Connect with us

Gadgets

‘Plundervolt’ attack breaches chip security with a shock to the system – TechCrunch

Published

on

Today’s devices have been secured against innumerable software attacks, but a new exploit called Plundervolt uses distinctly physical means to compromise a chip’s security. By fiddling with the actual amount of electricity being fed to the chip, an attacker can trick it into giving up its innermost secrets.

It should be noted at the outset that while this is not a flaw on the scale of Meltdown or Spectre, it is a powerful and unique one and may lead to changes in how chips are designed.

There are two important things to know in order to understand how Plundervolt works.

The first is simply that chips these days have very precise and complex rules as to how much power they draw at any given time. They don’t just run at full power 24/7; that would drain your battery and produce a lot of heat. So part of designing an efficient chip is making sure that for a given task, the processor is given exactly the amount of power it needs — no more, no less.

The second is that Intel’s chips, like many others now, have what’s called a secure enclave, a special quarantined area of the chip where important things like cryptographic processes take place. The enclave (here called SGX) is inaccessible to normal processes, so even if the computer is thoroughly hacked, the attacker can’t access the data inside.

The creators of Plundervolt were intrigued by recent work by curious security researchers who had, through reverse engineering, discovered the hidden channels by which Intel chips manage their own power.

Hidden, but not inaccessible, it turns out. If you have control over the operating system, which many attacks exist to provide, you can get at these “Model-Specific Registers,” which control chip voltage, and can tweak them to your heart’s content.

Modern processors are so carefully tuned, however, that such a tweak will generally just cause the chip to malfunction. The trick is to tweak it just enough to cause the exact kind of malfunction you expect. And because the entire process takes place within the chip itself, protections against outside influence are ineffective.

The Plundervolt attack does just this, using the hidden registers to very slightly change the voltage going to the chip at the exact moment that the secure enclave is executing an important task. By doing so they can induce predictable faults inside SGX, and by means of these carefully controlled failures cause it and related processes to expose privileged information. It can even be performed remotely, though of course full access to the OS is a prerequisite.

In a way it’s a very primitive attack, essentially giving the chip a whack at the right time to make it spit out something good, like it’s a gumball machine. But of course it’s actually quite sophisticated, as the whack is an electrical manipulation on the scale of millivolts, which needs to be applied at exactly the right microsecond.

The researchers explain that this can be mitigated by Intel, but only through updates at the BIOS and microcode level — the kind of thing that many users will never bother to go through with. Fortunately for important systems there will be a way to verify that the exploit has been patched when establishing a trusted connection with another device.

Intel, for its part, downplayed the seriousness of the attack. “We are aware of publications by various academic researchers that have come up with some interesting names for this class of issues, including ‘VoltJockey’ and ‘Plundervolt,’ it wrote in a blog post acknowledging the existence of the exploit. “We are not aware of any of these issues being used in the wild, but as always, we recommend installing security updates as soon as possible.”

Plundervolt is one of a variety of attacks that have emerged recently taking advantage of the ways that computing hardware has evolved over the last few years. Increased efficiency usually means increased complexity, which means increased surface area for non-traditional attacks like this.

The researchers who discovered and documented Plundervolt hail from the U.K.’s University of Birmingham, Graz University of Technology in Austria, and KU Leuven in Belgium. They are presenting their paper at IEEE S&P 2020.



Source link

Continue Reading

Gadgets

Report: Windows 11 22H2 update will be released on September 20

Published

on

Enlarge / A selection of apps from the Microsoft Store.

Microsoft

Windows 11’s first major update, also called Windows 11 22H2, is due to be released to the public on September 20, according to separate reports from The Verge and Windows Central.

The update has been available in near-final form in Microsoft’s Windows Insider Preview channels since May, and we’ve already covered most of its major changes—Windows 11 22H2 will include a few new security features (and new default settings for existing features), a redesigned Task Manager, new touchscreen gestures and window management features, and tweaks for the Start menu and taskbar, among other things. It also continues to replace old bits of Windows 8- and 10-era UI (like the brightness and volume indicators) with rounded Windows 11-style versions, bringing more visual consistency to Windows PCs.

Like all major Windows updates, it likely won’t be offered to all current Windows 11 users on September 20. Microsoft usually sends the update to a small number of PCs first and gradually expands availability until all Windows 11 PCs have installed it. Users can manually install new updates by downloading an ISO or using the Windows 11 Installation Assistant from this page.

Microsoft’s update plans for Windows have changed a lot in the last year, and they’re reportedly still in a state of flux. The company said last year that Windows 11 would receive major updates once a year and that Windows 10 would move from its twice-a-year update model to the same once-per-year schedule. But even as the pace of major updates has officially slowed down, Microsoft has also made some changes to its development and release practices that allow it to roll out small- to medium-size changes at shorter intervals. In the 10 months since Windows 11 was released, we’ve gotten a long list of user interface tweaks, updates for a number of preinstalled first-party apps, and Android app support. Microsoft also reportedly plans to go back to releasing new numbered Windows versions every three years or so, although the company has neither confirmed nor denied this.

For Windows 10 users who can’t or don’t want to install Windows 11, Windows 10 is getting its own 22H2 update. Microsoft released a preview build for it late last month, but the company isn’t talking about what this update actually does. It’s not likely to include many big user-facing improvements.

Continue Reading

Gadgets

Pixel 6 owners who upgrade to Android 13 can never go back

Published

on

Android 13 is slowly rolling out to Pixel phones, but here’s something to consider when that update message finally pops up on your device: You can never go back.

Google is apparently changing the way Android updates are enforced on its latest devices. A new warning message on the Pixel Factory Image page says that the Pixel 6, 6 Pro, and 6a can never go back to older versions of Android once they update:

Anti-rollback was first introduced in Android 8 as a security feature. Google can patch all the exploits it wants, but security fixes are meaningless if an attacker can just roll back a device to a previous version that’s full of security holes. Rollback protection works by recording the newest installed version into tamper-evident storage that persists across device wipes, and now the system knows if it’s on an old version or not. Previously, this feature would just show a warning message on boot (and it looks like that will still happen on the Pixel 5 and lower), but now, Google plainly says of the Pixel 6, “You will not be able to flash older Android 12 builds.”

It’s not clear why only the Pixel 6 is affected by this change. If you don’t count Android 12L, this is the Pixel 6’s first major OS update. The three phones listed are also the only three phones that use Google’s first in-house SoC, the Google Tensor, so maybe the chip is flexing its muscles with new anti-downgrade capabilities.

This isn’t a big deal for most consumers, but in previous Android versions, it was nice to have an escape hatch if Google came out with a particularly buggy first release. If you frequently try out different software builds, this change will presumably mean that you can’t use any older third-party ROMs, either.

Continue Reading

Gadgets

Almost-certain Nest Wifi appears at FCC with Wi-Fi 6E on-board

Published

on

Enlarge / We can’t show you Google’s likely new Nest Wifi router because it’s confidential. But “white” and “spherical” are pretty good bets.

Google has a new device awaiting approval at the FCC, and all signs point to it being an updated Nest Wifi router that not only addresses the notable lack of Wi-Fi 6 on its last model but leapfrogs ahead to Wi-Fi 6E.

In FCC documents made available yesterday, Google asked the FCC to keep confidential its schematics and operational details, including an “Internal Proprietary Antenna Solution consisting of 6 antennas.” As pointed out by Android Police, the fillings also show support for the 6 GHz frequencies of Wi-Fi 6E. There are also the standard 2.4 and 5 GHz bands, Bluetooth Low-Energy, and the 2.4 GHz frequencies that smart home connection standard Thread relies upon.

The model number—A4R-G6ZUC—is akin to other Nest products, and 9to5Google says it has confirmed that this is the number for the next Nest Wifi router.

In late 2019, when Google skipped Wi-Fi 6 for Nest Wifi, citing (questionable) cost concerns, we noted that a Wi-Fi 6 router wouldn’t do much for a home mostly filled with Wi-Fi 5 and 4 (i.e., 802.11ac and 802.11n) devices. And yet, had Nest’s router and points used Wi-Fi 6, their ability to use this newly freed-up spectrum space to speak to newer devices—and especially for backhaul moving of traffic from node to node—could have benefitted homes full of noisy devices or those competing with close-by neighbors’ gear.

It’s the same story with Wi-Fi 6E. There’s a small list of devices using the relatively recent Wi-Fi 6E right now: the Pixel 6 and 6a, Samsung’s Galaxy S21 Ultra, some brand-new laptops (not including the latest MacBook Air), and any PC you upgrade yourself with a 6E card. Wi-Fi 6E also lets devices make use of the wider 80 and 160 MHz channels, opening up capacity and reducing interference.

Broadcom chart illustrating the difference between a noisy 5GHz channel and a clean 6GHz channel.
Enlarge / Broadcom chart illustrating the difference between a noisy 5GHz channel and a clean 6GHz channel.

Broadcom

It’s worth noting that this FCC filing is only for a Nest Wifi router. It remains to be seen whether Google will offer Nest hubs with built-in speakers, as with the previous Nest Wifi. One more notable improvement Google could latch onto new Nest hubs would be Ethernet ports, something painfully lacking from the current generation.

In our benchmark review of Nest Wifi, we were impressed with Nest’s coverage of a 3,500-square-foot, difficult-layout home but found lots of room for improvement. Given the other options available at the same price points, it seemed like an option best suited for those already enthusiastic about Google Assistant speakers.

By the time Nest Wifi arrives (likely at an October Google hardware event), there will probably be strong Wi-Fi 6E mesh competition. We’ll see if the product has the same value proposition then.

Continue Reading

Trending