On Thu, 15 May 2003, Nick May wrote:
> >since I've *never* seen a piece of
> >hardware that's been fully secure given physical access to it.
>
> They shone a light on it. Physical access of a sort, true, hence my
> question about the sun - is that sufficient to flip a bit sufficiently
> interesting number of cases. Bluntly, could one write an applet have it
> downloaded by a sufficiently large number of people, then wait for the sun
> to shine and have your malicious code execute in just a few cases... ? If
> not the sun, some other radiations source....?
If you read the paper, the answer is no. We're not seeing enough random
keitai crashes for there to be any significant number memory errors
occurring, and the probability of of a keitai applet being able to use
one of these memory errors is also somewhat lower due to the small
amount of address space that can be allocated to this.
> .... yes.... The article called it a "security flaw", not a "bug". In this
> case "physically modifying the hardware" was simply warming it up with a
> lamp. Of course an attack is possible if you have physical access and
> enough resources. But this is a TRIVIAL attack - hence my state of "gog".
This is not trivial, given the circumstances. The attack required
opening up the PC, at which point the trivial attack is just to plug the
hard drive into a laptop you have with you and modify whatever you like.
> >This story is complete sensationalism, and it really annoys me that
> >reporters can be such idiots as to write stuff like this.
>
> Judging by your response, I don't think you have read it fully. Which
> parts are sensationalist?
The part where they don't mention that the probability of this attack
working without physical access is infitesimal, and that if you do have
physical access there are usually easier ways to get what you want.
The only thing this really affects is smart cards, and it affects all
smart cards, whether they use Java or not.
> >Saying it's a flaw in the VM is like saying that
> >someone's front door was insecure when the burglar came in through an
> >unlocked back window.
>
> The security flaw is in trusting the instantiated VM.
No, the security flaw is trusting the hardware.
> >Indeed the system was compromised, but this was not due to any error or
> >problem with the VM.
>
> As soon as you flipped the bit, you changed the VM.
If the attack was successful, you did not change the VM. You changed data
in memory that the VM had checked.
cjs
--
Curt Sampson <cjs_at_cynic.net> +81 90 7737 2974 http://www.netbsd.org
Don't you know, in this new Dark Age, we're all light. --XTC
Received on Mon May 19 08:14:33 2003