[tor-relays] Exploiting firmware

[Duncan Guthrie]

What I was originally getting at was that the parts of the Raspberry Pi 
that are completely proprietary - while there is a free software 
implementation of the GPU blob, most people don't use that, as they are 
on stock Rasbian, which includes all the nasty "other parts" - are a 
great possibility for hijacking, perhaps through malicious code running 
on the GPU, which controls the CPU in several ways. The problem with 
this isn't that this is unique (Intel computers having so much more 
attack surface) but that a flaw in lots of these small computers that 
power a portion of the network means that an exploit in them due to lack 
of diversity would be much more serious.

The management engine blob is also very serious. One possible mitigation 
might be to run the relays in VMs with good isolation, e.g. Xen on 
recent hardware which has good IOMMU. This makes it much harder to 
exploit the actual software that runs on the ME since the VMs would, in 
theory, have no access to hardware.

It should be of concern on any hardware that is being used for related 
purposes, I think. However, whether it works out in practice as a 
backdoor that is worth exploiting vs other methods is debatable.

Regardless, diversity is good.

On 07/12/16 20:35, Gumby wrote:
>   Subject seems to have changed a bit, so not hijacking it.
> When thinking of any exploitation of firmware - should there be 
> concerns of Intel's Management Engine in the CPU of any relays
>  running on "home hardware" in any common unused pc or laptop?
> Should that be a concern on ANY newer Intel hardware?
>
> Gumby