New CPU Bug Found

[jonbrown...@gmail.com]

New CPU backdoor has been found with code available here: https://github.com/xoreaxeaxeax/rosenbridge

Anyone mind checking if Thinkpad 230 is affected?

[Sphere]

On Tuesday, August 14, 2018 at 7:44:18 AM UTC+8, jonbrown...@gmail.com wrote:
> New CPU backdoor has been found with code available here: https://github.com/xoreaxeaxeax/rosenbridge
>
> Anyone mind checking if Thinkpad 230 is affected?

Wow... things sure are going rough in the firmware/hardware/low-level instruction side of things

[tier...@gmail.com]

On Tuesday, August 14, 2018 at 12:44:18 AM UTC+1, jonbrown...@gmail.com wrote:
> New CPU backdoor has been found with code available here: https://github.com/xoreaxeaxeax/rosenbridge
>
> Anyone mind checking if Thinkpad 230 is affected?

It is thought that only VIA C3 CPUs are affected by this issue. The C-series processors are marketed towards industrial automation, point-of-sale, ATM, and healthcare hardware, as well as a variety of consumer desktop and laptop computers.

Thinkpads are Intel. But don't think for a second a 0-day for Intel/AMD doesn't exist, and isn't actively being exploited. Security is broken.

[brenda...@gmail.com]

On Monday, August 13, 2018 at 7:44:18 PM UTC-4, jonbrown...@gmail.com wrote:
> New CPU backdoor has been found with code available here: https://github.com/xoreaxeaxeax/rosenbridge
>
> Anyone mind checking if Thinkpad 230 is affected?

As per earlier in the thread, this only applies to some older VIA C3 CPUs. Also: the "bug" is a documented feature of those CPUs and can only be initially enabled via a privileged instruction...so...