>

LEAKED: German Government Warns Key Entities Not To Use Windows 8 – Links The NSA


Wolf Richter www.testosteronepit.com www.amazon.com/author/wolfrichter

“A Special Surveillance Chip”

 

According to leaked internal documents from the German Federal Office for Information Security (BSI) that Die Zeit obtained, IT experts figured out that Windows 8, the touch-screen enabled, super-duper, but sales-challenged Microsoft operating system is outright dangerous for data security. It allows Microsoft to control the computer remotely through a built-in backdoor. Keys to that backdoor are likely accessible to the NSA – and in an unintended ironic twist, perhaps even to the Chinese.

The backdoor is called “Trusted Computing,” developed and promoted by the Trusted Computing Group, founded a decade ago by the all-American tech companies AMD, Cisco, Hewlett-Packard, IBM, Intel, Microsoft, and Wave Systems. Its core element is a chip, the Trusted Platform Module (TPM), and an operating system designed for it, such as Windows 8. Trusted Computing Group has developed the specifications of how the chip and operating systems work together.

Its purpose is Digital Rights Management and computer security. The system decides what software had been legally obtained and would be allowed to run on the computer, and what software, such as illegal copies or viruses and Trojans, should be disabled. The whole process would be governed by Windows, and through remote access, by Microsoft.

Now there is a new set of specifications out, creatively dubbed TPM 2.0. While TPM allowed users to opt in and out, TPM 2.0 is activated by default when the computer boots up. The user cannot turn it off. Microsoft decides what software can run on the computer, and the user cannot influence it in any way. Windows governs TPM 2.0. And what Microsoft does remotely is not visible to the user. In short, users of Windows 8 with TPM 2.0 surrender control over their machines the moment they turn it on for the first time.

It would be easy for Microsoft or chip manufacturers to pass the backdoor keys to the NSA and allow it to control those computers. NO, Microsoft would never do that, we protest. Alas, Microsoft, as we have learned from the constant flow of revelations, informs the US government of security holes in its products well before it issues fixes so that government agencies take advantage of the holes and get what they’re looking for.

Experts at the BSI, the Ministry of Economic Affairs, and the Federal Administration warned unequivocally against using computers with Windows 8 and TPM 2.0. One of the documents from early 2012 lamented, “Due to the loss of full sovereignty over the information technology, the security objectives of ‘confidentiality’ and ‘integrity’ can no longer be guaranteed.”

Elsewhere, the document warns, “This can have significant consequences on the IT security of the Federal Administration.” And it concludes, “The use of ‘Trusted Computing’ technology in this form … is unacceptable for the Federal Administration and for operators of critical infrastructure.”

Another document claims that Windows 8 with TPM 2.0 is “already” no longer usable. But Windows 7 can “be operated safely until 2020.” After that other solutions would have to be found for the IT systems of the Administration.

The documents also show that the German government tried to influence the formation of the TPM 2.0 specifications – a common practice in processes that take years and have many stakeholders – but was rebuffed. Others have gotten what they wanted, Die Zeit wrote. The NSA for example. At one of the last meetings between the TCG and various stakeholders, someone dropped the line, “The NSA agrees.”

Rüdiger Weis, a professor at the Beuth University of Technology in Berlin, and a cryptographic expert who has dealt with Trusted Computing for years, told Die Zeit in an interview that Microsoft wanted to completely change computing by integrating “a special surveillance chip” in every electronic device. Through that chip and the processes of Windows 8, particularly Secure Boot, “users largely lose control over their own hardware and software.”

But wouldn’t it contribute to higher levels of security? Certain aspects actually raise the risks, he said. For example, during production, the secret key to that backdoor is generated outside the chip and then transferred to the chip. During this process, copies of all keys can be made. “It’s possible that there are even legal requirements to that effect that cannot be reported.” And so the TPM is “a dream chip of the NSA.”

Perhaps even more ominously, he added: “The other realistic scenario is that TPM chip manufactures don’t sit within reach of the NSA, but in China….”

Apple phased out the surveillance chips in 2009. Linux doesn’t comply with the standards, and Linux machines cannot use the technology. Microsoft defended itself the best it could. The TPM is activated by default because most users accept defaults, it said. If users would have to activate the functions themselves, many users would end up operating a less secure system. And of course, government regulations that would require that users have the option to opt in or out would be unwise.

Instead, hardware manufactures could build machines with the chips deactivated, Microsoft said. If you want to have control over your computer, that’s what you’d have to buy. Another option would be to switch to Linux machines, something that the city government of Munich has started 10 years ago; the changeover should be complete before the year is up. This end of the NSA debacle cannot possibly be twisted into bullish news for Microsoft.

China is the promised land for our revenue-challenged tech heroes: over a billion consumers, economic growth several times that of the US, and companies splurging on IT. Layer the “cloud” on top, and China is corporate nirvana: a high-growth sector in a high-growth country. Or was nirvana, now that the NSA’s hyperactive spying practices have spilled out. Read…. US Tech Companies Raked Over The Coals In China.

485 Total Views 10 Views Today
Did you already share this? No? Share it now:
  • hikage

    *SOMEONE* misunderstood what a TPM chip is, does, and what purpose it is supposed to fulfill – and not just a little. A lot.

    The TPM chip allows you to have the TPM chip give you an encryption key back, as long as the software is still in a “safe” state. That is, it can verify your bootloader, kernel, some userspace tools – If one of them is off, you won’t get the key. An example use is BitLocker, where the key is used to access the disk. If something has been changed, the system won’t boot without manually typing in the key (which it tells you when you initially set it up). I personally use it on my Linux workstation for a dm-crypt’d partition. (Another fuck up in the article – it works just fine on Linux).

    What the TPM *doesn’t* do, is give you a backdoor. The only functionality it provides is the capability to give you back an encryption key. It also supports some features (“Remote attestation”, for example), that were never put to use, nor are really useful/dangerous. And yes, just like Windows can get the key out, so can you. As long as the verified environment is intact (If it isn’t, Windows won’t be able to extract the keys either), you can ask the TPM chip, and it will answer.

    The TPM chip doesn’t not protect, affect, nor enable the implementation of a back-door. Windows 8 can easily have one, so can Windows 7. The TPM has no say in it. Do your homework.

    • hikage

      s/doesn’t not/doesn’t/
      Also, tautology (“The TPM chip allows you to have the TPM chip…”). Heh.

      • http://soundcry.com/ Mike

        Kind of sucks that you can’t edit comments with Disqus.

        Very good comment, regardless, though. Thanks for sharing.

        • NIGHTSCOUT

          Yes, you can edit. Go to Disqus website.

          • http://soundcry.com/ Mike

            I see that now. I saw that hikage replied to his own comment with an edit instead of editing his comment and just assumed we could not edit. Ha

          • hikage

            Yeah, I’m posting as a guest. Didn’t bother signing up.
            Thanks for the info, though. I might sign up just for the editing capability.

    • VT_Citizen

      Is it possible that you are describing TPM and the article, as it explains, is describing, TPM 2.0 ?

      • Paperworkdan

        In a word? No. Privacy concerns have existed around TPM since its inception but they are strictly around the manufactuer and their ability to in theory control what applications run on a machine. MS don’t make PC’s so this disgusting poke at Windows 8 and MS is completely unfounded.

        • SPM

          Requiring TPM to be turned on to use Windows 8 will take away control over security and the ability to use security tools away from the user, who will then be entirely reliant on Microsoft, or to stop using Windows 8. That is BSI’s security concern. The hardware manufacturers make PCs with TPM built into chips, but it is Microsoft who decides whether they need to be turned on in order to use Windows 8, and whatever the article says, BSI is saying that for this reason, you should not use Windows 8 in secure situations because they cannot be secured from backdoors once TPM becomes a requirement for use of Windows 8 in 2015 – a perfectly valid and rational statement.

          Windows 8 with TPM is basically what Microsoft tried to do with Vista and failed. It is going to be a disaster for Windows for commercial reasons as well because it isn’t the open platform for developers that Windows once was.

          • dcx_2

            Thank you for being specific in that it is not TPM that is used to lock down the system, but the OS itself. The TPM is a tool, like a hammer, and if you want a wall you will need to get yourself a carpenter like Windows.

          • Paperworkdan

            The backdoor could exist anyway – they do not need TPM. The TPM is intended to be used to stop malicious program execution only and they would have no desire to completely destroy the OS by stopping third party app development since the whole reason Windows is so widely used is the app development and massive legacy support. It’s also there to be leveraged by third party security software including various disk encryption packages not made by MS.

          • SPM

            The sort of security tools BSI is talking about spies on the spyware and the OS itself in order to determine whether there is a backdoor in the system, and would therefore not be permitted by the OS vendor because it can also be used to do bad things if the user happens to be bad.

            TPM is not a security measure. Most security experts would argue that TPM is counterproductive as far as security is concerned – as indeed BSI is doing here – at least in the case of systems that you need to verify yourself as not being compromised, and fix if found to be compromised.

            The whole purpose of TPM is to stop the software and data on the computer being used in a way that is not approved by the software/OS vendor. The basis of TPM is that the software/OS controls the user’s behaviour and user’s access to data, and ensures the user doesn’t get to control the software’s behaviour.

          • Discit

            Exactly. The whole point is to take the control from the user and give it to Microsoft and who they choose, and we know their choices haven’t been for the consumer in the PRISM revelations at least. This moves Windows computers to the realm of closed, vendor controlled devices.

        • Discit

          Privacy is a huge concern with TPM, as it also assigns another accessible permanent unique identifier to your device to try to end what little Internet anonymity still exists. The “consumer” argument for this is this will make online banking more secure.

    • Paperworkdan

      Let’s not forget this entire article is nonsense since TPM 2.0 has nothing to do with Windows 8. It’s a tool to be leveraged by any OS. Here’s a snippet from the PUBLIC specification that’s been submitted for review (that this speculation about something not even out yet is based upon) : Q. Why is TPM 2.0 written as a library specification, compared to the TPM 1.2 specification?A. TPM 1.2 was designed with features that made it particularly appropriate for PCs and other PC-like platforms. TPM 2.0 is intended to be usable for a very broad range of platforms from embedded systems to mobile devices to PCs to servers.”

      The person who wrote this article is an idiot too lazy to do even the most basic of research and seeding misinformation about a platform intended to protect the user.

      • SPM

        The warning comes from the BSI, the German equivalent of the NSA, and they certainly know what they are talking about. I think it is more a case of the NSA being able to sneak in applications with NSA backdoors in them as trusted applications, and block apps and tools that can be used to detect the presence of NSA backdoors as untrusted applications. I suspect that is the BSI’s concern.

        The fact that the NSA has been reported to have been spying on EU parliamentarians before bilateral meetings with the US using access the EU provides for anti-terrorist purposes raises legitimate concerns about NSA spying.

        • Paperworkdan

          Absolutely – the misunderstanding in the article is entirely regarding the fact that it’s the hardware that raises concerns and it has nothing to do with MS or Windows 8. The claim that “Windows 7 could be operated safely until 2020″ is so unbelievably ignorant because with current hardware one can simply disable TPM in a desktop boards BIOS config. This will be the case until hardware after some point in 2015 requires the 2.0 module spec to meet Windows 8′s hardware certification.

          • SPM

            What the BSI means by “Windows 7 could be operated safely until 2020″ is that official security updates for Windows ends on Jan 14 2020.

            I think what BSI means when it says Windows 8 should not be used by key entities is that with Windows 7 they can currently install security monitoring tools or modified applications to detect backdoors, including in many cases possible backdoors in the OS itself. Many of these security tools can also be used at intrusion tools, and would therefore be legitimately blocked by TPM. When Windows 8 does leverage DRM to lock out all Microsoft unapproved applications, the BSI cannot check for backdoor compromises to Windows 8 systems. As far as the issue of the warning nowe is concerned, for governments to plan procurement of IT systems takes an inordinate amount of time. It therefore makes sense that BSI should issue the warning now if Windows is going to require TPM to be turned on in 2015 in order to avoid wastage of public funds on devices that the BSI can’t secure and would have to be discarded because they cannot be trusted by the German authorities.

            Linux is the most secure solution on servers if you want to ensure you can detect backdoors and compromises, because its source code is open for review and security flaws or backdoors can be quickly fixed by the user, and reluctance to use DRM. However most security breaches occur through password or data compromises on client devices – mostly Windows up to now, but Android and iOS will no doubt be major vectors in future as well. If BSI wants to ensure access in this respect, they are going to need their own locked down secure open source Linux or Android client OS the same as NSA is doing.

            The other thing to remember is that the NSA itself was concerned about Chinese spying on the US via backdoors in TPM hardware given that most chips incorporating TPM are made in China. They were also concerned about security backdoors in networking products manufactured in China, so concern about TPM hardware cannot be discounted either.

          • Guest

            Your initial opening sentence is madness. The reason it’s preposterous is because it’s a closed source OS. The backdoors could already exist. To claim Windows 7 could be safely operated and Windows 8 not is utterly ridiculous.

          • SPM

            The words are BSI’s, not mine, and if you read my post, you will understand that what I am saying is that BSI can install its own security tools to monitor spyware on Windows 7 because of a lack of TPM, something they will not be able to do on Windows 8 once TPM becomes mandatory. That is the difference between the two. When they say Windows 7 can be used safely until 2020, remember they are talking about client OSes, and typical levels of government departmental security – security is relative.

          • Paperworkdan

            You’ve just made a statement about a possible future as if it were fact. I can guarantee you that if those security tools can not be installed MS entire OS will die. My campus would certainly not adopt it and the MS partners responsible for making security software would sever ties. Be careful and concise with you English and try not say “will not” as if it were certain when you have absolutely no idea.

          • SPM

            That sentence is simply explaining why BSI has concerns over Windows 8 and not Windows 7 – it is certainly not seeding misinformation. A security expert quoted in the article says exactly the same thing and mentions ther NSA by name:
            (QUOTE)
            Rüdiger Weis, a professor at the Beuth University of Technology in Berlin, and a cryptographic expert who has dealt with Trusted Computing for years, told Die Zeit in an interview that Microsoft wanted to completely change computing by integrating “a special surveillance chip” in every electronic device. Through that chip and the processes of Windows 8, particularly Secure Boot, “users largely lose control over their own hardware and software.”

            But wouldn’t it contribute to higher levels of security? Certain aspects actually raise the risks, he said. For example, during production, the secret key to that backdoor is generated outside the chip and then transferred to the chip. During this process, copies of all keys can be made. “It’s possible that there are even legal requirements to that effect that cannot be reported.” And so the TPM is “a dream chip of the NSA.”
            (UNQUOTE).

            The tools I am talking about are loggers, and modified device drivers which run in the background and log or echo network connections, files written to hard drives and system process activity, and rootkits that allow data stored on the hard drives to be accessed to check for data cached by the spyware, along with other forensic tools. These will definitely be blocked by any TPM enforced OS.

            I don’t think Microsoft or any other company would install an NSA backdoor into Windows 8 left to their own devices. In Microsoft’s case, I believe the main motivation behind of TPM is an anti-competitive device intended to prevent or make it more difficult for competing operating systems to be installed on hardware originally shipped with Windows pre-installed, to force developers to pay Microsoft’s 30% cut on apps sold on the Windows 8 app store, and to satisfy the paranoia of the MPAA and RIAA lobbies. On the other hand if the US makes it a legal requirement for US companies to install an NSA backdoor (if the revelations about PRISM are right, the NSA may already have the powers to do this), then they will have to comply, and as the security expert quoted above says, nobody will be able to talk about or reveal the backdoor without facing a witch hunt to silence them as has happened to Snowden. The recent closure of Lavabit in order to avoid having to secretly spy on its users on behalf of the NSA, and the reported FBI threats to Lavabit’s owner for contempt for shutting down his business rather than spy on behalf of the NSA, seems to give credibility to these fears.

      • NIGHTSCOUT

        I’ll take BSI’s word over yours any day.

        • Paperworkdan

          But is this BSI’s words? Who is the source? Is this reporting a “bastardised” version of the technical concerns put to someone in the BSI and it’s then been reported by someone with a lesser understanding in the agency to the press? It’s the journalism and human nature I’m concerned about because what this article describes is technically impossible and talking about something in the future that is yet to occur.

    • NIGHTSCOUT

      How would YOU know? Did you design the chip? I don’t think so. Until you tear it down, and verify all functionality, you don’t know all of it’s abilities.

      • http://danshockley.com/ DanShockley

        But he didn’t claim to know ALL its abilities, he claimed that it couldn’t do a particular thing. The former, as you point out, is hard to do. The latter might be easy to do without having to analyze the chip. For example, if he said “The TPM chip cannot make it snow in London,” he is probably safe to skip tearing down the chip to see if he is right.
        Your argument doesn’t help us determine whether he is right or not.

        • pleasespamthissacount

          HIs point is that the poster that claimed the chip could not do those things is highly likely to be wrong. The entire point of backdoors is that only an elite few will know of its existence and unless the OP is involved in the design of the chip itself, he will not be able to pass on accurate information. The information that is passed on is the official use of the chip, but not the clandestine use of it.

          • Paperworkdan

            Sure sure .. so paranoid speculation about a possible use of something in the future is better to believe in than technical knowledge of existing platforms and from thorough reading of the open public specification. I thought people were interested in knowledge rather than opinion but I’m clearly wrong. It’s probably even fair to assume that the man already has a facebook account or uses google services today – yet is instead posting without any technical knowledge about a possible invasion of privacy in the future that may never happen.

          • pleasespamthissacount

            There are three problems with your argument. Firstly, one problem lies with ‘open public specification’. What you are reading is information that is released by the company manufacturing those chips itself, which for very obvious reasons, will never tell you the clandestine use for it. The second mistake is that you deem speculation to be inferior to actual knowledge when it is in fact the root of all knowledge. Can you imagine if everyone just swallow what they were told to be true? We would still be worshiping the Sun, Stars and the Moon. Thirdly, it is not some random amateur fella that is positing that there are backdoors, but the BCI of Germany. When the best and brightest from one of the most industrialized nations on Earth find something suspicious, there is good reason to believe what they’re talking about.

          • doobie

            and now we all worship this strange thing called god. but seriously, everyone, why not just solve the entire problem by dedicating a couple of computers to offline use? not everything has to be connected to the data network, you know.

        • NIGHTSCOUT

          Except I am not trying to determine anything. I was not the one claiming to know the inner circuitry of the chip. I am simply pointing out, that we as the consumers, do not really know what the true functionality is of the chip. I just don’t like arrogant comments from pretentious people.

          • Bwop

            Seems to me what you dont like is trying to listen to someone who clearly does have more qualifications than you. Apparently you also like to post on forums a significant amount more than verifying the information said higher qualified people provide. these guys are obviously taking the 5 to 15 minutes out of their day to dispel false information while you sit with your tinfoil hat and pointing fingers at them for 10 seconds saying YOU DONT KNOW THAT!

          • NIGHTSCOUT

            Seems to me you like to go to discussion boards, and write off people as tin-foil-hatters. You made many assumptions young padawan.

          • hikage

            There’s no reason to start a flame war. I shall take your comment as a compliment, but at the same time, you have no proof that I indeed do have the qualifications.

            I’m not saying that I agree with NIGHTSCOUT’s point of view on the original topic, but lets try to keep the discussion clean. Any opinion is allowed.

          • Paperworkdan

            There are no chips yet. What you are saying is completely unfounded.

            By the way the fact that Windows 7 is supported until 2020 means that CSM boot HAS to remain available on all desktop boards until this date. All concerns about UEFI and secure boot from other commenters are also therefore completely redundant.

      • dcx_2

        He didn’t have to design the chip. All he needs is the datasheet and technical specifications. Something I have done myself.

        The TPM has no networking ability of its own. How, exactly, could the TPM phone home without any networking functionality?

        Go read the datasheet. The TPM is good for encryption and decryption, and that’s really about all it can do. If you can’t read or understand the datasheet, find someone who can. I guarantee you that they’ll say the same thing hikage says.

        • NIGHTSCOUT

          A data sheet is not a 100% representation of a manufactured chip. The data sheet might leave out functions that are irrelevant to consumers. Also, you should not assume there there is only 1 method of “phoning home” There may be a ping sent to the device.

          • dcx_2

            Just so you know, I’m a hardware engineer, so I deal with chips like the TPM as part of my every day job. In fact, I evaluated a TPM from Atmel, the AT97SC3204P.

            The TPM is communicated with in one of two ways – SPI, or SMBus. In both cases, communication with the outside world is only accomplished with a single Clock and Data signal.

            The TPM does not have WiFi or Ethernet – you can tell this easily by the total lack of PHY. There is literally no physically possible way for *THE TPM CHIP* to phone home. It’s physically impossible. The microprocessor communicating with the TPM chip would have to be responsible for providing any networking functionality.

          • NIGHTSCOUT

            Exactly.

          • dcx_2

            “Exactly”? So you’re admitting to the fact that the TPM chip is incapable of providing any kind of back door access to a computer, and that it is the OS which provides the back door?

            Because that’s not what you told hikage.

          • NIGHTSCOUT

            I’m saying the TPM2.0 can use the rest of the system as a host, to phone home.

          • Juan_

            It’s still not the TPM chip that does it.

            I agree that the chip can be used to get to all your data if the OS provides a backdoor to receive the keys the TPM uses. So if you use encryption based on the TPM suddenly it may be just raw data to NSA or MS. No need to brute force or decrypt your data. They key is given by the TPM.

          • Discit

            TPM is not just a chip. It is a set of technologies to basically enable hardware enforced DRM, but for example, Windows technologies are also part of it.

          • Juan_

            Of Course not, but the chip has a key role in the function.

            So even if those who say the TPM hardware have no possibilities to provide a backdoor, ( i buy that I think they did their homework), it could still be used as a way to get into encrypted data.

            Consider the scenario of iDevices and encryption, police has a problem to get into iPhones that are encrypted, they also need the files backed up on their home computer to get around it, (maybe apple has fixed that by now, or not).

            Now have a Windows 8 tablet using the chip for encrypting the all the data on the device. It could be possible to have a backdoor to retrieve the key from the TPM hardware.

          • Discit

            True. That is what we’re talking about, basically a chip supported system where the OS vendor secures unapproved things from the user or system, but where MS, NSA, etc. have the keys, and you are allowed to use or decrypt what is approved for you.

          • hikage

            The point of the chip is to make sure that you wont be able to retrieve the keys if the system has been modified/attacked. If someone messes with your bootloader, kernel, specific user-space tools, etc., you won’t be able to get your keys.
            However, if I get a hold of your Windows 8 tablet, I won’t need to attack it. If I simply boot it up, the TPM will cough up the keys as always.

          • Juan_

            Well, Microsoft’s software will be legit, even after NSA had their say about it.

            If you trust MS then no problem, if you don’t well don’t buy it. As we see now is that Apple, MS and Google are not even allowed by the U.S.S.A “Government” to even mention what type of data they give and not. Nor when it has happened or how much.

            If that worries you, you know what to do.

          • hikage

            Yes, but the article author clearly misunderstands this, mentioning the TPM chip itself as a “surveillance chip”.

          • Discit

            The TPM design seems to create another “black box” layer controlled by Microsoft though, which I can see would spook more than a few security teams given their attempts to subvert law and constitution for secrete policing already.

          • dcx_2

            TPM = Trusted Platform Module. Module = Chip. TPM is just a chip, the set of technologies is Trusted Computing, and the developer of the standard is the Trusted Computing Group.

            TPM exists outside of Windows. It’s just a chip, that fulfills a specification, and just about anything, even the most basic 8-bit PIC microcontroller, can talk to a TPM.

          • hikage

            This wouldn’t have anything to do with TPM2.0, though. That would just be Windows on its own. Even if the TPM wasn’t responsible for your keys, it could phone home. It could phone home with your account, password, provide a remote desktop connection, give them usage patterns – it could do so many things. It could email your grandmother all of your porn.

            … But it wouldn’t be TPM2.0′s fault – It would only be Microsoft’s.

          • Discit

            Again, you are confusing yourself.
            Just because a TPM chip does not have a wifi antenna attached, does not mean it can’t be used as part of a remote access scheme, or that it is incapable of assisting with such. You do realize that keyboard you’re typing on also works “with the CPU” to accomplish things, right? TPM is a specific set of technologies to give Microsoft the keys to decide what is capable of running on your computer, and by extension their partners. The technology was designed for and pushed by NSA and copyright holders. It is designed “to protect copyrighted material”. To do this, it needs to be able to scan your computer, give notice of copyrighted material, and provide the ability to disable the offending documents “delete them” and/or prevent offending programs from running.
            Maybe part of the misunderstanding is you are looking at it as just a chip, a tiny piece of hardware, when it is part of a larger integrated hardware/software system…

          • James

            AMT and RADMIN?

          • Discit

            As a hardware engineer you should know the difference between a CPU and an Ethernet connection, and how they work together though.

          • Luiz Felipe

            Just drill a hole on TPM “module” and be happy, just like the xbox360.

          • dcx_2

            Of course I know the difference between the two. You should review the comment I was replying to; I was addressing the people here (e.g. NIGHTSCOUT) who think that, somehow, the TPM chip in and of itself is capable of phoning home.

            The TPM chip is not and never was the problem. The problem is and always has been the OS that is running on the computer. That is the point I was trying to make.

          • Dustin

            The TPM is actually connected to the southbridge via the LPC bus — are you sure you’re a hardware engineer?

          • dcx_2

            Re-read my sentence; “the microprocessor communicating with the TPM chip”. Never once described how it was attached to the microprocessor in question.

            Besides, the south bridge is just a conduit to the main micro for all sorts of peripherals; the distinction you are drawing would be like me handing you a cell phone and saying “it’s your wife”, while your response would be “that’s not my wife, it’s a cell phone”. We both know what I meant – the TPM chip in and of itself has no capability to phone home – it has no PHY.

          • Dustin

            Sorry, I didn’t reply to the correct post. I meant to reply to the second one you made, where you claimed the TPM chip had a connection to whichever microprocessor through the SPI or SMBus. This is false, it is connected through the LPC bus. I made no claims about its capability to do anything, especially being able to connect to a network on its own accord(That’s just stupid, whoever said that)

          • dcx_2

            It’s not false – I was referencing the particular part whose datasheet I have examined, AT97SC3204P.

            After further review, it seems that other TPM chips can also have I2C (aka TWI), and LPC. The point remains – with just a clock and data line connecting the TPM to the outside world, it’s not going to be able to “phone home” – the hardware it is connected to must do the phoning.

          • Paperworkdan

            The chips don’t exist… this is a public technical specification currently up for review. Stop commenting on something you know about. You could go and read the specification docs right now instead of wasting everyone’s time.

          • Juan_

            You can compare datasheets with the physical component and see if there is something lacking.

        • Juan_

          So just a remote desktop and a key to get the data decrypted in your hand.

          All it has to do is to store the latest key for encryption, and a secret key to provide that key, the OS allows a remote desktop connection, you enter a key, the key is used to get the key for decrypting all your encrypted data through the TPM chip.

          All the data you believed to be secure by encrypting it suddenly is accessible. The backdoor though needs to be provided by the OS.

          Just a plausible scenario.

      • hikage

        The current set of TPM chips (v1.2) has been decapped, reverse-engineered and compromised (Although, having to work the chip under a FIB workbench is hardly a practical attack).
        Also, it doesn’t have access to anything. You ask a question, it replies. That’s it.

    • Wayman

      TPM chip may operate fine on unix but the same can’t be said for Secure Boot and UEFI which seem to be directly aimed at slowing the spread of Linux system use

      • Paperworkdan

        And yet Windows 7 doesn’t support secure boot either but is being supported until 2020 – so CSM boot will still be available on desktop boards. Should you wish to use secure boot with various Linux distributions this is also possible with MS providing keys to the major distributions such as fedora for example.

    • Zeratul Zum

      Nice try NSA, now go fuck yourself!

    • James

      Radmin can use Intel’s AMT and AMD OPMA, with tools like RADMIN you can get full control over the OS and even access BIOS screen.

    • wazzel

      Nice try NSA

    • atze

      “Someone” seems to have misunderstood what the article says: There is no mentioning of “TPM is” or “provides a backdoor by itself” in the article. What the article says, though, is that Microsoft’s implementation of TPM 2.0 in Windows 8 created a backdoor. And it says, that TPM by itself makes you lose control over your machine (while Windows 8 is booted) and what software you can install, which has nothing to do with the concept of a backdoor. This is the objective of TPM: DPM and security. And if you accept that you cannot just install any piece of software, fine, then that concept is for you. But that is nothing new. New is, that Microsoft’s way of controlling this feature enables other threats.

    • Discit

      I think you misunderstood the whole article. Don’t pretend to be dense.
      They are obviously talking about the TPM platform as a whole, which most certainly is a spyware DRM enforcement scheme. Read some of the FTAA verbiage, as most of this is negotiated behind closed doors.
      TPM as a chip is just a hardware level enabling mechanism for this DRM

  • rusty shackleford

    Nice try NSA

  • Oliver

    Linux has a number of security modules, but the main one, “SELinux” was developed by the NSA and implemented in 2003 over the objections of Linus Torvalds (the creator of linux)

    • orclev

      SELinux is terrible. I never use it anywhere because it’s such a pain to setup, the fact that it might also have NSA backdoors is just more reason not to use it.

      • SPM

        Since Linux is open source, it would be easy to detect such a backdoor if it existed. The NSA developed SELinux for its own use and US government departmental use ie. to keep others out, rather than to allow it to snoop on others. If it did incorporate such backdoors, it would be stupid to put in an open source OS and use it in US government servers, because other countries could discover the backdoor and use it to break into the the US servers.

        • ri0t

          Yeah, when NSA installs SE/Linux, they send you a copy of source code to analyze, right? :P

          • Thomas Schenk

            selinux isn’t something you install, it’s a feature of the system that you enable or disable and is built into the kernel. And yes, the NSA did provide source code for it or it wouldn’t be part of the Linux kernel.

          • Mark Hayden

            Actually, yes they do if they send you their binaries too. By law (as stipulated in the GNU license) all users of SELinux get the code that NSA wrote for it. Thus, EVERYONE who runs SELinux has FULL access to the source code to vet it for back doors, etc. unlike Windows.

            Of course, the NSA (or anyone for that matter) could modify/add/remove code and build their own “one-off” for their own use, but if they distribute that custom build to others they must supply that source code too or they are breaking the law. So, I suppose the NSA could alter and add backdoors to the copies of SELinux they use, but why would they backdoor their own systems?

        • Juan_

          Easy to detect, If so, then why don’t you just find the bugs and fix them for linux wifi.

          If bugs are hard to find in the code, why do you think backdoors would be easy to find.

          • Mark Hayden

            There aren’t any bugs of note in Linux WiFi subsystems themselves. The bugs and difficulties are almost exclusively in the firmware bytecode that some wireless vendors provide without access to its source or specifications. These days wireless is all about “software defined radios”. The circuitry is “dumb” and only does what the firmware instructs it to. I use the term firmware loosely because way back when it would’ve typically been in a ROM chip, or later in a flash chip. Now, however it is loaded into a special area of RAM. Some WiFi vendors open their specifications up enough for Linux developers to write their own firmware, or release specifications on how their own firmware works so the driver portion can be written properly (Atheros has historically been good about this). Others have been slower to come around (Broadcom has been bad in the past).

            So there is your reason–for the most part, the bugs are not technically in the Linuc kernel–they are usually in the closed firmware binaries or in “hacked” binaries made with reversed engineering–thus it is not feasible to simply “find the bugs and fix them”–you cannot do that with closed firmware like you can with Linux.

            Same challenges happen with video hardware, where AMD and (even worse) NVidia withhold specs on their hardware and/or depend on video BIOS type firmware (aka “blobs”–Binary Large OBjects) to achieve full capabilities. That is a major factor in why Linux hasn’t been a bigger challenge on the desktop. However, Microsoft is no longer the dominance in computing as it once was–Android, which uses the Linux kernel, has contributed greatly to Linux-based platforms now exceeding Microsoft based systems in market share (yes, that’s right, when you count “all” computers, including servers and mobile devices, Microsoft has recently fallen behind Linux). That rise of Linux in consumer devices has compelled hardware vendors to pay more attention to Linux and if not open up their specifications or firmware at least devote deserving attention to Linux support. As a result, since the rise of Android and other embedded and mobile platforms using the Linux kernel Wifi, video and sound support has improved dramatically (NVidia has realised that they have made so much due to Linux-based platforms running on their Tegra hardware that Linux deserves their attention–and now their closed Linux drivers are treated equally to Windows–they are even built from the same codebase and perform approximately the same).

            SELinux on the other hand is NOT distributed as a binary from the NSA–their enhancements were contributed to the kernel as source code, and as such it has all been examined fairly thoroughly by committers and the community at large. The same cannot be said of Windows–since code reviews and contributions are closely held by Microsoft the only way to find bugs or backdoors is through reverse engineering–a much tougher task than is required for Linux.

          • Juan_

            Just BS.

            How long did it take for the open source community to reach that level?

            And still what the closed source vendors lika Apple and MS had it to work long ago.

            Last time I installed Linux I could not get wifi to work on my Mac Pro. Same goes for many windows boxes. But they worked from day one with OSX and Windows.
            It’s not like there are many hardware vendors that make wifi cards.

            And much of it are standardized 801.2 a,b,n, etc.

            It’s all about wanting it to happen or not. Still it does’t work.

            An other open platform is Java, and there are always buggs and compatibility issues with opensource tools and system. In a way I never seen on closed source environments and tools.

            Open source guarantee nothing from security point of wiev.

          • Mark Hayden

            It seems apparent you really lack understanding of how hardware works. Your argument makes absolutely no sense at all.

            Apple had it working because APPLE WROTE THE SPECS FOR ALL OF IT. Of course apple “just works”. Apple offers no choice–you use THEIR hardware choices and THEIR software ONLY. When you build illegal “hackintoshes” and you run OS X on non-apple hardware with components that differ from Apple you have exactly the same problems as Linux has. No MacOS drivers exist for wifi or video chipsets that are not used in apple hardware, so it just DOESN’T work in such cases. The secret to hackintosh success is to put together a machine that uses hardware compatible with their limited set of Mac OS X drivers–it is more of a challenge than with Linux.

            Microsoft didn’t do anything to get it to work–the vendors did. Vendors ignored Linux for WiFi and video because Linux once dominated in SERVER markets only where traditionally video and wifi were never important. Vendors had to cater to the 90%+ desktop market that was Windows, so they fell all over themselves to make it work and get to use the windows logo on their boxes. The vendors wrote the drivers for their own hardware–pretty easy to get that to work when you have full access to the design info because you wrote it yourself!

            And so you are surprised you cannot get Linux WiFi to work on an APPLE? the most CLOSED hardware on the planet? Apple uses Broadcomm chipsets (generally very closed design) that they hand select, and they work with their suppliers (including paying $$$ and signing NDAs to get very special access to designs)–and as with MSFT they will write the drivers for Apple if the money is there for it. Without the $$ and special access to the designs OF COURSE there will be a few months to a few years to get WiFi to work right!

            Also I can tell you don’t understand hardware at all because 801.2 a/b/g/n is not even at the same layer as the low level operation of the radio that is controlled by the firmware. It is like OpenGL for graphics–it is a standard that is well understood by all developers–it is the driver BELOW that–how to make the hardware comply with that standard–that is the hard part and is different for every device.

            Linux devs DO “want it to happen”, plus your knowledge is obsolete–it DOES work now, and if it doesn’t it is more of an exception to the rule.

            Also you are incorrect,–Java is NOT TRUE open source it is controlled by Oracle. The SPECIFICATION is fairly open and others have made IMPLEMENTATIONS (IBM made their own fro example, and Dalvik is a variant of Java) and the security problems have more to do with the flagship ORACLE implementation ONLY–and that implementation is essentially closed–Oracle and even Sun to a degree before that, have been hostile to community participation in their Java implementation, and that has really been one of Java’s greatest failings.

            Open source does NOT guarantee something is secure, you are right about that. Look at WordPress–it has an absolutely HORRIBLE security track record. What it DOES guarantee is that it is ACCESSIBLE. With access to the source you can remove backdoors and rebuild software. The community can find bugs and share patches, and contributions can be peer-reviewed. Also, developers of open software tend to more often be heavily devoted users of that software as well, which is less often the case with closed software.

          • Juan_

            I have designed hardware in my days, written software for it.

            Take a look at FreeBSD and how they been able to provide functionality.

    • Anders S Lindbäck

      SELinux was actually released in 2000. Nothing goes into the Linux kernel without the approval from Linus Torvalds.

  • NSA Microsoft

    Microsoft has his high head up his lowly rich ass!

  • Ruck1707

    You think too highly of Microsoft, they can’t even wipe their asses without screwing it up

    • orclev

      Because a poorly implemented and insecure backdoor is so much better?

      As others have pointed out, TPM 2.0 has some security implications, but it isn’t itself a backdoor. That said, it’s generally considered true that MS has provided NSA backdoor access to Windows, and if they’ve also provided the NSA their private signing key TPM would allow the NSA to run arbitrary software on Windows which would otherwise have been blocked by the TPM. Adding further fuel to the fire is rumor that Intel has provided the NSA a hardware level backdoor via CPU microcode blobs, which of course being binary blobs can’t easily be verified or disproved.

      The idea of TPM isn’t itself bad, it’s the leaving of control of it up to software and hardware manufacturers that’s the problem. Part of the standard OS install process should be to generate your own private computer specific signing key and to have the user authorize the signing of new software. You’d still be vulnerable to social engineering, but at least as part of the signing process you could verify the signature of the author, and it would severely hamper the ability of virus/trojans to run arbitrary code.

  • Seth

    So many lol’s.
    Important data is never on a windows 8 machine. It sits on servers or SAN’s with multiple firewalls an other security protocols. If they are losing their data that way then they are just stupid.
    The NSA would not need to do something so mundane to get into your systems they have very intelligent people working for them that has much easier ways to break into your systems.

  • staff office

    LINUX

  • ri0t

    I LOLed hard.

    Windows 7 can “be operated safely until 2020.”
    An update can easily modify Windows 7 to have all the evil stuffs that Windows 8 has.

    During this process, copies of all keys can be made
    Yeah sure, it can be made. Same can be done when SSL keys are generated, that means NSA can look into all your bank transaction/secure mail checking. Now what – you will ban internet?

    • Sam Gleske

      Maybe, but getting SSL key copies are a lot harder as they would have to talk to all of the individual companies managing each website. The trusted certificate authorities only receive the certificate signing request. Also, I did read the humor and sarcasm in your comment :D and I enjoyed it. I’m just providing a little technical snippet to refute it.

    • Obelix

      Sure, but for Win7 TPM in not mandatory, so you just diable the chip and voila’, we don’t care about W7 and TPM (which it *already* have, they don’t need a fixup)…

      The key is that W8 request the TPM chip to be active, while previous win version doesn’t force you to activate. Of cource, if you have the TPM active on your W7 computer, you weill be in the same unsafe situation that occur win W8.

      As for ‘ the chip doesn’t have circui to call home’: i’m pretty sure Wx expose sufficent services for any of it’ s chip to call home, once the SO is sintalled, so the chip itself *doesn’t need to have a Lan/WAN/Phone component…

  • http://tvhpalace.webs.com/ AnonNerdThe8D

    Well then…

  • Sad Reader

    Oh man. This article has so many problems. I’m not going to be able to cover them ALL but if you’re smart you’ll look in to TPM. Here’s some key things that cause issues with this article:

    1. TPM is in Macs and Linux too. See the problem? And no, it’s not that the NSA can spy on those too.
    2. TPM is a chip. Windows is not a chip. The title suggests otherwise.
    3. You control TPM. Therefore you can control the behavior.

    Read. Learn. Understand the lies.

    • Curious reader

      I am curious how TPM functionality can be disabled in Win8?

      • Paperworkdan

        You can go turn that off in the BIOS config of your motherboard right now. It will vary from board to board as to where to find it but there should be a manual online somewhere.

    • SPM

      You are telling a few lies of your own here. If Windows 8 was to require TPM to be enabled in order for Windows 8 to boot up and run, then you cannot use Windows 8 without TPM. That is the whole idea of DRM/Trusted computing. TPM is used to prevent piracy, and enforce usage restrictions, and is more correctly referred as Digital Restrictions Management. In this context, there is no such thing as optional TPM because for TPM to be effective, it needs to be mandatory – either it is used or it is not used.

      TPM is supposed to stop the stop the software being used in a way that is not approved by the software/OS vendor. The whole idea behind TPM is that the software/OS controls your behaviour, and you don’t get to control the software’s behaviour.

      This isn’t an issue with Windows 8 only, it applies to all software/OSes that use TPM, but it is the software/OS vendor enforces TPM. Linux does not enforce TPM because of widespread opposition in the open source community as well as security experts and server admins who manage secure servers (although it is possible to build distributions that do) so your comment that it applies to current Linux distributions is incorrect.

  • Timothy

    The serious technical errors in this article aside, did the world just think that the world’s spy agencies didn’t, you know, do any spying until a few months ago? I have seen so many breathless articles about how your pet pictures are being spied on recently and you need to abandon . Look, I’m not trying to downplay the real efforts to provide checks and balances in any government against the growing “internet age” spying activities. The brute force approach that these agencies use is, indeed, worrisome. But the fact is that, so far, the actual abuse is either small, non-existent, or not yet discovered. So the alarm bells should probably be turned off. If we keep getting stupid articles like ZOMG TPM CHIP WILL SPY ON YOU, then the real efforts to safeguard privacy are going to be hurt. Boy who cried wolf and all that.

    Also, I don’t know if anybody else read the other articles on this. I got here through a CodeProject link. But either this is a parody site being taken seriously, or the person/people who run it are basically stupid and crazy. Or both.

    • Simon Saunders

      To offer an analogy, let’s say we know that someone has murdered before, when all they held was an axe. We have since discovered that they have recently acquired a machine gun, but haven’t yet used it to gun people down en masse. Your suggestion here is that “yet” means we shouldn’t worry about this heavily-armed killer and should basically leave them to it.

  • Markus Klyver

    Is this actually news?

  • James Woroble Jr

    Feigning concern. There has been an NSA ‘back door’ in the operating system since Windows ’95!

    I’m shocked, shocked to find that gambling is going on in here!
    – Captain Louis Renault (movie, ‘Casablanca’)

  • Chotabean

    OK guys, I do not hesitate to take the title “a layman”…! :P
    but what I understand your arguments is that there is something called “TPM chip” which Microsoft is making use of it to “phone home” with user data if “connected to internet” by any means right? Which Linux also “can do”… but presently “not doing” because it doesn’t want to do so… right?

    As a user, let us suppose, I have two computers (same configuration – I paid for it), one with Windows 8.1 ($$$) and one with any latest Linux.(NO $$$)
    the $$$ one takes my data (may be my bank account # & pwd) and uses it (finds that my account is NIL)

    I feel it is not difficult for any third party to come up with a free application (such as a firewall) which can “cut” that call which either $$$ or NO $$$ may make to phone home? Tell the users that their is a “thief” sitting in your own computer (enable/disable). Why not think of that instead?

  • duvalno2

    Can someone tell me in plain english (but with detailed information).

    1. Is it possible for MS to use TPM to decrypt all contents on my computer
    2. Does TPM prevent me from installing apps on my computer legal or otherwise.
    3. Why is MS forcing people to use it?

    4. I just updated to 8.1 and I lost my ability to turn off TPM in BIOS why????

  • Duval

    So tell me does this thing give MS and thanks to secret court orders, etc the govt the ability to decrypt stuff on my computer or remote access to the computer?

  • CapitalismFirst

    Section 2-313 of the Uniform Commercial Code stipulates Express Warranties by Affirmation. Although a consordium of companies will lose business in capitalist countries, a company could offer an express warrenty stating it is free of malware, or goverment engineered viruses.

    Would you use any piece of technology that had to report to a communist goverment, before it attended to its user? (Dangerous)

    Without the Express Warranty by Affirmation affixed to a device about the absence of government engineered malware, capitalist consumers can only expect electronic “steering” of any american made device to ask permission from another source than the user first.