Stories
Slash Boxes
Comments

SoylentNews is people

SoylentNews is powered by your submissions, so send in your scoop. Only 16 submissions in the queue.

EFF: Intel's Management Engine is a Security Hazard

posted by n1 on Monday May 15 2017, @07:04AM   Printer-friendly
from the phme dept.

MrPlow writes:

Submitted via IRC for TheMightyBuzzard

Since 2008, most of Intel's chipsets have contained a tiny homunculus computer called the "Management Engine" (ME). The ME is a largely undocumented master controller for your CPU: it works with system firmware during boot and has direct access to system memory, the screen, keyboard, and network. All of the code inside the ME is secret, signed, and tightly controlled by Intel. Last week, vulnerabilities in the Active Management (AMT) module in some Management Engines have caused lots of machines with Intel CPUs to be disastrously vulnerable to remote and local attackers. While AMT can be disabled, there is presently no way to disable or limit the Management Engine in general. Intel urgently needs to provide one.

[...] EFF believes that Intel needs to provide a minimum level of transparency and user control of the Management Engines inside our computers, in order to prevent this cybersecurity disaster from recurring. Unless that happens, we are concerned that it may not be appropriate to use Intel CPUs in many kinds of critical infrastructure systems.

It's a crying shame the what the EFF says doesn't hold a whole lot of weight.

Source: The Electronic Frontier Foundation

Original Submission

 
This discussion has been archived. No new comments can be posted.
EFF: Intel's Management Engine is a Security Hazard | Log In/Create an Account | Top | 50 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 2) by kaszz on Monday May 15 2017, @04:31PM

    by kaszz (4211) on Monday May 15 2017, @04:31PM (#510093) Journal

    You are absolutely right. I should been more clear on that. Otoh, most people here ought to figure out in a few seconds that it won't wipe out all backdoors that may exist. Anyway, it will at minimum put some serious rocks in the cogs of mass spying. The method is interesting but there are of course way sharper methods in the toolbox for the willing.

    As for prevention. Don't trust any manufacturer with a significant business stake in the US that they aren't willing to risk and there goes AMD and Intel instantly *poof*. And even a compromised machine needs to communicate somehow which can be thwarted by blocking such traffic in a firewall, not running a pre-compromised CPU or NIC. Any wireless and RF capable devices also has to be physically disabled.

    I'll propose that there IS a specific en-es-ay backdoor into machines with an Intel processor which will enable a mass compromise. It only takes a resourceful person(s) to discover it. What have been seen so far is only a light teaser.

    Starting Score:    1  point
    Karma-Bonus Modifier   +1  
    Total Score:   2