For safer chips and the end of software security patches.

Topic

New Reply

There is what looks like well-funded and intensive work on developing security-critical chips, such as CPUs, to make them immune to the kinds of attacks exemplified by Spectre/Meltdown, WanaCry and their like, that exploit vulnerabilities built-in, at present, in the chips themselves. The chips so far developed to this end are both expensive and slow, but there is also work in progress to develop commercial versions both faster and more affordable, with varying degrees of built-in security, for use as part of the hardware of devices ranging from cell phones to multi-processor low-end supercomputers, as well for embedded systems used in electric, nuclear, water purification and other highly critical facilities, and in the (supposedly) forthcoming “internet of things.” Maybe we all can breath a little easier now, or may be able to, some day.

https://www.militaryaerospace.com/articles/2017/12/design-tools-cyber-security-trusted-computing.html

http://seapowermagazine.org/stories/20180104-Darpa.html

Of course, no hardware, firmware or software fix can make everybody safe for ever, or even near-term: social engineering and carelessness are not going to go away for as long as there are humans using computers connected to other computers, be them in LANs, WANs or WLANs. Or to WWW servers over the Internet. Or whatever takes their place, eventually, in the more distant future.

 

Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).

MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV

1 user thanked author for this post.

Elly

Reply | Quote

Replies

For those that are subscribers of “New Scientist” this article covers in a general way the topic, with a brief story of the efforts that have taken place in the last decade towards designing chips that are unhackable, both in their hardware and firmware.

https://www.newscientist.com/article/mg23931900-300-uncrackable-computer-chips-stop-malicious-bugs-attacking-your-computer/

 

Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).

MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV

Reply | Quote

Don’t look now but the Internet of Things is already here. Got a wireless printer? Got a reasonably recent TV? Apple or Google TV media access device? Wireless security camera? Someone with a Smart Phone that uses wifi? Voice over IP device like Ooma or Magic Jack? Video game console? Internet radio? New water heater? Refrigerator? The list goes on. I won’t even mention cloud-controlled routers.

You might feel you have an awesome security setup for your PCs, but with all these other things right there on your Ethernet and/or broadcasting/receiving radio waves, who knows what packet data is being watched?

-Noel

2 users thanked author for this post.

SueW, Elly

Reply | Quote

Noel ” Don’t look now but the Internet of Things is already here. ”

My answer is “NO” to each and every item in your list. Call me old fashioned, or even prehistoric: that’s me.

“ You might feel you have an awesome security setup for your PCs ”

I most certainly don’t. For all those reasons you give, and more.

But remember: the topic is chips vulnerability to malware, not safer communication of personal and security-related information. That is an altogether different kettle of fish, and one that won’t start smelling any better after some hardware fixes.

Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).

MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV

1 user thanked author for this post.

Noel Carboni

Reply | Quote

Fair enough, this is about making chips more secure.

I suggest that any sense of total security is and likely always will be a false one.

You could live in a bunker so well fortified you can’t go wrong, and an asteroid could destroy the Earth. Life cannot be without risk.

Choose to be as much or as little a part of modern society as you wish, and take on the associated risks as you see fit. What if no computer or TV you will be able to purchase in 10 years will be available without being an IoT device? Will you just go without when your current one breaks?

Guard your borders well, run software you have vetted and trust, and back up your data and systems in a way that hedges against the eventuality that something will go wrong – either because of malware or because of failure. If you’re lucky you never have to deal with the worst that could happen.

-Noel

Reply | Quote

Noel Carboni,

I quite agree with your advice. In fact, I live by rules almost indistinguishable from your recommendations.

I would hazard the opinion that not having an Internet-connected fridge and other things you have mentioned is not going to cut me off from participating fully in modern society. With colleagues and friends, here and abroad, that I collaborate with in research projects that require using supercomputers, analyzing data from artificial satellites, and finding the position of those satellites and various other types of vehicle two better than two inches, I think I might be right in the middle of it.

Now, computers dependent on being connected to the Internet of Things would be a real bother. But I am guessing that I will be able to get (if necessary having them custom-made for me) computers that do not require such connections to let me do what I need to do. Ditto the connections themselves being made over links more secure and discrete of one’s personal information that those that shower it around like confetti for the profit of some large telecoms — and of cybercrooks. If, as I (optimistically?) expect, demand for such things turns out to be big enough, a market will develop for them and prices will tend to come down and quality and versatility to go up. Of course, there is nothing much we could do, at least short term, about governmental Big-Brothering of our private lives, other than to oppose it as the good citizens we should be, that is, seriously committed to upholding our liberties. When our technological environment changes in unwelcome ways, we might be able to adapt just enough to still function in it, without also having to give up on being who we are.

That said, safer chipsets that make computers substantially less vulnerable to malware without slowing them down too much or seriously limiting what can be done with them, might free us, eventually and to a large extent, from the worrisome drudgery of endless patching.

Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).

MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV

1 user thanked author for this post.

Noel Carboni

Reply | Quote

OscarCP wrote; … to make them immune to the kinds of attacks exemplified by Spectre/Meltdown, WanaCry and their like, that exploit vulnerabilities built-in, at present, in the chips themselves.

During the 1990s, for an apparent faster CPU performance and marketing purposes, Intel/AMD built-in the Speculative Execution feature into their chips, but making them vulnerable to a hosts of bugs today, ie about 20 years later.
So, getting rid of the Speculative Execution feature will immediately make chips much safer.
Instead Intel/AMD will also be building-in the Meltdown/Spectre/Foreshadow/Etc patches into all their new chips starting with the 9th-generation chips, significant performance hits on the new chips, back to square one or back to the “future” of the 1990s.

Sometimes, tech-geeks are too smart for their own good.

P S – Bear in mind that the Speculative Execution feature in chips also uses more RAM.

2 users thanked author for this post.

HiFlyer, OscarCP

Reply | Quote

Anonymous ” P S – Bear in mind that the Speculative Execution feature in chips also uses more RAM. ”

Quite. While increasing their unhackability makes chips slower and more expensive.  How to get around those two problems: cost and functionality, particularly with a view to making also more secure chips for PCs and commercial mass market devices in general, are, as reported in the links I’ve provided at the start of this thread, things now under study.

Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).

MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV

Reply | Quote

OscarCP wrote:

computers dependent on being connected to the Internet of Things would be a real bother. But I am guessing that I will be able to get (if necessary having them custom-made for me) computers that do not require such connections to let me do what I need to do.

Generally, when people say “Internet of Things (IoT)”, they refer to all of the “smart”, connected devices other than your computer or phone. The problem with these IoT devices is that they are difficult, if not impossible, to make secure. That’s where the vulnerability comes in.

When you speak of a computer which connects to these devices, if you want to avoid the vulnerabilities of IoT devices, the manufacturers will need to build better security into them, something which up until now has not been happening.

In other words, it’s not the computer that needs to be addressed here, it is the devices themselves.

Group "L" (Linux Mint)
with Windows 10 running in a remote session on my file server

1 user thanked author for this post.

Elly

Reply | Quote

MrJimPhelps:   ” In other words, it’s not the computer that needs to be addressed here, it is the devices themselves. ”

Actually, this is about making the chips in both those devices and in PCs safer to use without being hacked. Of course, the need for more secure devices with more secure chips will be greater the day that  “Apps” from manufacturers of IoT devices are designed for checking on them remotely, so they actually connect to those devices. Particularly if they are set up by default to monitor them automatically at regular intervals.

Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).

MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV

Reply | Quote