How do you not feel embarrassed after typing that edit. The iPhone flair also gives it a special kind of irony. The timing of me finding this post 5 years later right when there's a discovery of the NSA backdoor in Apple A12-A16 chips is impeccable.
How do you not feel embarrassed after typing that edit. The iPhone flair also gives it a special kind of irony. The timing of me finding this post 5 years later right when there's a discovery of the NSA backdoor in Apple A12-A16 chips is impeccable.
Unpopular take incoming:
The nsa backdoor is most likely in every arm thing. Also it’s probably a “western” power.
Companies don’t design microprocessors “from scratch”, they license functional units and include them. Either the backdoor was part of some part that was licensed for inclusion in a12-a16 or it’s part of a domestic spying program that apples not allowed to talk about and was directed to include.
Either way, if the details of that generation of chips are resolvable with sem, expect to hear about more arm chips with it in the future.
It’s most likely a western power because the people that found it are from kaspersky. It was being used against them.
If you read this post and got worried because you have an iPhone: the physical hardware vulnerability in question took a complex multi step process involving three vulnerabilities to even access. Update to ios 16.6 or higher to remove the three other vulnerabilities and remove the ability of that physical backdoor to be addressed.
If you’re worried that this means you should switch away from your phone asap: as I said above, there’s a good chance this affects many arm chips. If you already have a device that has been patched, consider sticking with the devil you know.
I've only skimmed it but it looked like this was based on unusual peripherals outside the ARM core, rather than something standard. Have you read deeper into it?
Kasperskys thing said it was in the gpu address space. It doesn’t need to be in that space, since it’s afaik just a hardware cipher. You are correct though, the gpu is a weird peripheral that’s not part of the cpu core.
E: it’s worth saying outright that almost every soc or cisc processor has a gpu built in so it’s not like the weird peripheral in question is all that weird or even really much of a peripheral, considering it’s built into the device and these chips are designed to handle user input. The qualcoms in Samsung phones for example have had built in gpus since 2008. Intel core processors have had built in gpus in most since westmere in 2010.
E2: talking with someone about this I realized something important isn’t obvious at first glance: the peripheral in gpu address space status of the hardware backdoor doesn’t matter in the slightest because we don’t know where on the actual silicon wafer it is. The a series chips, and all arm chips in stuff nowadays, have the gpu and a bunch of other peripherals built into them, all on the same die. The only reason the backdoor is being talked about like a peripheral is because it’s doing memory mapped I/o. The only reason it’s being talked about with the gpu is because it’s in the address space reserved for the gpu. The a series, and all normal mobile arm processors, have a memory management unit that figures out where some 64bit hex address actually goes to or if it goes at all. I could put on my sicko hat and have stuff located smack in the middle of the floating point unit and it would work fine and you’d be none the wiser because all your requests go through the mmu and bear no relationship to the physical location on the silicon die and I’d do it again!
There is no evidence I’ve seen that this little 20 bit cypher, a drop in the ocean of transistors that is a modern microprocessor, requires a gpu or even needs to be outside the official arm stuff.
We would never know because it’s one memory address in literally 18 quintillion addresses in the 64 bit space.
i've always heard that like every device with a chip and an internet connection has NSA backdoors, they won't let them be sold without them.
I don't think it's generally so direct. backdoors are only so useful until they leak and companies have to patch them because now anyone can make use of them. so the NSA tries to put backdoors into cryptographic standards and the like where they're literally the only ones who hold the keys and the strength of the protocols prevents anyone else from discovering those keys independently (see: the kerfuffle over the NIST elliptic curve). beyond that, they employ lots of people to try and develop 0-days, which give them backdoors companies don't know about. I'm sure they do try and strongarm companies into adding more overt backdoors but it's kind of a dumb plan - it's what politicians think works but it's really just making it easier for adversaries to attack the US. who knows, maybe they are that dumb, though.
I doubt ARM's designs have backdoors in them, too many people can look at them. It is better to just put the backdoors in a level lower, especially because those companies, Qualcomm and Apple are American but ARM isn't.
I agree. Every Chinese chip maker will look at those design and revise them.
While it doesn’t matter if arm(r)’s designs have these specific bits in them because no one is using a basic straight off the rack arm chip, two other possibilities are that the backdoor was a debugging tool or added in by a contractor that’s a security cutout. Both are very possible.
Being able to input your secret code and bypass that pesky mmu would help in low level debugging and if you were a spook wanting to get your shit in a chip it’s a lot easier to hire the person contracted to design the chunks of silicon that get licensed than to actually get an agreement going with the company that’s putting it all together.