Author Topic: Plundervolt :(  (Read 2279 times)

0 Members and 1 Guest are viewing this topic.

Offline tp4tissue

  • * Destiny Supporter
  • Thread Starter
  • Posts: 13178
  • Location: Official Geekhack Public Defender..
  • OmniExpert of: Rice, Top-Ramen, Ergodox, n Females
Plundervolt :(
« on: Wed, 05 August 2020, 20:45:04 »
So apparently, the anon of the world came up with a virus that exploits undervolting intel CPU to disable its security measures.

This means latest bios updates since (feb and above) have disabled voltage modification, RUINING a huge swath of gaming laptops which depend on Undervolting to achieve Peak-Performance.


The bios can be rolled back (luckily).

Tp4 G5  9750h 1660ti were running nicely @ 75C,  all of a sudden 85C after bios updat.. Scared, thought a heatpipe blew, but it were just undervolt being disabled.

Offline appleonama

  • Trollo en USA
  • * Exquisite Elder
  • Posts: 1326
Re: Plundervolt :(
« Reply #1 on: Wed, 05 August 2020, 22:57:28 »
.

Offline suicidal_orange

  • * Global Moderator
  • Posts: 4135
  • Location: England
Re: Plundervolt :(
« Reply #2 on: Thu, 06 August 2020, 06:48:35 »
Is this standard behaviour then?  "I don't have enough power, I won't slow down to stay stable I'll just silently disable some stuff.  Starting with security..." doesn't sound like a great design choice.
120/100g linear Zealio R1  
GMK Hyperfuse
'Split everything' perfection  
MX Clear
SA Hack'd by Geeks     
EasyAVR mod

Offline -Jerry-

  • Posts: 316
  • Location: Bath, UK
  • OR '1'='1'
    • Jerry Talks Tech
Re: Plundervolt :(
« Reply #3 on: Thu, 06 August 2020, 07:01:18 »
I'm going down the motoroway and watch to maintain this speed, but the car is starting to get hot, so I'm going to remove the breaks.
         
            Split 75                          Melody96                            KBD8X MKII                          Womier K87

Offline tp4tissue

  • * Destiny Supporter
  • Thread Starter
  • Posts: 13178
  • Location: Official Geekhack Public Defender..
  • OmniExpert of: Rice, Top-Ramen, Ergodox, n Females
Re: Plundervolt :(
« Reply #4 on: Thu, 06 August 2020, 08:07:27 »
Is this standard behaviour then?  "I don't have enough power, I won't slow down to stay stable I'll just silently disable some stuff.  Starting with security..." doesn't sound like a great design choice.

Well no, what's happening is the virus can undervolt your cpu to defeat security.  It's not a security concern for Gaming laptops.

For something you trade Stonks on,  it is.

The issue is they didn't give anyone a heads up, and they've sent the auto bios update across microsoft services. It does it on its own. So, the g4m3r hardware which depend on undervolt to stay kewl, often throttle massively.

Offline JP

  • Posts: 356
  • Location: Indianapolis, IN ander, our true elevated elder.
Re: Plundervolt :(
« Reply #5 on: Thu, 06 August 2020, 08:48:32 »
So AMD then?
About Me | The Collection
Therapy is expensive so I buy keyboards and bike parts.

Offline tp4tissue

  • * Destiny Supporter
  • Thread Starter
  • Posts: 13178
  • Location: Official Geekhack Public Defender..
  • OmniExpert of: Rice, Top-Ramen, Ergodox, n Females
Re: Plundervolt :(
« Reply #6 on: Thu, 06 August 2020, 09:03:24 »
So AMD then?

Stonx only go UPpppp.. !!

/Disclaimer , Tp4 not responsible for gambling loses.

Offline Kavik

  • Posts: 791
Re: Plundervolt :(
« Reply #7 on: Thu, 06 August 2020, 10:27:53 »
Whatever happened with Meltdown? Isn't that still a threat?
Maybe they're waiting for gasmasks and latex to get sexy again.

The world has become a weird place.

Offline suicidal_orange

  • * Global Moderator
  • Posts: 4135
  • Location: England
Re: Plundervolt :(
« Reply #8 on: Thu, 06 August 2020, 10:52:12 »
Is this standard behaviour then?  "I don't have enough power, I won't slow down to stay stable I'll just silently disable some stuff.  Starting with security..." doesn't sound like a great design choice.

Well no, what's happening is the virus can undervolt your cpu to defeat security.


I don't get it.  If it's not disabling TPM (or whatever the latest version is called) how does lowering voltage defeat ... what?  Maybe clocks drop so your antivirus scans slower?  Except they don't because that wouldn't be good for gamers or peaceseekers like us...

Does this exploit have a name I can research?
120/100g linear Zealio R1  
GMK Hyperfuse
'Split everything' perfection  
MX Clear
SA Hack'd by Geeks     
EasyAVR mod

Offline tp4tissue

  • * Destiny Supporter
  • Thread Starter
  • Posts: 13178
  • Location: Official Geekhack Public Defender..
  • OmniExpert of: Rice, Top-Ramen, Ergodox, n Females
Re: Plundervolt :(
« Reply #9 on: Thu, 06 August 2020, 10:56:26 »
Does this exploit have a name I can research?

it's called plundervolt. LOLOL

Offline suicidal_orange

  • * Global Moderator
  • Posts: 4135
  • Location: England
Re: Plundervolt :(
« Reply #10 on: Thu, 06 August 2020, 12:13:53 »

it's called plundervolt. LOLOL

:-[

So basically starve the CPU of voltage until it makes a mistake, then hope in it's debilitated state it puts the correct data in the wrong place so you can steal it (if it can't accurately work out the write address how can you be sure it's got the right read address?)  And of course it's only exploitable with admin access which anyone with half a brain wouldn't give out...

Sounds like a great reason to cripple performance laptops :confused:


The only good news is my CPU is too old so I'll just stick with Spectre and Meltdown as ASUS and ASRock are too lazy to release system-slowing bios updates to fix them.
120/100g linear Zealio R1  
GMK Hyperfuse
'Split everything' perfection  
MX Clear
SA Hack'd by Geeks     
EasyAVR mod

Offline JP

  • Posts: 356
  • Location: Indianapolis, IN ander, our true elevated elder.
Re: Plundervolt :(
« Reply #11 on: Thu, 06 August 2020, 14:14:06 »
About Me | The Collection
Therapy is expensive so I buy keyboards and bike parts.

Offline tp4tissue

  • * Destiny Supporter
  • Thread Starter
  • Posts: 13178
  • Location: Official Geekhack Public Defender..
  • OmniExpert of: Rice, Top-Ramen, Ergodox, n Females
Re: Plundervolt :(
« Reply #12 on: Thu, 06 August 2020, 14:55:36 »
Welp...this is not good.

https://twitter.com/deletescape/status/1291405692138643457

KEKEKEK,  intel Gang was still recommending people buy Intel @ $48,, HECK, take it all to AMD Gainzz.z.

Mobile is the HOTTEST selling in the PC space at the moment,  AMD 7nm Performance per Watt Boom headshot.

5nm Incoming,  what's Intel's answer ?,   Are they gonna suddenly send all their designs to TSMC, 


Is Taiwan even a real ally ?   

Look at it this way,   America can't actually save Taiwan, if China Blitzes them.

This entire alliance is mere posturing.


China has massive Spy networks from engineers to honeypot serendipity agents thoroughly clawed into Taiwan already.


Not only that,  SMIC..  stable 14nm process,  rumored 7nm in development.   


It's not about Existing METAL,  Yea that ASML has monopoly on EULV, German monopoly on the lenses, and US has the IPs,   but it's only a matter of Human Brain Power.

China stem graduate 1 per 294 people, USA 1 per 574 ...
China is graduating 4.7 Million (2016) STEM field students at 8 to 1 against the United States.

How LONG can we maintain leading edge technology when the MAJORITY of our population is crippled by deliberate retraction of quality education.


Not only that,  Healthcare's, deliberate protraction of diabetes/cancer/heartdisease,  prioritizing Treatment profits.

Bad health habits EMPOWER the opportunists which supply the poison. These companies ruin America due to the toxic buildup of mass lamentable desires.

Offline Leslieann

  • * Elevated Elder
  • Posts: 3517
Re: Plundervolt :(
« Reply #13 on: Thu, 06 August 2020, 22:50:46 »
Whatever happened with Meltdown? Isn't that still a threat?
Yes, and no.

Intel fixed several versions but the original is still a threat and will remain so for at least another 2 years. It's a hardware issue, the only fix is a new processor, even then it won't truly be fixed for another 2 years or more and even then it will not fix any older devices completely. All they can do for them is a software fix and stop it from getting to the CPU.  Considering how many IOT devices have it and no way to update... have fun.
Novelkeys NK65 Aluminum w/62g Zilents/39g springs
More
62g Zilents/lubed/Novelkeys 39g springs, HK Gaming Thick PBT caps, Netdot Gen10 magnetic cable, pic
| Filco MJ2 L.E. Vortex Case, Jailhouse Blues, heavily customized
More
Vortex case squared up/blasted finish removed/custom feet/paint/winkey blockoff plate, HID Liberator, stainless steel universal plate, 3d printed adapters, Type C, Netdot Gen10 magnetic cable, foam sound dampened, HK Gaming Thick PBT caps (o-ringed), Cherry Jailhouse Blues w/lubed/clipped Cherry light springs, 40g actuation
| GMMK TKL
More
w/ Kailh Purple Pros/lubed/Novelkeys 39g springs, HK Gaming Thick PBT caps, Netdot Gen10 Magnetic cable
| 3d printed 65% w/LCD and hot swap
More
Box Jades, Interchangeable trim, mini lcd, QMK, underglow, HK Gaming Thick PBT caps, O-rings, Netdot Gen10 magnetic cable, in progress link
| Magicforce 68
More
MF68 pcb, Outemu Blues, in progress
| YMDK75 Jail Housed Gateron Blues
More
J-spacers, YMDK Thick PBT, O-rings, SIP sockets
| KBT Race S L.E.
More
Ergo Clears, custom WASD caps
| Das Pro
More
Costar model with browns
| GH60
More
Cherry Blacks, custom 3d printed case
| Logitech Illumininated | IBM Model M (x2)

Offline Sintpinty

  • Carbon Based Life Form
  • Posts: 1561
  • Location: A can of beans in the cupboard
  • She/they
    • My promotion link
Re: Plundervolt :(
« Reply #14 on: Fri, 07 August 2020, 08:00:30 »
uh oh

Offline Darthbaggins

  • Posts: 337
  • Location: Acworth, GA
  • PC Cannibal
Re: Plundervolt :(
« Reply #15 on: Fri, 07 August 2020, 14:44:20 »
Would think this would need more than just OS level infiltration since that should be controlled by the Bios on the board not w/ in the OS on a drive.    Windows can't initiate a Bios Update

Offline Leslieann

  • * Elevated Elder
  • Posts: 3517
Re: Plundervolt :(
« Reply #16 on: Fri, 07 August 2020, 22:41:22 »
Would think this would need more than just OS level infiltration since that should be controlled by the Bios on the board not w/ in the OS on a drive.    Windows can't initiate a Bios Update
We update bios and manipulate voltages through Windows all the time.
Yes, bios updates need a restart to make permanent changes but all it has to do is wait for the user to perform one or an update to prompt it (yay, forced updates!). Once started you can't stop a bios update without softbricking the board, not to mention how many monitor a restart anyways?

More importantly, microcode in the cpu core isn't actually update-able, the microcode update is flashed to the chip in boot each time and is lost when power is lost. There is no modifying the processor itself. Basically the solution is to put up walls to protect it and issue a temporary patch over and over and hope at least one line of defense stops it getting through.
Novelkeys NK65 Aluminum w/62g Zilents/39g springs
More
62g Zilents/lubed/Novelkeys 39g springs, HK Gaming Thick PBT caps, Netdot Gen10 magnetic cable, pic
| Filco MJ2 L.E. Vortex Case, Jailhouse Blues, heavily customized
More
Vortex case squared up/blasted finish removed/custom feet/paint/winkey blockoff plate, HID Liberator, stainless steel universal plate, 3d printed adapters, Type C, Netdot Gen10 magnetic cable, foam sound dampened, HK Gaming Thick PBT caps (o-ringed), Cherry Jailhouse Blues w/lubed/clipped Cherry light springs, 40g actuation
| GMMK TKL
More
w/ Kailh Purple Pros/lubed/Novelkeys 39g springs, HK Gaming Thick PBT caps, Netdot Gen10 Magnetic cable
| 3d printed 65% w/LCD and hot swap
More
Box Jades, Interchangeable trim, mini lcd, QMK, underglow, HK Gaming Thick PBT caps, O-rings, Netdot Gen10 magnetic cable, in progress link
| Magicforce 68
More
MF68 pcb, Outemu Blues, in progress
| YMDK75 Jail Housed Gateron Blues
More
J-spacers, YMDK Thick PBT, O-rings, SIP sockets
| KBT Race S L.E.
More
Ergo Clears, custom WASD caps
| Das Pro
More
Costar model with browns
| GH60
More
Cherry Blacks, custom 3d printed case
| Logitech Illumininated | IBM Model M (x2)

Offline tp4tissue

  • * Destiny Supporter
  • Thread Starter
  • Posts: 13178
  • Location: Official Geekhack Public Defender..
  • OmniExpert of: Rice, Top-Ramen, Ergodox, n Females
Re: Plundervolt :(
« Reply #17 on: Sat, 08 August 2020, 02:15:03 »
Windoz definitely can and DOES initiate bios updates, Peeps wouldn't be in the mess otherwise.

The feature is called UEFI firmware capsule updates

Offline Darthbaggins

  • Posts: 337
  • Location: Acworth, GA
  • PC Cannibal
Re: Plundervolt :(
« Reply #18 on: Sat, 08 August 2020, 09:50:11 »
Didn't realize that, thought BiOS was mainly tweaked when I updated it when I flashed it manually.  Good to know.

Offline Leslieann

  • * Elevated Elder
  • Posts: 3517
Re: Plundervolt :(
« Reply #19 on: Sat, 08 August 2020, 22:06:42 »
Didn't realize that, thought BiOS was mainly tweaked when I updated it when I flashed it manually.  Good to know.
EFI was designed to allow the OS to modify it.

If you want to see it first hand, install Ubuntu to a second drive and set it to be the primary boot device. The first time you boot into Windows it will reconfigure your boot settings to ignore the Ubuntu drive and Grub.
Novelkeys NK65 Aluminum w/62g Zilents/39g springs
More
62g Zilents/lubed/Novelkeys 39g springs, HK Gaming Thick PBT caps, Netdot Gen10 magnetic cable, pic
| Filco MJ2 L.E. Vortex Case, Jailhouse Blues, heavily customized
More
Vortex case squared up/blasted finish removed/custom feet/paint/winkey blockoff plate, HID Liberator, stainless steel universal plate, 3d printed adapters, Type C, Netdot Gen10 magnetic cable, foam sound dampened, HK Gaming Thick PBT caps (o-ringed), Cherry Jailhouse Blues w/lubed/clipped Cherry light springs, 40g actuation
| GMMK TKL
More
w/ Kailh Purple Pros/lubed/Novelkeys 39g springs, HK Gaming Thick PBT caps, Netdot Gen10 Magnetic cable
| 3d printed 65% w/LCD and hot swap
More
Box Jades, Interchangeable trim, mini lcd, QMK, underglow, HK Gaming Thick PBT caps, O-rings, Netdot Gen10 magnetic cable, in progress link
| Magicforce 68
More
MF68 pcb, Outemu Blues, in progress
| YMDK75 Jail Housed Gateron Blues
More
J-spacers, YMDK Thick PBT, O-rings, SIP sockets
| KBT Race S L.E.
More
Ergo Clears, custom WASD caps
| Das Pro
More
Costar model with browns
| GH60
More
Cherry Blacks, custom 3d printed case
| Logitech Illumininated | IBM Model M (x2)

Offline Darthbaggins

  • Posts: 337
  • Location: Acworth, GA
  • PC Cannibal
Re: Plundervolt :(
« Reply #20 on: Mon, 10 August 2020, 07:42:33 »
I always wondered why it would "mount" itself to my primary drives when I would install to a secondary boot drive.   That makes more sense now, is there a way to configure it to not do that - hasn't really caused issues but of course would prefer it to not so I can keep the boot orders clean when I look at them in bios.  In the end I don't see PlunderVolt as a real issue for myself, but for those in more secure sectors it could be an issue since state employees still have issues clicking on random links in emails (but hey it keeps me employed and busy lol)

Offline Leslieann

  • * Elevated Elder
  • Posts: 3517
Re: Plundervolt :(
« Reply #21 on: Mon, 10 August 2020, 22:53:04 »
I always wondered why it would "mount" itself to my primary drives when I would install to a secondary boot drive.   That makes more sense now, is there a way to configure it to not do that - hasn't really caused issues but of course would prefer it to not so I can keep the boot orders clean when I look at them in bios.  In the end I don't see PlunderVolt as a real issue for myself, but for those in more secure sectors it could be an issue since state employees still have issues clicking on random links in emails (but hey it keeps me employed and busy lol)
There's no way to stop Windows doing this to my knowledge but you can create a boot menu with Windows which it will retain.


And you're right about not worrying about Plundervolt.
Many of these crazy vulnerabilities are this way, I remember someone freaking out because they could intercept your wireless keyboard signal and see what you were doing, there's also one where they can use the signals from the power supply to see things and another where they can transmit data through speakers and microphones sub-sonically.

You have to weigh how much time and effort it takes to actually do these things compared to what is to be gained, you could key log someone for months and maybe get a credit card (have fun sifting through that data!), but what if that was a prepaid or they're broke? The ends don't justify the effort. If spam email took more effort it would die in an instant because the returns on it are HORRIBLE but because barrier of entry is so low, it's viable.

If you look at all security protocols such as HIPAA, it specifically says "within reason" (or at least did last time I looked at it). They can't expect a two person company making $100k in profit to spend $200k a year on cyber security. It's not just impractical from a money point of view but also from an attacker point of view. They don't make enough to justify the same security as a company making $100mil a year.
Novelkeys NK65 Aluminum w/62g Zilents/39g springs
More
62g Zilents/lubed/Novelkeys 39g springs, HK Gaming Thick PBT caps, Netdot Gen10 magnetic cable, pic
| Filco MJ2 L.E. Vortex Case, Jailhouse Blues, heavily customized
More
Vortex case squared up/blasted finish removed/custom feet/paint/winkey blockoff plate, HID Liberator, stainless steel universal plate, 3d printed adapters, Type C, Netdot Gen10 magnetic cable, foam sound dampened, HK Gaming Thick PBT caps (o-ringed), Cherry Jailhouse Blues w/lubed/clipped Cherry light springs, 40g actuation
| GMMK TKL
More
w/ Kailh Purple Pros/lubed/Novelkeys 39g springs, HK Gaming Thick PBT caps, Netdot Gen10 Magnetic cable
| 3d printed 65% w/LCD and hot swap
More
Box Jades, Interchangeable trim, mini lcd, QMK, underglow, HK Gaming Thick PBT caps, O-rings, Netdot Gen10 magnetic cable, in progress link
| Magicforce 68
More
MF68 pcb, Outemu Blues, in progress
| YMDK75 Jail Housed Gateron Blues
More
J-spacers, YMDK Thick PBT, O-rings, SIP sockets
| KBT Race S L.E.
More
Ergo Clears, custom WASD caps
| Das Pro
More
Costar model with browns
| GH60
More
Cherry Blacks, custom 3d printed case
| Logitech Illumininated | IBM Model M (x2)