SoylentNews is people
SoylentNews
Malware uses Intel AMT feature to steal data, avoid firewalls
Microsoft's security team has come across a malware family that uses Intel's Active Management Technology (AMT) Serial-over-LAN (SOL) interface as a file transfer tool.
Because of the way the Intel AMT SOL technology works, SOL traffic bypasses the local computer's networking stack, so local firewalls or security products won't be able to detect or block the malware while it's exfiltrating data from infected hosts.
and . . .
Intel AMT SOL exposes hidden networking interface
This is because Intel AMT SOL is part of the Intel ME (Management Engine), a separate processor embedded with Intel CPUs, which runs its own operating system.
Intel ME runs even when the main processor is powered off, and while this feature looks pretty shady, Intel built ME to provide remote administration capabilities to companies that manage large networks of thousands of computers.
I always believed the Intel Management Engine was a bad idea and a huge target for sophisticated hackers. Your hardware. Pre-compromised from the factory. A processor baked into your microprocessor with full access to the hardware. It runs a secret binary blob -- and the primary microprocessor won't run without it.
This probably isn't the last time that this will be exploited. Probably not even be the first, given the difficulty to detect it. The wonderful thing is that your OS isn't aware of the compromise and is unable to interfere with it.
(Score: 2) by DannyB on Friday June 09 2017, @06:33PM (12 children)
Sorry about that. Great catch. Even the editors mist it.
Most people think if the computer is turned off, it must be completely safe. The green site used to have jokes about the only way for a computer to be safe was to unplug it. Some would assume that power off is safe enough.
To transfer files: right-click on file, pick Copy. Unplug mouse, plug mouse into other computer. Right-click, paste.
(Score: 3, Informative) by kaszz on Friday June 09 2017, @06:37PM (3 children)
The problem is this ACPI/APM "power off" which leaves +5V DC 1A standby power. Which means that parts of the computer is still on..
(Score: 2) by tangomargarine on Friday June 09 2017, @07:16PM (2 children)
Where is that power coming from, the cell battery? Or there's some backup battery wired into the AMT chip?
"Is that really true?" "I just spent the last hour telling you to think for yourself! Didn't you hear anything I said?"
(Score: 2) by tangomargarine on Friday June 09 2017, @07:20PM
Oh, you weren't replying to me. Whoops.
"Is that really true?" "I just spent the last hour telling you to think for yourself! Didn't you hear anything I said?"
(Score: 2) by kaszz on Friday June 09 2017, @08:29PM
Here's the answer anyway:
The power supply (ATX) have a main power conversion part that is switched on or off depending on the visible power button and LED. Then there's a separate power conversion with 5 watt capacity that is always on until it's physically unplugged. Some have a real switch on the back of the supply itself that does the same.
(Score: 3, Interesting) by nobu_the_bard on Friday June 09 2017, @07:15PM (6 children)
I discussed in college many years ago that the only way to be completely sure your computer was safe was to power it off, disconnect the cables, encase it in a lead shield, drop the shielded box into a vault with about 12-36 inch thick walls of cement buried roughly 100 feet into the ground in total darkness, then kill everyone who knew it was there. The thickness of the walls was debated a bit and I don't think we ever reached a consensus.
Of course, now that I'm older and wiser, I know that you'd also have to ensure it was buried someplace that was unlikely to be sited for new construction in the next 20 years to ensure it says buried a reasonably long time. Found an entire buried train (fuel tanker cars with leaking tanks!) at a site one time. Learned a lot about burying things, do's and don'ts.
(Score: 0) by Anonymous Coward on Friday June 09 2017, @07:40PM (1 child)
How did that train situation work? Was it a rail yard/factory with tracks running at/to difference elevations? Or was it simply somebody too cheap to pay the costs associated with transporting it offsite for disposal who chose instead to bury it, either below ground with established tracks, dumped below ground and covered, or aboveground and mounded over before other material was built around it?
(Score: 2) by nobu_the_bard on Friday June 09 2017, @09:43PM
Oh. It was at an old mill building that we were converting into a warehouse. The building is like 50+ years old, I'm not sure the exact age, it abuts an even older but slightly smaller one owned by another company. I live and work in the rust belt. The mill used to have a lot of trains going through; there's still live train tracks to the neighboring mills nearby. The previous owner was ... pretty shady. They did something with concrete and gravel. They had already made modifications to the building for modern trucks to pull in for loading which we needed.
There were no paper records of the train that anyone could find; it was not a proper engine, some kind of short-range moving vehicle was buried with it (I don't know much about trains). It had two fuel tanks that had been buried along with it, about 10 feet underground parallel to where the tracks had been before we ripped them out. It was now the employee parking lot. Apparently someone had rigged the tanks up to serve as fuel pumps for trucks or trains, or that is what I think they tried to do. They just chopped off the pipes in the ground and covered them when they moved out. We found shoddy piping connected to the tanks pointing at the surface. I never learned why they thought this was a good idea, or if it ever worked.
Environmental people we hired to check the site before we moved in, for insurance, missed it. Leaking fuel was detected by government inspectors and we hired a second company that located the fuel tankers. They were about 1/3 full still and an estimate of 1/3 of the volume of the tanks had leaked into the surrounding ground (I don't remember the exact amounts). Then we sued the first because we got in serious trouble for the environmental stuff, but the lawyers and money guys figured that bit out, I am the IT guy so wasn't directly involved.
(Score: 2) by edIII on Friday June 09 2017, @08:04PM (3 children)
Nah, it's simpler. Just make a Faraday Cage. Then you put in a Rottweiler, like I had as a kid :)
You cannot bypass a Rott, no matter what you've seen in the movies. Not getting around mine, and he was trained as a guard dog. Somebody once thought they could turn him with some treats, or a steak. Ending up getting a real nice steak from the store to try it. I laughed my ass off when he hung over the fence with my boy jumping up trying to kill him, and dropped the steak. One bite, two bites, three bites, without even hitting the floor, and back to kill mode with no hesitation. I miss my boy. I would imagine Siegfried and Roy's computers were safe in the same way. A bunch of tigers roaming free through the house, and that was assuming you could Ocean Eleven' your way through casino security.
If I ever needed to secure information, I would bury hundreds of flash drives over a large area like a squirrel with steganographically encoded information forcing people to endlessly sift through random [youtube.com] crap [youtube.com].
Technically, lunchtime is at any moment. It's just a wave function.
(Score: 2) by maxwell demon on Friday June 09 2017, @09:27PM
I'm pretty sure you can.
And now imagine there had been some sedative put in that steak. What would have happened?
The Tao of math: The numbers you can count are not the real numbers.
(Score: 2) by hendrikboom on Friday June 09 2017, @11:06PM (1 child)
I'm pretty certain a loaded pistol could make a Rotweiler very bypassable.
(Score: 2) by edIII on Friday June 09 2017, @11:40PM
Well, I was halfway joking. In all seriousness, you better have more than one bullet, and you better catch the dog off guard. A really sincere pissed off Rott that is trained as a guard dog is a serious thing. He took guarding the property a lot more serious than we wanted him to, but we had no doubt that it would take a gun and several bullets to come on property with malice.
The new Giant Rotts (it's a real thing) are even bigger than my boy, and he was huge. I'm about 6'1" (closer to 6'2"), and he would stand on his hind legs and look down at my face.
Even with a gun, I would be nervous. We're not talking about shooting from some place safe, like over a fence. You need to open a door and walk in first, hoping you don't get a face full of Rott.
Technically, lunchtime is at any moment. It's just a wave function.
(Score: 2) by edIII on Friday June 09 2017, @07:46PM
I'm not sure I would recommend misting SN. It may affect the shelf life :)
Technically, lunchtime is at any moment. It's just a wave function.