Stories
Slash Boxes
Comments

SoylentNews is people

posted by cmn32480 on Friday June 09 2017, @05:27PM   Printer-friendly
from the swallow-the-red-pill dept.

Malware uses Intel AMT feature to steal data, avoid firewalls

Microsoft's security team has come across a malware family that uses Intel's Active Management Technology (AMT) Serial-over-LAN (SOL) interface as a file transfer tool.

Because of the way the Intel AMT SOL technology works, SOL traffic bypasses the local computer's networking stack, so local firewalls or security products won't be able to detect or block the malware while it's exfiltrating data from infected hosts.

and . . .

Intel AMT SOL exposes hidden networking interface

This is because Intel AMT SOL is part of the Intel ME (Management Engine), a separate processor embedded with Intel CPUs, which runs its own operating system.

Intel ME runs even when the main processor is powered off, and while this feature looks pretty shady, Intel built ME to provide remote administration capabilities to companies that manage large networks of thousands of computers.

I always believed the Intel Management Engine was a bad idea and a huge target for sophisticated hackers. Your hardware. Pre-compromised from the factory. A processor baked into your microprocessor with full access to the hardware. It runs a secret binary blob -- and the primary microprocessor won't run without it.

This probably isn't the last time that this will be exploited. Probably not even be the first, given the difficulty to detect it. The wonderful thing is that your OS isn't aware of the compromise and is unable to interfere with it.


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 0) by Anonymous Coward on Saturday June 10 2017, @10:00PM

    by Anonymous Coward on Saturday June 10 2017, @10:00PM (#523608)

    I can tell you it is possible to find modded bioses. People have disabled undesirable features and of course have introduced ones more to their liking.

    I have done this on much of my personal inventory of older computers, and some of the new ones.

    If you don't want the ME engine, you are going to be hard pressed to find something that is any good with a motherboard that has features you want. You may find something cheap, but you'd likely need to add more components to it that otherwise could be integrated (sas controllers, sata controllers, integrated video [servers benefit from cheap integrated video, even if its just to power a hypervisor console, it's better to have it integrated than to have to find a gpu for it), etc.

    it's not impossible, but finding good older server hardware might be challenging due to the ages involved. It could be that older desktops like LGA 775 socketed motherboards (and LGA 771 servers) are a good bet, along with AMDs of the same era.

    LGA 775s can be hardware modified to accept LGA 771 xeon chips, which are very nice for the cost/performance ratio. I'd recommend checking that out if you are not against using an x-acto knife on your computer.

    You can't use an x-acto knife to disable the management engine, unfortunately, but you can upgrade old hardware to have the potential to good enough to hold its own against modern small business oriented servers, via hardware modification sometimes.