[NOTICIA RAPIDA] vulnerabilidad en intel afecta SSH,Apollo Lake muerte prematura

Con la novedad que científicos de una universidades en Amsterdamn y Zurich explotaron un "feature" de los procesadores intel que permite conectar ciertos componentes (como tarjetas de red ) directamente al cache del cpu para acelerar el desempeño. Este "feature" llamado DDIO baja la latencia y consumo electrico mientras que aumentaba la velocidad de transferencia.

Pero ahora demuestran que es un agujero de seguridad muy profundo, que bajo ciertas circumstancias permiten obtener datos sensitivos y hasta "keystrokes" que pasan a travez de la memoria de estos servidores afectados.

Para datacenters que usen este tipo de sistema llamado DDIO, es letal, ya que permite que un hacker rente una cuenta virtual o un servidor compartido, permita que ataquen otros clientes en ese mismo servidor. Esto incluye permite robar las claves y llaves de teclado que se aprieten mientras se usa SSH entre un servidor y un servidor de aplicación.
Y segun los researchers, esto es solo la punta del iceberg. Ya que se piensa que se puedan aumentar el rango de ataques.
.

In late 2011, Intel introduced a performance enhancement to its line of server processors that allowed network cards and other peripherals to connect directly to a CPU's last-level cache, rather than following the standard (and significantly longer) path through the server's main memory. By avoiding system memory, Intel's DDIO—short for Data-Direct I/O—increased input/output bandwidth and reduced latency and power consumption.

Now, researchers are warning that, in certain scenarios, attackers can abuse DDIO to obtain keystrokes and possibly other types of sensitive data that flow through the memory of vulnerable servers. The most serious form of attack can take place in data centers and cloud environments that have both DDIO and remote direct memory access enabled to allow servers to exchange data. A server leased by a malicious hacker could abuse the vulnerability to attack other customers. To prove their point, the researchers devised an attack that allows a server to steal keystrokes typed into the protected SSH (or secure shell session) established between another server and an application server.

Source: www.vusec.net/projects/netcat/ arstechnica.com/information-technology/2019/09/weakness-in-intel-chips-lets-researchers-steal-encrypted-ssh-keystrokes/


Mientras tanto. Intel lanzo una alerta o advisory respecto a sus procesadores basados en la tecnología APOLLO LAKE (en su mayoría pentiums y Celeron para equipos embeeded, tabletas de bajo consumo y equipos de red como routers, NASes y similares.
En donde se están dando reportes de fallas masivas y degradamiento en los componentes e los procesadores basados en la tecnología APOLLO LAKE.

According to a Product Change Notification (PCN) document, which isn’t currently available online, but reported on by Tom’s Hardware, Intel is planning to replace four of its Celeron and Pentium Apollo Lake processors due to degradation in performance.

According to Intel, it has “identified an issue with the Low Pin Count (LPC), Real Time Clock (RTC), SD Card interfaces on Intel Celeron N3350, J3355, J3455 processors and Intel Pentium N4200 processor resulting in degradation of these signals at a rate higher than Intel's quality goals after multiple years in service.”

Essentially, Intel is saying that these Apollo Lake processors, which are based on its Goldmont microarchitecture and 14nm process node, could die before the warranty is up – so Intel is planning on refreshing the entire Apollo Lake lineup.

En su caso, estos procesadores están muriendo mucho antes de que se acaben la garantía. Diversos reportes dicen que esta afectando a ciertas compañías como SYNOLOGY que usa mucho de estos procesadores para sus NASes.
E incluso ciertas compañías de routers.

Intel Apollo Lake processors are mainly found in budget laptops and desktops, as well as 2-in-1 devices and all-in-one PCs, and the affected CPUs are the Celeron J3455, J3355, N3350 and Pentium N4200.

Intel has previously had problems with LPC bus degradation – which seems to be the problem here – with its Atom C2000 series of processors, as well as its E3800 series CPUs – which led Intel to creating a reserve fund to cover the costs of replacing the processors.

The affected Apollo Lake processors will move from the old B1 stepping to new F1 stepping in a bid to avoid the problem, and the new processors will have an ‘E’ suffix in their name to help customers identify the new CPUs – so they will be the Celeron J3455E, J3355E, N3350E and Pentium N4200E.

According to Tom’s Hardware, Intel is telling its customers to move from their existing CPUs to the new versions. Of course, this is easier said than done, as many of the products the affected Apollo Lake processors are in are not easily upgradable – which means you may have to buy an entirely new device.

Intel decide entonces recomendar a clientes que "reemplacen el procesador afectado. Es facil decirlo no? Ya que mucho de los equipos basados en Apollo Lake estan soldados (2 en 1, routers, etc..) lo cual no permiten reemplazos.
Osea intel te dice que "ni modo, compra un producto nuevo con el nuevo chip".


Sources: www.tomshardware.com/news/intel-apollo-lake-refresh-degradation-cpu-failure,40362.html
www.techradar.com/news/are-intel-apollo-lake-processors-already-dying

Pues intel le golpeo duro el PR porque ahora puso un "dijo mi mama que siempre no".

www.tomshardware.com/news/intel-apollo-lake-cpu-not-dying-pcn-lpc-bus-degradation,40378.html

Aunque hay rumores de que expertos en ChipHell dicen que si hay degradación, pero no tan extrema. y "Esperan" que sea degradacion DESPUES de la garantia.

twitter.com/david_schor/status/1171821536786952195?s=21

No, they do suffer the LPC bus degradation problem. There is no reversal. You'll simply encounter it past the operating lifespan of the chip. The new PCN is just a clarification that the longevity issue is limited to the IOTG parts which have a 15-year manufacturing availability.