Samsung laptops can be NUKED by ANY OS – even Windows: new claim
New Samsung laptops that destroyed themselves when booting Ubuntu Linux can be bricked by ANY operating system – including Windows – according to a top embedded developer. Nebula programmer Matthew Garrett has shed new light on a baffling bug that renders shiny Sammy computers completely unusable by accident, and blamed the flaw …
This topic is closed for new posts.
Re: yawn
If you think a story is boring then don't waste your time, or that of readers, by commenting. Just go to somewhere you think you might have something useful to say. And did you really mean to deploy the IT? icon ? this being a story about computers ?
Re: yawn
"This is the 3rd time this issue has been covered here"
Yes, it's a _developing_ story.
"the problem's ramifications have been clear from the outset."
To some, yes (or at least probably). This story provides provides evidence for what had heretofore been an assumption (ie that it is generic problem).
Are you really suggesting that El Reg should not waste our time reporting it ?
@ mods
Why delete the OP ? He didn't seem to violating posting guidelines, and it make my comments look a little one sided !
Re: @ mods
It also makes the "discussion" look like one from any hypersensitively-moderated news outlet rather than our dear old Reg.
Nope, can't have criticism of the site no matter how idiotic and ill-informed... deellllllete.
Oh, dear...
...someone is going to get a real shocker of an email from Mr Torvalds.
Why Linux could trigger a bug that Windows might not
Firmwares will present an API to an OS or will react through a multitude of electrical signals from various external sources.
Therefore as long as an OS can interact with a processor or interface of some kind ( RS232) etc then in theory any OS has the capacity to trigger firmware functions,.
Linux was written by inquisitive programmers that like to hack any and all given APIs, interfaces in the quest for knowledge or functionality. This allows Linux to be used for a myriad of different purposes .
Windows and MacOs, on the other, have a different purpose than that of Linux. They are intentionally created as single purpose "End User" OS's whereas Linux is a Swiss Army Knife. WinOS and MacOS do not need the same amount of functionality, I am generalising quite a bit but it's easy to understand what I am getting at.
This I believe could differentiate why one system would trigger bugs but another would not. Linux devs might write code and functionality that remain in the overall scope of the Linux way of thinking whereas MS Devs would simply ignore the existance of such and such an API because it does not fall into the scope of their requirements..
YMMV
Re: Why Linux could trigger a bug that Windows might not
"This I believe could differentiate why one system would trigger bugs but another would not. Linux devs might write code and functionality that remain in the overall scope of the Linux way of thinking whereas MS Devs would simply ignore the existance of such and such an API because it does not fall into the scope of their requirements.."
..or it could be that someone wrote some code that conformed to the UEFI spec and because the firmware had bugs it bricked the laptops. That someone in the first instance was a Linux developer writing a kernel driver but, as appears to have been demonstrated, the choice of OS is irrelevant and the code can come from user-space (so any developer, not necessarily one from the institution responsible for the OS, could potentially trigger this).
I'm not sure some strange theory about how and why certain organisations write the code they do is particularly useful in this instance.
Re: Why Linux could trigger a bug that Windows might not
@Tim
Please reread my second phrase
>Therefore as long as an OS can interact with a processor or interface of some kind ( RS232) etc then in theory any OS has the capacity to trigger firmware functions,.
I am quite sure than I am being explicit enough in detail in order to understand that that no one particular OS is any more capable than any other .....
Yes, I agree that the instruction will come from User Space, I did not state otherwise.
<quote>I'm not sure some strange theory about how and why certain organisations write the code they do is particularly useful in this instance
It is extremly relevant, Linux devs have the capacity, knowledge and depth of understanding that can take them further than other OS devs might need/want to go.
In case you didn't understand the undertow, Linux developers push things further than Windows developers normally need to.... and that is usually a good thing, although unfortunately not in this case because of badly written firmware..
Re: Why Linux could trigger a bug that Windows might not
"@Tim
Please reread my second phrase
>Therefore as long as an OS can interact with a processor or interface of some kind ( RS232) etc then in theory any OS has the capacity to trigger firmware functions,.
I am quite sure than I am being explicit enough in detail in order to understand that that no one particular OS is any more capable than any other ....."
As far I am concerned that statement is fine - I have no problem with it.
"Yes, I agree that the instruction will come from User Space, I did not state otherwise."
Good - however the slant of your post seems to indicate that Microsoft devs (or presumably OSX or any other OS) just wouldn't use the API in the same way. I suspect you may be right that proportionally more Linux developers may be dealing with board level programming, however this issue came to light not due to some devvie hacking an API but a professional programmer using the interface as it was intended, and further more to spec. My point is that this could easily have been a developer from Microsoft, Apple, Solaris, HP-UX, QNX blah balh, writing an official driver or utility and the same thing could have happened, i.e. the issue is not with the philosophy of the development culture, but with a firmware that is not just buggy (that's too be expected in any code base) but is broken in respect to a mandated, and extremely important part, of the specification with rather drastic consequences.
But Windows can trigger it.
Linux was written by inquisitive programmers that like to hack any and all given APIs, interfaces in the quest for knowledge or functionality. This allows Linux to be used for a myriad of different purposes .
Windows and MacOs, on the other, have a different purpose than that of Linux. They are intentionally created as single purpose "End User" OS's whereas Linux is a Swiss Army Knife. WinOS and MacOS do not need the same amount of functionality, I am generalising quite a bit but it's easy to understand what I am getting at.
Your thesis is nonsense. Windows provides the exact same access to the UEFI variable space as Linux does, through the SetFirmwareEnvironmentVariableEx function - as used in the Windows-based PoC mentioned in the article.
Re: Why Linux could trigger a bug that Windows might not
@Khaptain "Linux was written by inquisitive programmers that like to hack any and all given APIs, interfaces in the quest for knowledge or functionality."
This wasn't a hack or an unusual use of an API or interface though. At a basic level it's a buffer overflow issue with Samsung's implementation of the UEFI.
Incidentally, I think what you point out (Linux more likely to trigger a bug) isn't quite correct, I think it's more nuanced than that. I suspect that Linux is more likely to trigger a bug that the public can then hear about. Windows devs working for MS were just as likely to trigger this overflow (especially as it's an acceptable UEFI call FWIU), but the symptoms, bug report and fix wouldn't be made public.
Re: Why Linux could trigger a bug that Windows might not
Guys, calm down
I am not knocking anyone, neither Linux nor Windows developers. That is not my intention, I have obviously been misunderstood from the beginning or I have badly worded my comments.
Re: Why Linux could trigger a bug that Windows might not
I'd actually say it is more like this.
1. PCs are so massively varied, there are so many possible configurations it is impossible to put a number on how many there could be. So testing is tricky.
2. Linux distros are so massively varied. Someone can change the code of the kernel to create their own unique version.
While Windows has lots of different versions and patch levels, there are generally a lot less possible configurations than Linux.
Re: generally a lot less possible configurations than Linux.
Infinity vs Infinity squared arguments bore me.
I'd say this is one where MS's larger money pool and deployed base gave them a slight advantage. I wouldn't be surprised to learn MS found the bug, and worked around it, and never reported it to anybody because that's the way the rock. Because they have such a varied install base and the money to back it, they get to test (and frankly HAVE to) on a lot more hardware than the Linux devs do. On the other hand the Linux devs are more nimble, and patched it quickly.
So let's see if I understand this...
Shamsung rip off somebody else's BIOS. Make a dog's dinner of the programming leaving massive flaws then blame this on innocent users and innocent Linux developers.
Just checking some things never change.
Re: So let's see if I understand this...
Samsung licenses their UEFI BIOS from another vendor, and then tailors it as needed for their hardware implementation. The faulty Variable Store implementation was almost certainly provided by the original vendor, although it would be interesting to know if Samsung has kept up with maintenance releases from their vendor.
Re: So let's see if I understand this...
Regardless of whether Samsung got the original firmware from a third party the problem remains their responsibility. If the brakes failed on your car you wouldn't let BMW/VW/Ford/whoever get away with blaming a third party who manufactured the brake discs.
If you assemble and sell a product you are responsible for the quality of it no matter what's in it or who manufacturers the components.
Re: So let's see if I understand this ... because it is really important*
Re: So let's see if I understand this…Regardless of whether Samsung got the original firmware from a third party the problem remains their responsibility. If the brakes failed on your car you wouldn't let BMW/VW/Ford/whoever get away with blaming a third party who manufactured the brake discs.
If you assemble and sell a product you are responsible for the quality of it no matter what's in it or who manufacturers the components. …. Phil W Posted Monday 11th February 2013 23:54 GMT
Morning, Phil W,
It will be interesting to see how that theory/opinion pans out in the real world with the burning Boeing 787 Dreamliner battery issue, which has grounded the entire fleet.
* Typical pretentious politically inept Newspeak as obviously taught to wannabe leading TV politicians. Without media are they powerless, and this is not a question .... ergo media tales and trails rule?
Wanna explore that Novel and Noble when Nobel Live Operational Virtual Environment, El Reg, with AIMaster Pilot ProgramMING? Satisfaction is Guaranteed. Of that can you be Assured.
Re: So let's see if I understand this ... because it is really important*
Troll makes sense? AI getting better? Seems to copy from his own back catalog though :(
It will pan out exactly as stated. Boeing are carrying the can. I assume boeing will sue whoever supplied them but as far as things go boeing will take the hit. I imagine Samsung will also beast their supplied -assuming Samsung followed their vendors specs (in the boeing part assuming boeing followed all their sub contractor specs too etc).
Re: So let's see if I understand this ... because it is really important*
Boeing will inevitably carry the can because they won't sell some aeroplanes for a bit. I doubt that Samsung laptop sales will be much affected, because bricked laptops don't make people think of falling out of the sky screaming.
Whether Boeing sues the supplier is going to depend on specifications, specifications, specifications. I remember a very nasty "you are going to have to compensate us" meeting at a customer once going very quiet as we wheeled out (a) the original specification and (b) the evidence that we adhered to it and (c) the evidence that the operating envelope had been exceeded by the customer.
The customer's engineers took me out to lunch because they knew that the original design had been compromised at the behest of the product designers. And no, it wasn't an Apple aerial.
If it isn't broken...fix it until it is....
Yay for UEFI !
Now can we have our clunky old fashioned, was working okay before, BIOS back in our computers again please.
Re: If it isn't broken...fix it until it is....
Yes you can, you can disable UEFI on most devices...
Apart from ANY ARM based Windows 8 device, its mandated (for anti fair competition reasons) that you cannot disable Secure boot (which uses UEFI).
ANY Windows 8 ARM device you have no choice... (but its your fault for buying such a piece on unusable crap.) As well as preventing you run Linux wil also prevent you running any older version of Windows.
Re: If it isn't broken...fix it until it is....
W8 ARM tablets are far from unusable. There is a difference between unusable and stupidly expensive for what they are. Also UEFI ARM tablets are a far cry from a laptop. As long as the tablet works then who cares if someone bricks it by trying to jailbreak/root/homebrew an OS on there - it will be the same if you brick an ipad or android tab.
The samsung laptop is a different story and inexcusable as these are designed to have multiple OS choices. Obviously when W8 ARM laptops are out the same criteria would apply.
@yossarianuk - Re: If it isn't broken...fix it until it is....
Wrote :- "Apart from ANY ARM based Windows 8 device, its mandated .. that you cannot disable Secure boot (which uses UEFI)."
I think you meant that it is mandated that PC makers should not disable the Secure boot SWITCH (assuming there is such a switch) - ie it is mandated that that the user should be able to disable Secure Boot. That is true. However it is also mandated (just as an example) that lorries on UK single carriageway roads are llimited to 40mph; but hw often do you see that being obeyed?
From www.theregister.co.uk/2013/02/11/linux_foundation_uefi_workaround/
"Linux enthusiasts observed that some OEMs were actually disabling the Secure Boot switch in their firmwares"
Re: @yossarianuk - If it isn't broken...fix it until it is....
Ummm, actually I think you'll find it is 55MPH
Re: @yossarianuk - If it isn't broken...fix it until it is....
That article doesn't provide any citations for OEMs doing this, can you ?
Microsoft were forced to change certification requirements for W8 after all the hooha when the original implementation was announced.
The current requirement is - 'To be branded as W8 compliant, one requirement is that it MUST be possible for the end user to DISABLE secure boot'
I'm not going to provide the link, plenty of references on ElReg to it.
And, no I'm not a Windows fan, as anyone who knows me can attest.
It is not a hacked machine issue, it is a virtual machine user space crack
Garrett, who works as a power management, mobile and firmware developer on Linux, said more work is being done to figure out the full details.
Meanwhile, on the dark side of such matters is much work in full swing to take fuller silent advantage of the stealthy opportunities presented by such as are sublime vulnerabilities, existent in all smarter operating systems [Enabled and Enabling SOSystems] with overlording information overlode facilities/capabilities.
Be careful out there, CyberSpace is not IT for Dummies, it is a place for genii free of the Fool and their Follies for LOLly and heavy laden to XSSXXXX in MetaDataBase Codes …. which is Enigmatic Treasure Trove for AIdDanegeld Virtual Supply to Offices of Cyber Security with ZeroDay Trader Protection. ……. Sp00Key IntelAIgent Space Services for Bonded Ware Houses in Rich Intelligence Communities/OSINT Environments.
It seems that the bug we've been seeing is simultaneously simpler in some ways and more complicated in others than we'd previously realised. ….. providing a proof-of-concept program
When that bug be a quantum trojan, is there no defence against IT in the Great Game that humans play so badly.
Re: It is not a hacked machine issue, it is a virtual machine user space crack
"When that bug be a quantum trojan, is there no defence against IT in the Great Game that humans play so badly."
Profound.
And I apologise for the meatsack that downvoted you.
It provides an interesting virus vector..
If exist <plugged in USB stick> then
rewrite USB stick with brick code
reboot
I'm not touching Samsung laptops for a while.
Having said that, if that is a licensed UEFI implementation I'd love to know who the supplier is, and which other machines this has been implemented. This issue could be bigger than just Samsung.
Re: It is not a hacked machine issue, it is a virtual machine user space crack
You didn't give the full link
http://www.codon.org.uk/~mjg59/scratch/brick_samsung.txt
I am surprise how few lines of C are needed
QA whats that then
Slap yourselves on the back fellas job well done.
Re: QA whats that then
Easy as it might be to call this a QA issue, it probably wasn't in their spec to test LINUX installs on this hardware. They would have been given a number of official scenarios, and tested those and a few secondary scenaros as well. Anything else would not "be supported" so no testing.
And even then, not all found issues are fixed; sometimes they generate a helpline script to be followed, and just accept it as "a feature". Dell, Apple and HP all have history here.
However, if this is indeed exploitable via one of the "supported" OS'es, and all it takes is a different install vector (eg: verbose install from DVD? boot from SD card?), then Samsung really do have some QA questions to answer.
Re: QA whats that then
Easy as it might be to call this a QA issue, it probably wasn't in their spec to test LINUX installs on this hardware.
However, if this is indeed exploitable via one of the "supported" OS'es,
Ah, excellent, *still* trying to suggest that a bad or unsupported OS could be to blame. This isn't about an OS, it's about conforming to the UEFI spec. QA at this level doesn't involve an operating system, the test harness around this level of hardware interaction is and always should be OS independent.
Even if this was a case of an OS making a bad or malformed UEFI call (it wasn't), the laptop shouldn't be damaged by it. This is basic bounds checking, and falls firmly into the category of QA. In this particular instance, it appears to be a buffer overrun, which has been bad programming since forever.
Is it only samsung???
There are only a handful of companys who write firmware for for PC's off hand i can think of phoenix, award, AMI and insyde and i think the first 3 might all be the same company now, oh and dell but thats just a phoenix bios mangled beyond all recognition.
I had a quick google and it appears the NP700Z5C is using a phoenix efi bios, I know the bios is customised by samsung for their particular machine and with UEFI apparently being designed to have loads of crap shovelled in to it I hope it was something stupid samsung did, but im intrigued as to if this is just samsung thats affected and if it is how have they managed to take code that many other manufacturers are also using and break it so spectacularly.
Reminds me of Futaba..
.the well known maker or radio control equipment, who stolidly maintained that their equipment, being digital and with each packet signed by a unique code flashed in at manufacture, simply couldn't interfere with another receiver 'bound' to a different transmitter.
Except it was rapidly discovered that if you did - as was often done - the simple 'switch on, check battery level is OK, switch off (before boot completed)' routine it was entirely possible to zero the code in the flash. thereby ensuring that - after rebinding your receiver - you were on the same virtual channel as anyone else who had done the same.
The egg on the corporate face was not lessened by months of refusal to admit the problem..
I stand by what I said last time.
If it's writeable, it must be recoverable. Anything else is a one way ticket to Fuckup City.
Re: I stand by what I said last time.
If it's writeable, it must be recoverable
Only if you can read it first..
Re: I stand by what I said last time.
Only if you can read it first..
Ah yes, good old write only memory.
Oh oh!
Samsung got so blinded by staring at shiny MacBook's whilst creating their clonetops, they forgot to write their UEFI code properly.
But you're still missing the point
Windows COULD do this but does NOT do this because it's been tested by Samsung. I'm pretty sure they would have noticed all their notebooks bricking with Windows and would work with Microsoft to get it fixed before they shipped. That's because Samsung declares Windows as a supported OS.
Linux COULD do this and unfortunately DID do it, and the bug made it all the way into a release because no one bothered to (i.e. got paid to) test it. That's the problem with running an unsupported OS. Samsung didn't want to test it, so it's up to the highly organized well-paid OS test team to catch critical bugs like this. For Linux, this team of people is called "end users." Now the bug has been detected and worked-around quickly, but at the unfortunate demise of a few customers' notebooks. With Linux (like any other OS), you get the good with the bad sometimes.
Re: But you're still missing the point
The UEFI, however, shouldn't be tested against the OS, it should be tested against the specification. That's the only way to test that it meets the specification. It didn't, so it wasn't, so it's Samsung's fuck up, whatever the end user decides to throw at it (within the bounds of the spec, obviously).
Re: But you're still missing the point
Windows COULD do this but does NOT do this because it's been tested by Samsung. I'm pretty sure they would have noticed all their notebooks bricking with Windows and would work with Microsoft to get it fixed before they shipped.
You'd hope so, yes ... but did you read what actually causes the bricking?
It apparently happens when data is written to a diagnostic log that's maintained by the UEFI Firmware. If you write too much you brick the PC. It appears that when Windows boots normally it doesn't have enough diagnostic information to write for this limitation to cause a problem ... but there may be circumstances in which there is more to report, in which case the PC will get bricked under Windows.
This could get triggered by something quite routine ... perhaps an error caused by trying to boot from a non-bootable USB Flash drive or SD card that had accidentally been left plugged in.
Re: But you're still missing the point
Windows COULD do this but does NOT do this because it's been tested by Samsung.
Actually I think you'll find Windows did not do this because it didn't 'randomly throw data at the UEFI' as the Linux driver did. This article suggests Windows - and anything - can do the same in the same way and have the same adverse outcome.
The problem seems two fold; Samsung's UEFI should not have allowed the failure to happen, and OS's and other programs should not be causing it to happen. It was just bad luck in some ways that Linux caused the house of cards to come tumbling down. Not entirely bad luck though, because it was doing something that it could not explicitly guarantee the success of. Had Samsung successfully protected against that it wouldn't have been a problem but unfortunately it wasn't the case.
If you deliberately drive a car at a wall expecting the air bag to protect you from injury, when the air bag doesn't inflate and you hurt yourself then whose fault is that; yours, the air bag manufacturer, or both?
Re: But you're still missing the point
For me the point is that I now have no confidence in Samsung's testing of their own products.
Finally, after 20 years..
.. someone improves on the Terminate & Stay Resident (TSR) software we had under DOS by making it more efficient. It's now just Terminate..
This topic is closed for new posts.
