[throwawayfinal]

I think it's absolutely unreasonable to imply that this was intentional. Besides the massive amount of complexity these systems have, there are plenty of "legitimate" places to hide backdoors, instead of in a performance architecture decision.

Keep in mind that whatever "evil agencies" would have asked for this would most likely find themselves vulnerable, and nobody would sign off on.

I do agree, however, the "security by obscurity approach is quite frankly crap". The fact that even large corporations (not the big 5) can't even get away from ME speaks volumes about why this is a bad idea. Facebook isn't the only company with important data.

[mehrdadn]

> I think it's absolutely unreasonable to imply that this was intentional.

Amen. It blows my mind that some people think clever techniques like speculative or out-of-order execution must've somehow how nefarious intentions behind them. Come on HN...

[Animats]

The Intel Management Engine is a backdoor. Speed variations in speculative execution are an inherent property of the technology. Until recently, few people thought this was exploitable, and it took a lot of work to figure out how to exploit this.

[andrewflnr]

You do realize those are ideal properties for a backdoor, don't you? If you were writing the spec for a dream backdoor, you would write that down. The only way you could improve it would be "everyone thinks it's impossible, and they never figure it out."

[netsharc]

This backdoor is too tricky to be a backdoor. A simpler backdoor would be "Call this opcode 45 times, followed by another opcode 20 times, and you will have activated backdoor mode where these opcodes are now available"...

[jijji]

the ideal properties of a backdoor were visualized to me the day i hacked into an author of a largely distributed piece of smtp mail server, only to find sitting in his home directory an unpublished integer overflow exploit written by him years earlier for a version of the software that is currently in wide distribution...

[dvfjsdhgfv]

That's close to perfect, indeed. The drawbacks in this scenario are that (1) not everybody runs an SMTP server, (2) if it's open source (and if it's very popular, then it is), some other smart people will look for the bug and publish it for fame. That's quite different from a backdoor built into a processor (although I really doubt Intel was really involved in any shady practices, it looks like they were not smart enough).

[paulie_a]

Judging from the numerous decades old bugs recently found, the concept of many eyes needs to die.

And in the case of SMTP, it's basically a pinata of bugs for the last 30 years regardless of platform

[sigi45]

it is still way more likely a reasonable design decision for performance reasons than it is for a backdoor.

Alone the risk would not be worth to intel. Do you really think, nsa has enough money to compensate for this backslash and newscoverage?

[Animats]

Yes, though it's moderately hard to exploit against a specific target. It's more useful for bulk attacks - getting everyone who visits a specific web site to run a DDOS attack, or ransomware.

[eli_gottlieb]

If any quantity about what the processor does, outside the intended effect, has a different distribution when X happens versus Y, then the distribution of that quantity is exploitable. Period.

Any nonuniform distribution in any quantity that is not part of the spec is exploitable!

[_0w8t]

It is only exploitable if one can measure the difference and extract useful information. Until Spectre guys discovered the double read technique, the expectation was that speculative execution did not allow to extract useful information besides extremely artificial theoretical cases.

[galvin]

Adding a backdoor seems unreasonable but they may have chosen performance over security. Even if this individual bug wasn't intentional they are responsible for setting their priorities.

[Filligree]

There are CPUs available which choose security over performance. They aren't made by Intel, but you can buy them, and they're even cheaper.

Oh, you don't want to do that?

[alphonsegaston]

Well, I read somewhere the other day that this form of error/attack was conceived of in the academic literature back in 1992. I won’t believe it’s intentional without evidence in that direction, but this is conceivably the kind of obscure/complex attack you’d expect of a state actor.

[throwawayfinal]

This has been a known issue in xbox 360 hardware since about 2010.

It just keeps popping up, someone finally thought to weaponize it.

[oblio]

>It just keeps popping up, someone finally thought to weaponize it.

Someone published its weaponization, you mean :)