Stories
Slash Boxes
Comments

SoylentNews is people

posted by martyb on Tuesday May 02 2017, @12:51AM   Printer-friendly
from the infirmware dept.

Arthur T Knackerbracket has found the following story taken from The Register:

For the past nine years, millions of Intel desktop and server chips have harbored a security flaw that can exploited to remotely control and infect vulnerable systems with spyware.

Specifically, the bug is in Intel's Active Management Technology (AMT), Standard Manageability (ISM) and Small Business Technology (SBT) firmware versions 6 to 11.6. According to Chipzilla, the security hole allows "an unprivileged attacker to gain control of the manageability features provided by these products."

That means hackers exploiting the flaw can log into a vulnerable computer's hardware – right under the nose of the operating system – and silently snoop on users, read and make changes to files, install virtually undetectable malware, and so on. This is potentially possible across the network because AMT has direct access to the network hardware, and with local access.

These management features have been available in various Intel chipsets for nearly a decade, starting with the Nehalem Core i7 in 2008, all the way up to Kaby Lake Core parts in 2017. Crucially, the vulnerability lies at the very heart of a machine's silicon, out of sight of the running operating system, applications and any antivirus.

It can only be fully fixed with a firmware-level update, and it is present in millions of chips. It is effectively a backdoor into computers all over the world.

Intel's vulnerable AMT service [is] part of the vPro suite of processor features. If vPro is present and enabled on a system, and AMT is provisioned, unauthenticated miscreants on your network can access the at-risk computer and hijack it. If AMT isn't provisioned, a logged-in user can still potentially exploit it.

Intel reckons this vulnerability basically affects business and server boxes, because they tend to have vPro and AMT present and enabled, and not systems aimed at ordinary consumers, which typically don't. You can follow this document to check if your system has AMT switched on.

Basically, if you're using a machine with vPro features enabled, you are at risk.

According to Intel today, this critical security vulernability, labeled CVE-2017-5689, was reported in March by Maksim Malyutin at Embedi. To get the patch to close the hole, you'll have to pester your machine's manufacturer for a firmware update, or try the mitigations here. These updates are hoped to arrive within the next few weeks, and should be installed ASAP.

[...] For years now, engineers and infosec types have been warning that, since all code has bugs, at least one remotely exploitable programming blunder must be present in Intel's AMT software, and the ME running it, and thus there must be a way to fully opt out of it: to buy a chipset with it not present at all, rather than just disabled or disconnected by a hardware fuse.

Finding such a bug is like finding a hardwired, unremovable and remotely accessible administrator account, with the username and password 'hackme', in Microsoft Windows or Red Hat Enterprise Linux. Except this Intel flaw is in the chipset, running out of reach of your mortal hands, and now we wait for the cure to arrive from the computer manufacturers.

Also see the story at semiaccurate.

-- submitted from IRC


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 0) by Anonymous Coward on Tuesday May 02 2017, @02:18PM (4 children)

    by Anonymous Coward on Tuesday May 02 2017, @02:18PM (#502824)

    Intel AMT, which is part of Intel's vPro brand, is not present in all Intel processors. Lower-end Celeron processors (such as in Chromebooks) do not have it (for example, see here: http://ark.intel.com/products/82103/Intel-Celeron-Processor-N2840-1M-Cache-up-to-2_58-GHz [intel.com]).

    So, just buy cheap, slow hardware, and you're fine!

  • (Score: 2) by takyon on Tuesday May 02 2017, @03:56PM (2 children)

    by takyon (881) <reversethis-{gro ... s} {ta} {noykat}> on Tuesday May 02 2017, @03:56PM (#502911) Journal

    Well, shit. Everyone's talking about how computers are massively overpowered while software is cripplingly bloated. Just get the low powered stuff. Grab a $99 Chromebook and replace the OS with Linux.

    What about these? https://soylentnews.org/article.pl?sid=17/01/12/2239230 [soylentnews.org]

    --
    [SIG] 10/28/2017: Soylent Upgrade v14 [soylentnews.org]
    • (Score: 0) by Anonymous Coward on Tuesday May 02 2017, @04:36PM

      by Anonymous Coward on Tuesday May 02 2017, @04:36PM (#502939)

      I have a Chromebook I've wiped and installed Ubuntu onto. It works just fine for me (with a high-capacity SD card to supplement the small hard drive).

    • (Score: 2) by bob_super on Tuesday May 02 2017, @06:48PM

      by bob_super (1357) on Tuesday May 02 2017, @06:48PM (#503035)

      To read SN, you barely need a 486 (DX, let's be nice) and a whopping 8M of RAM, right?

  • (Score: 0) by Anonymous Coward on Tuesday May 02 2017, @04:43PM

    by Anonymous Coward on Tuesday May 02 2017, @04:43PM (#502943)

    If you are feeling mega adventurous you could disable it but it ain't easy.