The rosenbridge backdoor is a small, non-x86 core embedded alongside the main x86 core in the CPU. It is enabled by a model-specific-register control bit, and then toggled with a launch-instruction. The embedded core is then fed commands, wrapped in a specially formatted x86 instruction. The core executes these commands (which we call the 'deeply embedded instruction set'), bypassing all memory protections and privilege checks.
While the backdoor should require kernel level access to activate, it has been observed to be enabled by default on some systems, allowing any unprivileged code to modify the kernel.
Good news is the exploit requires the backdoor to be enabled by default, so it should be fixable via BIOS updates on affected systems.
Bad news is until those roll out, we could have a real problem on our hands since this exploit is incredibly easy to execute on affected systems. All you need is userland shell access. You wouldn't even need the ability to upload files to the system; the code is so small (~45 lines) you could easily type it out and compile it yourself.
https://raw.githubusercontent.com/xoreaxeaxeax/rosenbridge/master/rosenbridge.gif
https://github.com/xoreaxeaxeax/rosenbridge
Somebody will probably write an article on it after the conference that's going to be held on it tomorrow. I'll update the OP if/when I see one.
VIA’s embedded platform products have reportedly (2005) been adopted in Nissan’s car series,[4] the Lafesta, Murano, and Presage. These and other high volume industrial applications are starting to generate big profits for VIA as the small form factor and low power advantages close embedded deals.
This is fine.
I wouldn't worry about cars. Older cars like that obviously aren't connected to the internet so you'd have to gain access physically (i.e. over UART or something), which already obviously isn't going to happen. The chances that you could then do anything useful with the embedded computer of an older car is even lower; they usually don't control anything critical to driving. I don't think anything much newer than that would be using a C3 either.
A bigger concern would be if a utility company has old-as-shit equipment powered or monitored by a C3 Linux box hooked up somewhere important. That scenario isn't too hard to imagine.
you gotta get a good 'runner, one that's as sneaky in the flesh as she is on the net, to get hooked into a rival crew's aerodyne. once you're hooked in, though, they won't know what hit them
Most CPUs in the market are backdoored (maybe not the POWER8 and RISC-V ones tho).
What a shitty world we live in.
15 year old cars have throttle by wire and computerized SRS systems. You really think someone couldn't royally hose your day up if they could mess with those two systems while you're going down the freeway? And hell, any car with OnStar(I know, GM, not the mark in question here) has the necessary equipment included to be commanded wirelessly, as OnStar can remotely kill the engine in the event the car is reported stolen.
We're getting to the point where modern cars are vulnerable to remote intrusion. And with more and more systems on the car being 'by-wire', automotive infosec is quickly becoming a literal life-and-death issue that automakers absolutely must address.
This. All of this. The moment cars got wi-fi hotspots and 4G connectivity my first thought was "Welp, new attack vector." Because that's essentially what it is: A pointless feature that only serves to make occupants more unsafe and simply gives more surface area for attackers to breach. Especially with how bad opsec already is for cars.
And there's precedent.
https://www.wired.com/2015/07/hackers-remotely-kill-jeep-highway/
A year later those same hackers got into one of the patched jeeps to demonstrate what they could have done with the vulnerability they found.
https://www.wired.com/2016/08/jeep-hackers-return-high-speed-steering-acceleration-hacks/
[quote]When they tested that last attack while driving at 30 miles per hour on
an empty road running through cornfields north of St. Louis, Miller and
Valasek say they lost control of the Jeep, crashed it into a ditch, and
had to wait for a friendly local to tow them out.[/quote]
There's no paranoia about it. Automotive infosec is a life-and-death issue and car companies have already had to release patches and recall cars because of it. Luckily it was white hat hacking that didn't actually kill anyone, but, yeah.
Damn, I hate it when VIA gets hit. They're the last indie x86 manufacturer.
maybe they shouldn't add a backdoor to their cpus then...
if you have access to a car's physical obdi port you already can do a lot worse.
Sorry, you need to Log In to post a reply to this thread.
