Forwarded From: William Knowles <erehwon@kizmiaz.dis.org>
(Wired News) [2.23.99] A German computer magazine claims to have found a
way to hack the controversial serial number in the forthcoming Pentium III
chip.
Computer Technology, or c't, says that contrary to Intel's claims, the
identifying Processor serial number in the Pentium III can be secretly
turned on and off without the user's knowledge by a small software
program.
Intel included the number in the chip to provide a secure identifier for
e-commerce and help system administrators keep track of large networks.
But an outcry from privacy activists, who said the ID number would make it
impossible to remain anonymous on the Internet, forced Intel to recommend
that computer manufacturers ship systems with the identifying number
turned off.
Intel claims this is secure because once turned off, the number cannot be
turned on again without a hardware reset, typically when the computer is
shut down and rebooted -- a feature Intel said was designed to make it
near-impossible for the serial number to be reset without the users'
knowledge. Pentium III machines will come with a special software utility
to let users turn the number on and off.
"We have proven that this is wrong," said Christian Persson, editor in
chief of c't, a bi-weekly magazine based in Hannover. "We must ask if
there is any use for the serial number any more."
According to Persson, the magazine's on/off hack exploits the Pentium
III's deep sleep mode, a form of hardware reset that doesn't actually turn
the system completely off. The serial number is reset when the chip is
woken up.
Persson says the reset can be done over the Internet, via a Direct X
control, or better, implemented as a Trojan horse in a software installer.
"To do it in a good way, you have to hide it from the user," Persson says.
"It's best to do it during installation of software, as a Trojan horse.
Then you can read the number, store it anywhere on the computer, and send
it at any time."
Persson said the flaw was discovered by Andreas Stiller, a hardware editor
and the magazine's resident chip expert. Persson said Stiller worked out
the hack from published plans of the chip and system architecture.
"It was only a question of time before crackers used this procedure
because it is not based on secret information." Persson said.
Persson said Intel in Germany confirmed that the chip's serial number can
indeed be reset this way and now recommends computer manufacturers put a
special on-off switch in the system BIOS -- a layer of control
inaccessible to most users -- to prevent the serial number being switched
on by software.
However, Intel in the US stood by its claims that the serial number can
only be re-enabled after a hardware reset and that it has recommended all
along that manufacturers put another switch in BIOS for extra security.
"The way we designed it was to make it difficult for someone hacking or
sending a virus over the Internet to reset the serial number without your
knowledge," said spokesman Tom Waldrop from Intel's Santa Clara,
California, headquarters. "It is conceivable that a control utility can be
hacked or a serial number read but it's very difficult. And you have to
ask what would be done with the number after it was read? What good is it
to anyone anyway?"
Waldrop said that the deep sleep mode is only a feature of chips for
mobile systems, which will not be available immediately. Further, Waldrop
says Intel's on/off utility polls the CPU every 15 seconds to make sure
the chip's status corresponds to the utility's default setting. If the
default setting is off but the serial number has been secretly turned on,
the utility will reset the serial number after 15 seconds. The chip does
not have to be hardware reset to turn the serial number off, Waldrop
noted.
The Electronic Privacy Information Center, which helps organize the
BigBrotherInside boycott campaign, called for a recall of the chip.
"It looks like a pretty serious flaw," said Dave Banisar, EPIC's policy
director. "It's been one disaster after another for Intel. It was
inevitable that someone would discover how to do something like this. All
of Intel's claims that people's privacy was going to be protected was
built on a house of sand."
However, Persson says that while he understands the importance of privacy
issues, he doesn't think the Pentium III serial number is a serious
invasion of privacy. Persson pointed out that there are unique serial
numbers on a lot of hardware, especially hard disks, that could also be
used for ID purposes if anyone cared to.
"Really this is not such a big issue," he says. "I must say, I do not
understand all the fuss. I think people do not like Intel so much and use
this to kick their ass."
-o-
Subscribe: mail majordomo@repsec.com with "subscribe isn".
Today's ISN Sponsor: Internet Security Institute [www.isi-sec.com]
Received on Thu Mar 11 17:28:04 1999