Conversation

Oh, for fuck's sake. (Pretty cool though.)

arstechnica.com

In a first, researchers extract secret key used to encrypt Intel CPU code

Hackers can now reverse-engineer updates or write their own custom firmware.

Replying to

What does this unlock? Does it allow for custom instructions?

Replying to

and

It's not a bypass for signature verification. There's older hardware with vulnerabilities in the signature verification but this is not itself a bypass of a real security feature. It will help people to make use of those kinds of security vulnerabilities though.

Replying to

and

This kind of encryption is not much of a security feature. It's obfuscation that's inherently possible to bypass by extracting the decryption key from hardware. Apple does it too. I think it's quite misguided and ends up reflecting poorly on these companies when it's bypassed.

3:51 PM · Oct 29, 2020Twitter Web App

Replying to

and

Depending on source code not being leaked and keys not being extracted from hardware as barriers to exploitation is concerning. They should welcome security research and make it easier rather than putting up obstacles. Focus on actually making it secure not hard to research it.