SoylentNews is people
SoylentNews
It looks like it's nearly game over for the Intel Management Engine:
Positive Technologies, which in September said it has a way to attack the Intel Management Engine, has dropped more details on how its exploit works.
The firm has already promised to demonstrate [a] God-mode hack in December 2017, saying the bug "allows an attacker of the machine to run unsigned code in the Platform Controller Hub on any motherboard".
For some details, we'll have to wait, but what's known is bad enough: Intel Management Engine (IME) talks to standard Joint Test Action Group (JTAG) debugging ports. As [does] USB, so Positive Technologies researchers put the two together and crafted a way to access IME from the USB port.
[...] The latest attack came to Vulture South's attention via a couple of Tweets:
Game over! We (I and @_markel___ ) have obtained fully functional JTAG for Intel CSME via USB DCI. #intelme #jtag #inteldci pic.twitter.com/cRPuO8J0oG
— Maxim Goryachy (@h0t_max) November 8, 2017
Full access the Intel ME( >=Skylake) by JTAG debugging via USB DCI https://t.co/TMvOirXOVI @ptsecurity @h0t_max @_markel___
— Hardened-GNU/Linux (@hardenedlinux) November 8, 2017
The linked blog post [in Russian] explains that since Skylake, the PCH – Intel's Platform Controller Hub, which manages chip-level communications – has offered USB access to JTAG interfaces that used to need specialised equipment. The new capability is DCI, Direct Connect Interface.
Reddit discussion linked by LoRdTAW in a journal.
Previously: Intel Management Engine Partially Defeated
Disabling Intel ME 11 Via Undocumented Mode
How-To: Disabling the Intel Management Engine
Andrew Tanenbaum's Open Letter to Intel About MINIX 3
(Score: 3, Insightful) by Ethanol-fueled on Friday November 10 2017, @02:18AM (1 child)
There were previous efforts to disable the ME engine, partially or in full enabled by Soylent News. [soylentnews.org]
You can never trust anybody, even the fine fellows at SN, but at least they keep you ahead of the curve.
(Score: 0, Offtopic) by Ethanol-fueled on Friday November 10 2017, @03:45AM
https://www.youtube.com/watch?v=gNvmo1fjvH8 [youtube.com]
(Score: 2) by c0lo on Friday November 10 2017, @02:45AM
Do do correct it (or do do put throw in a [sic])
https://www.youtube.com/watch?v=aoFiw2jMy-0
(Score: 2) by DrkShadow on Friday November 10 2017, @02:46AM (3 children)
This is SO old news it was posted in January:
https://www.bleepingcomputer.com/news/hardware/intel-cpus-can-be-pwned-via-usb-port-and-debugging-interface/ [bleepingcomputer.com]
The JTAG interface is disabled on shipping systems. At least, it's supposed to be. Did they find a system where the manufacturer forgot to do this? or did they find a way to reenable it via external USB?
(Score: 4, Informative) by The Mighty Buzzard on Friday November 10 2017, @02:52AM
Not quite the same thing. Same attack vector, different target.
My rights don't end where your fear begins.
(Score: 2) by jmorris on Friday November 10 2017, @04:41AM (1 child)
This new attack seems to involve discovering a way to wiggle bits in UEFI to get debug turned back on and a couple other tricks beyond that. Most of this stuff is fixable with a firmware update, which Intel will probably ship as soon as this hits the FakeNews media scare machine, so will mostly be useful to let researchers build vulnernable machines they can use to get into the ME of a running machine and explore for more exploits.
(Score: 0) by Anonymous Coward on Friday November 10 2017, @01:59PM
jmorris, this isn't fakenews.
your attack of the media for doing the right thing, to force a corporation to act in the benefit of its 'customers', can hardly be interpreted as a gay agenda.
you're part of the problem if you can't see without your blinders on
(Score: -1, Offtopic) by Anonymous Coward on Friday November 10 2017, @03:09AM (1 child)
(Score: 0) by Anonymous Coward on Friday November 10 2017, @04:02AM
You are one thin-skinned geezer. I mean, everyone knows Linus is an asshole, but you come across even worse than him. Of course, your baby Minix, unlike Linux, didn't get nowhere, except as a broken backdoor for Intel's chips.
What a loser.
(Score: 2) by drussell on Friday November 10 2017, @03:44AM (3 children)
So when will people wise up to the fact that obfuscated garbage like this is less secure, not a magical panacea of cyber security and everything-under-the-sun management goodness?!
Oh, wait... "They're" already trying to claw back the allowance of decent encryption... I'd be willing to bet that in the current environment we wouldn't even have been allowed to use 128 bit DES back in the day, even in North America...
:facepalm:
Certainly Microsoft would have at least got smacked down for making it too "easy" tp encrypt things "securely" by including the 128-bit update with IE, where it would be far too easy to accidentally be exported to rogue nations when people tried to update their browser version....
Half of the people reading this probably weren't even alive when we had to deal with 56-bit vs 128-bit encryption in our OS and the fledgling "browser" market?
I ran Mosaic on a 286 on a serial Lantastic LAN, for fuck's sake.... GET OFF MY LAWN!!!
Grrrrrrrrrrr!!!
(Score: 5, Touché) by takyon on Friday November 10 2017, @04:16AM (1 child)
Sometime after they realize that every processor on the market has these backdoors.
So, never.
[SIG] 10/28/2017: Soylent Upgrade v14 [soylentnews.org]
(Score: 3, Interesting) by Anonymous Coward on Friday November 10 2017, @12:46PM
I have had this EXACT discussion with people on Tor and I2P over the past 5ish years.
Few of them were concerned with this, even among the actual developers of the software.
'Is it safe to allow nodes running on virtual hosting in data centers'? Is it safe to run this software on Windows 10 (7,8,8.1 after telemetry). Is it safe to run this software on a cell phone where the baseband might have full access to main memory?
All of these privacy networks have been running on blind faith for the past 5-10 years. At this point in time it is only safe to assume the capability for enough nodes to be compromised to provide keys off quite a few relays, which means even if they don't have access to your communications they may have enough information to infer which nodes traffic is passing between, at which point finding say a server node for an 'illegal' darknet website, whether Silk Road (or modern equivalent) or a site protesting against government censorship and abuse.
And when those networks run out and the majority of nodes are compromised, and reporting session keys back, the whole peer to peer anonymity mesh breaks down, and there is neither the developers nor hardware left to recreate it.
We are close to that point today, and unless both secure hardware and developers with the wherewithal to create the necessary secure and anonymous software take up the torch from their forebears, we are heading for the sort of nightmarish dystopia we will have a hard time if ever escaping from.
Think about what you can do if privacy, data security, anonymity and freedom are more important to you than groupthink and physical safety and security, because the time is fast approaching where you will have to choose one or the other and you will be saddled with the consequences of that choice.
(Score: 2, Insightful) by Anonymous Coward on Friday November 10 2017, @07:02AM
>So when will people wise up to the fact that obfuscated garbage like this is less secure, not a magical panacea of cyber security and everything-under-the-sun management goodness?!
Nobody ever thought IME was a feature built for consumers.
It is a backdoor, or when breached it is a wonderful way of enforcing obsolescence.
(Score: 3, Insightful) by frojack on Friday November 10 2017, @09:04AM (4 children)
Gawd I'm sick of articles that quote tweets. Usually verbatim, usually twice, once in plain text, next in a little box like that makes it more official.
Entire news articles are based on nothing but tweets, from unknown and un-provable sources, even tv news programming will flop a tweet on the screen, then read it out loud to you, then oooh and ahhh over it as if there was substance there.
The entire industry of journalism has decided to phone it in. #Journalism: #Gameover.
No, you are mistaken. I've always had this sig.
(Score: 3, Disagree) by takyon on Friday November 10 2017, @09:10AM (2 children)
It's literally a primary source. They are embedding little primary sources in the articles.
[SIG] 10/28/2017: Soylent Upgrade v14 [soylentnews.org]
(Score: 0) by Anonymous Coward on Friday November 10 2017, @02:03PM (1 child)
great, then they can perhaps put a little footnote next to a quite and then attribute such citations in the footer that only people that want to see the full 140/280 characters that they didn't already read because it was too textual.
its so bad that i've started mentally filtering out complete parts of articles that put in screen shots of the tweet after they had just referenced it and quoted it.
it's like what I do when reading the lord of the rings or something--all those poems and songs get mentally skipped and its like they are not even on the page. doing that makes lotr, and modern news, a lot more readable.
i guess they can't embed twitter trackers and benefit from the ad profile if they just reference it without linking it, even it if is mostly invalid because just displaying it doesnt mean most readers wanted to see the same message twice. if they are going track they can at least use a 1x1 pixel instead of repeating themselves.
(Score: 3, Informative) by tibman on Friday November 10 2017, @07:56PM
The text and image are both the same to you but they are very different to other people (like blind people and robots). If it was only text then they would be excluding the proof (source material). If it was only images then the page wouldn't be as searchable, indexable, and it would be junk for screen readers. Including both is okay middle ground. They could hide the images behind links or pop-ups but i think far fewer people would see the content. Maybe that's okay?
SN won't survive on lurkers alone. Write comments.
(Score: 3, Touché) by tangomargarine on Friday November 10 2017, @04:32PM
You're complaining about Twitter, then you end your post with hashtags? Is this supposed to be ironic?
"Is that really true?" "I just spent the last hour telling you to think for yourself! Didn't you hear anything I said?"
(Score: 2, Interesting) by Anonymous Coward on Friday November 10 2017, @01:34PM (2 children)
Intel designed much of their crappy security with ME in mind. Turning it off might reduce the attack surface in theory. But it could also leave you exposed to a great many backdoors Intel left open for debugging purposes that ME was meant to close in production.
It's like killing off part of your immune system to avoid auto-immune diseases. There are times it's necessary. But most times it's stupid.
(Score: 0) by Anonymous Coward on Friday November 10 2017, @02:00PM (1 child)
That's quite the conjecture.
(Score: 3, Interesting) by RamiK on Friday November 10 2017, @08:32PM
Not as much as you'd think. We have these exact same problems with Intel's microcode updates. Whereby, by avoiding them, you're denying yourself from patches addressing serious functionality and security problems.
Similarly, since we don't know what's on-the-die when it comes to ME, we might be facing a situation where Intel keeps releasing flaws (in either functionality or security) PCH versions of ME and are instructing board manufacturers to update ME with patched version. Moreover, when we disable ME, we're actually politely asking it to enter stand-by mode. It's why Google's NERF focused on depriving ME from the blobs necessary to write the flash and access the networking and graphics.
compiling...
(Score: 4, Insightful) by DannyB on Friday November 10 2017, @03:24PM
Once it becomes generally known how to hack ME, I think it is not "game over" but it is "game on". The hackers and malware purveyors will have a field day. You can expect popular malware distribution channels (aka "advertisements") to be getting lots of new material (eg, "advertisements") to, um, "distribute".
Why is it that when I hold a stick, everyone begins to look like a pinata?
(Score: 4, Funny) by crafoo on Friday November 10 2017, @07:43PM
Gentleman and Ladies, this is it. This is the Golden Age of hacking. We are living in it. Massive connectivity. Universal embedded OS & processor-in-a-processor, complete with NIC access. Revel in it. Toast the super-geniuses at Intel and the NSA. Thank you, we couldn't have had this without them.