou said in his share, “Okay. That’s it. I give up. Security is impossible.”

http://static1.1.sqspcdn.com/static/f/543048/26931843/1464016046717/A2_SP_2016.pdf?token=w3dhe%2B6JZ1Jso48tLOlumHPZkRc%3D

Basically this is the same as the SCO vs Linux case.

Basically this is the same as the SCO vs Linux case. The difference being that the copyrights on UNIX that SCO claimed to own were old, vaguely written and not covered by later, more onerous law. Sun’s copyrights are more clearly formulated under modern copyright law so Google’s defence relies completely on the Fair Use* of Oracle’s copyrighted apis.

In its most general sense, a fair use is any copying of copyrighted material done for a limited and “transformative” purpose, such as to comment upon, criticize, or parody a copyrighted work. Such uses can be done without permission from the copyright owner. In other words, fair use is a defense against a claim of copyright infringement. If your use qualifies as a fair use, then it would not be considered an illegal infringement.

http://fairuse.stanford.edu/overview/fair-use/what-is-fair-use/

In this sense Android is making a cultural reference, a quote or a “parody” of the Java apis. It’s what programmers do all the time when they make their own clean room implementations of various software conventions. Things like, say, commands like “printf”, ” do…while” or implementing Perl’s regular expression syntax.

If Google loses this case then so too will the entire software industry as predatory companies start to pick over and look for all the copyrighted “cultural references” programmers have used in published code.

* a protection that doesn’t exist at all under Australian copyright law btw

Via Chris Robato​​​​​

http://arstechnica.com/tech-policy/2016/05/google-to-jury-android-was-built-with-our-engineers-hard-work/