Some x86 CPUs have hidden backdoors that let you seize root by sending a command to an undocumented RISC core that manages the main CPU, security researcher Christopher Domas told the Black Hat conference here Thursday (Aug. 9).
The command — “.byte 0x0f, 0x3f” in Linux — “isn’t supposed to exist, doesn’t have a name, and gives you root right away,” Domas said, adding that he calls it “God Mode.”
The backdoor completely breaks the protection-ring model of operating-system security, in which the OS kernel runs in ring 0, device drivers run in rings 1 and 2, and user applications and interfaces (“userland”) run in ring 3, furthest from the kernel and with the least privileges. To put it simply, Domas’ God Mode takes you from the outermost to the innermost ring in four bytes.
“We have direct ring 3 to ring 0 hardware privilege escalation,” Domas said. “This has never been done.”
That’s because of the hidden RISC chip, which lives so far down on the bare metal that Domas half-joked that it ought to be thought of as a new, deeper ring of privilege, following the theory that hypervisors and chip-management systems can be considered ring -1 or ring -2.
“This is really ring -4,” he said. “It’s a secret, co-located core buried alongside the x86 chip. It has unrestricted access to the x86.”
The good news is that, as far as Domas knows, this backdoor exists only on VIA C3 Nehemiah chips made in 2003 and used in embedded systems and thin clients. The bad news is that it’s entirely possible that such hidden backdoors exist on many other chipsets.
NASA is pursuing a program that integrates unmanned aircraft systems (UAS) into the National Airspace System, or UAS-NAS. This involves identifying, developing, and testing the technologies and procedures that will make it possible for UAS to have routine access to airspace occupied by human-piloted aircraft.
The project uses modeling, simulations, and flight tests to develop and test technologies that provide safe, effective, secure capabilities including detect and avoid (DAA) and command and control (C2).
Officials of the Adelphi contracting division of the Army Contracting Command at Aberdeen Proving Ground, Md., announced plans Friday to negotiate sole-source with the Lockheed Martin Missiles and Fire Control division in Grand Prairie, Texas, on an HPM UAV weapons project.
Lockheed Martin engineers will develop high-powered-microwave airborne counter unmanned aircraft systems (CUAS), including the necessary development, integration, and support necessary to field HPM weapons-equipped UAVs.
Specifically, Army leaders want Lockheed Martin to develop HPM weapons and other kinds of UAV payloads able to disable or destroy adversary UAVs. Weapons payloads for UAVs that are under consideration include explosives, nets, entanglers, streamers, and high-powered-microwave systems.
High-power microwaves represent a class of non-lethal weapons designed to destroy or disable enemy electronic systems with jolts of powerful electrical energy. It can fry electronics in much the same way as the electromagnetic pulse (EMP) from a nuclear detonation can disrupt electronics.
WASHINGTON – Some of the most iconic weapons of the past 17 years of war are quickly becoming a relic of the past, top Air Force officials say. Breaking Defense reports. Continue reading original article
The Military & Aerospace Electronics take:
6 Aug. 2018 — The Air Force is rushing toward a mix of almost-ready and yet-to-be-developed technologies, including artificial intelligence (AI), cloud computing, hypersonics, drone swarms, and clouds of tiny cubesats capable of sucking up data and beaming it back down to operators the ground in real time.
After running red team exercises looking at what some of the biggest future challenges might be for the Air Force, leaders concluded that the Predator and Global Hawk unmanned aerial vehicles (UAVs) of today are not far away from becoming mere museum pieces.
Not only does the Air Force want to get its people away from staring at computer screens to recognize, interpret, and identify what they’re seeing, but also seeks to develop processing and exploitation at the sensor. [from M&AE]
Dreamturning on the lathe of mind. I share articles about many different interests. Occasionally I’ll actually blog my own thoughts. You can find some of my writing and poetry here.