edit/commentary:
Anyone else not surprised by this? I really hope that if backdoors like this are being added to recent silicon, that there is at least some form of cryptographic handshake, not just a few bits that need to be toggled. Feels grossly irresponsible to me, but after elliptic curve, can we expect anything less negligent.
Wow! The part that stands out to me isn’t the vulnerability itself, its how it was discovered. Dude combed through patents to even just find a system that might be exploitable! That is some next level thinking right there. I am impressed.
This. When I read the article I instantly recognised this from some datasheet-browsing I did many years ago. It’s not a “coprocessor”, it’s not a backdoor, it’s just access to the internal core. It’s even documented in the datasheet itself:
Edit: Now it’s all coming back to me. I was exploring the 0F opcode space and came upon 0F 3F, which happens to be the “enter alternate execution mode” instruction when it’s enabled. There are a lot of other interesting results if you Google “0F 3F”, although I remember them being a lot more relevant when I originally discovered this…
I always find it ridiculous that so often no one thinks to add some form of authentication to hardware debug features. I know it’s more complexity and debug features are from troubleshooting hardware during design… But still.
I love this in the comments section
“There’s back doors in just about all software/firmware, there has to be. It’s how engineers bypass all the bs and restrictions to fix/tweak/update stuff while still in alpha/beta testing. What sucks is when that backdoor becomes part of the software/firmware and requires a major overhaul to remove it. So it gets left there and buried until some enterprising jerk with too much time on his hands decides to go find it. Then it becomes a matter of damage control.”
Kinda like when you lose your keys and the locksmith takes of the left rear turn signal light cover, looks inside at a hidden number, and gets a key from the van and charges you 200 bucks.
PS. I drive a truck for a living, my entire life is low effort