Intel breathes a sigh of relief as the spotlight moves off of them for a beat.

  • db2@lemmy.world
    link
    fedilink
    English
    arrow-up
    0
    ·
    3 months ago

    It does mean that any secondhand computer or CPU (or even CPU from a sketchy source) could be compromised prior to being physically sold.

    It’s worse than that, any AMD chip from any source except maybe AMD directly is suspect. Mine is a few years old from Amazon supposedly new, for all I know it came compromised and is sitting there doing what I tell it to until it triggers and I won’t even know when or if it happens.

    • rhombus@sh.itjust.works
      link
      fedilink
      English
      arrow-up
      0
      ·
      3 months ago

      If I understand it correctly, the chip has the vulnerability, but the malware would be installed on the motherboard in the form of a bootkit. So getting a used CPU is not a threat, but getting a used motherboard is (and kind of always has been) a risk.

      • db2@lemmy.world
        link
        fedilink
        English
        arrow-up
        0
        ·
        3 months ago

        It allows for adulteration of firmware, the CPU has firmware. 🤷

        • rhombus@sh.itjust.works
          link
          fedilink
          English
          arrow-up
          0
          ·
          3 months ago

          CPU firmware exploits are incredibly rare, if there even are any that exist beyond proof-of-concept. The chances of getting an infected CPU from this is so unlikely it’s practically impossible.

    • SupraMario@lemmy.world
      link
      fedilink
      English
      arrow-up
      0
      ·
      3 months ago

      That’s not how this exploit works at all…you have to have physical access to the machine basically. This is a nothing burger.

        • SupraMario@lemmy.world
          link
          fedilink
          English
          arrow-up
          0
          ·
          3 months ago

          It’s not going to be there because if you’re compromised via physical access, no one is going to give a shit about this exploit… it’s like someone having the keys to your house and then being worried they’re going to smash out a window to gain access.

          • db2@lemmy.world
            link
            fedilink
            English
            arrow-up
            0
            ·
            3 months ago

            I don’t think you’re following along here. The physical access would have already happened prior to the CPU even being in my possession.

            • SupraMario@lemmy.world
              link
              fedilink
              English
              arrow-up
              0
              ·
              3 months ago

              I see what you’re saying. You’re assuming someone grabbed a bunch of cpus, fucked with them, then tossed them back into the box and sold them as new.

              • db2@lemmy.world
                link
                fedilink
                English
                arrow-up
                0
                ·
                3 months ago

                Exactly, if I were a bad actor with access to the stock that’s what I’d do. I’m sure there are multiple points along the supply chain where it could potentially happen.

                • SupraMario@lemmy.world
                  link
                  fedilink
                  English
                  arrow-up
                  0
                  ·
                  3 months ago

                  That’s true, seems like you’d need to know where they’re going though, like a ton of work just to hopefully get one machine infected that has anything on it.