Stories
Slash Boxes
Comments

SoylentNews is people

posted by martyb on Friday November 10 2017, @02:14AM   Printer-friendly
from the hardware-wants-to-be-free? dept.

It looks like it's nearly game over for the Intel Management Engine:

Positive Technologies, which in September said it has a way to attack the Intel Management Engine, has dropped more details on how its exploit works.

The firm has already promised to demonstrate [a] God-mode hack in December 2017, saying the bug "allows an attacker of the machine to run unsigned code in the Platform Controller Hub on any motherboard".

For some details, we'll have to wait, but what's known is bad enough: Intel Management Engine (IME) talks to standard Joint Test Action Group (JTAG) debugging ports. As [does] USB, so Positive Technologies researchers put the two together and crafted a way to access IME from the USB port.

[...] The latest attack came to Vulture South's attention via a couple of Tweets:

Game over! We (I and @_markel___ ) have obtained fully functional JTAG for Intel CSME via USB DCI. #intelme #jtag #inteldci pic.twitter.com/cRPuO8J0oG

— Maxim Goryachy (@h0t_max) November 8, 2017

Full access the Intel ME( >=Skylake) by JTAG debugging via USB DCI https://t.co/TMvOirXOVI @ptsecurity @h0t_max @_markel___

— Hardened-GNU/Linux (@hardenedlinux) November 8, 2017

The linked blog post [in Russian] explains that since Skylake, the PCH – Intel's Platform Controller Hub, which manages chip-level communications – has offered USB access to JTAG interfaces that used to need specialised equipment. The new capability is DCI, Direct Connect Interface.

Reddit discussion linked by LoRdTAW in a journal.

Previously: Intel Management Engine Partially Defeated
Disabling Intel ME 11 Via Undocumented Mode
How-To: Disabling the Intel Management Engine
Andrew Tanenbaum's Open Letter to Intel About MINIX 3


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 2) by DrkShadow on Friday November 10 2017, @02:46AM (3 children)

    by DrkShadow (1404) on Friday November 10 2017, @02:46AM (#594999)

    This is SO old news it was posted in January:
    https://www.bleepingcomputer.com/news/hardware/intel-cpus-can-be-pwned-via-usb-port-and-debugging-interface/ [bleepingcomputer.com]

    The JTAG interface is disabled on shipping systems. At least, it's supposed to be. Did they find a system where the manufacturer forgot to do this? or did they find a way to reenable it via external USB?

    Starting Score:    1  point
    Karma-Bonus Modifier   +1  

    Total Score:   2  
  • (Score: 4, Informative) by The Mighty Buzzard on Friday November 10 2017, @02:52AM

    by The Mighty Buzzard (18) Subscriber Badge <themightybuzzard@proton.me> on Friday November 10 2017, @02:52AM (#595002) Homepage Journal

    Not quite the same thing. Same attack vector, different target.

    --
    My rights don't end where your fear begins.
  • (Score: 2) by jmorris on Friday November 10 2017, @04:41AM (1 child)

    by jmorris (4844) on Friday November 10 2017, @04:41AM (#595036)

    This new attack seems to involve discovering a way to wiggle bits in UEFI to get debug turned back on and a couple other tricks beyond that. Most of this stuff is fixable with a firmware update, which Intel will probably ship as soon as this hits the FakeNews media scare machine, so will mostly be useful to let researchers build vulnernable machines they can use to get into the ME of a running machine and explore for more exploits.

    • (Score: 0) by Anonymous Coward on Friday November 10 2017, @01:59PM

      by Anonymous Coward on Friday November 10 2017, @01:59PM (#595114)

      jmorris, this isn't fakenews.

      your attack of the media for doing the right thing, to force a corporation to act in the benefit of its 'customers', can hardly be interpreted as a gay agenda.

      you're part of the problem if you can't see without your blinders on