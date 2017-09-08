from the told-you-so dept.
There has been quite a bit of discussion recently regarding the use of a Management Engine (ME), or the code that exists within a CPU but is inaccessible to the user of the computer using that CPU. To quote from the introduction of this PDF:
Intel Management Engine (Intel ME) is a proprietary technology that consists of a microcontroller integrated into the Platform Controller Hub (PCH) chip and a set of built-in peripherals. The PCH carries almost all communication between the processor and external devices. Therefore, Intel ME has access to almost all data on the computer. The ability to execute third-party code on Intel ME would allow for a complete compromise of the platform.
Several people, including some from within our own community, have expressed concern that any weaknesses in the ME code would provide another attack surface and, guess what? It has been done! This PDF explains just how some people have managed to achieve the hackers dream and our worst nightmare, and details some research on this subject. It even goes so far as to explain how to run unsigned code in the ME, albeit under a limited set of circumstances - thus giving a hacker total control over the system. However, as this is only the beginning of such research in relative terms it does not bode well for the future. Finding the flaw is the first step, learning how to exploit is the next.
The PDF is, by necessity, quite technical but will be understandable by a significant proportion of our community. The report claims that the following CPUs are susceptible to the attacks detailed in it:
- 6th, 7th & 8th Generation Intel® CoreTM Processor Family
- Intel® Xeon® Processor E3-1200 v5 & v6 Product Family
- Intel® Xeon® Processor Scalable Family
- Intel® Xeon® Processor W Family
- Intel® Atom® C3000 Processor Family
- Apollo Lake Intel® Atom Processor E3900 series
- Apollo Lake Intel® PentiumTM
- CeleronTM N and J series Processors
(Score: 2) by pvanhoof on Saturday December 30, @11:53AM
Quote from the PDF:
We think that remote exploitation is possible if the following conditions are true:
1. The target platform has AMT activated.
2. The attacker knows the AMT administrator password or can use a
vulnerability to bypass authorization.
3. The BIOS is not password-protected (or the attacker knows the password).
4. The BIOS can be configured to open up write access to the ME region.
If all these conditions are met, there is no reason why an attacker would not be
able to obtain access to the ME region remotely.
Also note that during startup, the ROM does not check the version of firmware,
leaving the possibility that an attacker targeting an up-to-date system could
maliciously downgrade ME to a vulnerable version.
(Score: 1, Interesting) by Anonymous Coward on Saturday December 30, @12:24PM
I guess "pirates" keen to skirt DRM [wikipedia.org] might be interested in this one ring [wikipedia.org] to rule them all.
"Such a vulnerability has the potential to jeopardize a number of technologies, including Intel Protected Audio Video Path (PAVP)"
I find this quite funny, their security crap makes things insecure instead, like the windows anti-malware software that could be exploited to gain privilege escalation...
(Score: 0) by Anonymous Coward on Saturday December 30, @02:21PM (1 child)
We need a website we can visit that will tell us if our machine(s) are compromised...
Or maybe MalwareBytes will add ME checking into their product?
(Score: 0) by Anonymous Coward on Saturday December 30, @02:44PM
For extra security the website should verify the identities of Americans by asking for the last six digits of their Social Security Number, and also use a domain that is difficult to impersonate by rearranging word order.
Clearly the best option would be https://www.intelsecurity2017.com [washingtonpost.com].
(Score: 2) by JoeMerchant on Saturday December 30, @04:21PM
Articles rarely contain XKCD links, that's what the comments are for:
https://xkcd.com/694/ [xkcd.com]
(Score: 2) by ledow on Saturday December 30, @06:52PM
Well... the Intel Management Engine is like an engine, see?...
