who are the right people?
First a little bit of background. SemiAccurate has known about this vulnerability for literally years now, it came up in research we were doing on hardware backdoors over five years ago. What we found was scary on a level that literally kept us up at night. For obvious reasons we couldn’t
The problem is quite simple, the ME controls the network ports and has DMA access to the system. It can arbitrarily read and write to any memory or storage on the system, can bypass disk encryption once it is unlocked (and possibly if it has not, SemiAccurate hasn’t been able to 100% verify
https://semiaccurate.com/2017/05/01/remote-security-exploit-2008-intel-platf... publish what we found out but we took every opportunity to beg anyone who could even tangentially influence the right people to do something about this security problem. SemiAccurate explained the problem to literally dozens of “right people” to seemingly no avail. We also strongly hinted that it existed at every chance we had. ... this capability yet), read and write to the screen, and do all of this completely unlogged. Due to the network access abilities, it can also send whatever it finds out to wherever it wants, encrypted or not. keep in mind, just how many computers run Intel. We don't backdoor encryption. We backdoor everything. We should have adopted the Clipper chip.
On Mon, 1 May 2017 15:21:52 -0700 Ryan Carboni <ryacko@gmail.com> wrote:
https://semiaccurate.com/2017/05/01/remote-security-exploit-2008-intel-platf...
First a little bit of background. SemiAccurate has known about this vulnerability for literally years now,
On 05/01/2017 11:21 AM, Ryan Carboni wrote:
https://semiaccurate.com/2017/05/01/remote-security-exploit-2008-intel-platf...
First a little bit of background. SemiAccurate has known about this vulnerability for literally years now, it came up in research we were doing on hardware backdoors over five years ago. What we found was scary on a level that literally kept us up at night. For obvious reasons we couldn’t publish what we found out but we took every opportunity to beg anyone who could even tangentially influence the right people to do something about this security problem. SemiAccurate explained the problem to literally dozens of “right people” to seemingly no avail. We also strongly hinted that it existed at every chance we had.
...
The problem is quite simple, the ME controls the network ports and has DMA access to the system. It can arbitrarily read and write to any memory or storage on the system, can bypass disk encryption once it is unlocked (and possibly if it has not, SemiAccurate hasn’t been able to 100% verify this capability yet), read and write to the screen, and do all of this completely unlogged. Due to the network access abilities, it can also send whatever it finds out to wherever it wants, encrypted or not.
keep in mind, just how many computers run Intel. We don't backdoor encryption. We backdoor everything.
We should have adopted the Clipper chip.
;) Another useful quote from SemiAccurate: | The short version is that every Intel platform with AMT, ISM, and | SBT from Nehalem in 2008 to Kaby Lake in 2017 has a remotely | exploitable security hole in the ME (Management Engine) not CPU | firmware. If this isn’t scary enough news, even if your machine | doesn’t have SMT, ISM, or SBT provisioned, it is still vulnerable, | just not over the network. For the moment. From what SemiAccurate | gathers, there is literally no Intel box made in the last 9+ years | that isn’t at risk. This is somewhere between nightmarish and | apocalyptic.[/QUOTE] According to Intel: | There is an escalation of privilege vulnerability in Intel® Active | Management Technology (AMT), Intel® Standard Manageability (ISM), | and Intel® Small Business Technology versions firmware versions | 6.x, 7.x, 8.x 9.x, 10.x, 11.0, 11.5, and 11.6 that can allow an | unprivileged attacker to gain control of the manageability features | provided by these products. This vulnerability does not exist on | Intel-based consumer PCs. https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00075&languageid=en-fr You can check your CPUs for vPro etc at https://ark.intel.com/#@Processors Intel's mitigation guide: https://downloadmirror.intel.com/26754/eng/INTEL-SA-00075%20Mitigation%20Gui...
On May 1, 2017, at 8:16 PM, Mirimir <mirimir@riseup.net> wrote:
On 05/01/2017 11:21 AM, Ryan Carboni wrote: https://semiaccurate.com/2017/05/01/remote-security-exploit-2008-intel-platf...
First a little bit of background. SemiAccurate has known about this vulnerability for literally years now, it came up in research we were doing on hardware backdoors over five years ago. What we found was scary on a level that literally kept us up at night. For obvious reasons we couldn’t publish what we found out but we took every opportunity to beg anyone who could even tangentially influence the right people to do something about this security problem. SemiAccurate explained the problem to literally dozens of “right people” to seemingly no avail. We also strongly hinted that it existed at every chance we had.
...
The problem is quite simple, the ME controls the network ports and has DMA access to the system. It can arbitrarily read and write to any memory or storage on the system, can bypass disk encryption once it is unlocked (and possibly if it has not, SemiAccurate hasn’t been able to 100% verify this capability yet), read and write to the screen, and do all of this completely unlogged. Due to the network access abilities, it can also send whatever it finds out to wherever it wants, encrypted or not.
keep in mind, just how many computers run Intel. We don't backdoor encryption. We backdoor everything.
We should have adopted the Clipper chip.
;)
Another useful quote from SemiAccurate:
| The short version is that every Intel platform with AMT, ISM, and | SBT from Nehalem in 2008 to Kaby Lake in 2017 has a remotely | exploitable security hole in the ME (Management Engine) not CPU | firmware. If this isn’t scary enough news, even if your machine | doesn’t have SMT, ISM, or SBT provisioned, it is still vulnerable, | just not over the network. For the moment. From what SemiAccurate | gathers, there is literally no Intel box made in the last 9+ years | that isn’t at risk. This is somewhere between nightmarish and | apocalyptic.[/QUOTE]
According to Intel:
| There is an escalation of privilege vulnerability in Intel® Active | Management Technology (AMT), Intel® Standard Manageability (ISM), | and Intel® Small Business Technology versions firmware versions | 6.x, 7.x, 8.x 9.x, 10.x, 11.0, 11.5, and 11.6 that can allow an | unprivileged attacker to gain control of the manageability features | provided by these products. This vulnerability does not exist on | Intel-based consumer PCs.
https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00075&languageid=en-fr
You can check your CPUs for vPro etc at https://ark.intel.com/#@Processors
Intel's mitigation guide: https://downloadmirror.intel.com/26754/eng/INTEL-SA-00075%20Mitigation%20Gui...
Makes me want to boot a few of my netra t1s up ;). That 440mhz SPARC cpu is just a little slow...
On 05/02/2017 01:57 AM, John Newman wrote:
On May 1, 2017, at 8:16 PM, Mirimir <mirimir@riseup.net> wrote:
<SNIP>
You can check your CPUs for vPro etc at https://ark.intel.com/#@Processors
Intel's mitigation guide: https://downloadmirror.intel.com/26754/eng/INTEL-SA-00075%20Mitigation%20Gui...
Makes me want to boot a few of my netra t1s up ;).
That 440mhz SPARC cpu is just a little slow...
lol Me, I go for sub-vPro i5s.
On Mon, May 01, 2017 at 03:21:52PM -0700, Ryan Carboni wrote:
https://semiaccurate.com/2017/05/01/remote-security-exploit-2008-intel-platf...
First a little bit of background. SemiAccurate has known about this vulnerability for literally years now, it came up in research we were doing on hardware backdoors over five years ago. What we found was scary on a level that literally kept us up at night. For obvious reasons we couldn’t publish what we found out
Yeah, obvious. Just as well they kept their work hidden until after it got exposed by other channels nearly 10 years later, otherwise we might have thought SemiAccurate was fundamentally compromised from the get go and are now trying to cash in on their 10 year old "find". I mean, what scruples, what ... integrity.
On Tue, May 2, 2017 at 5:21 AM, Ryan Carboni <ryacko@gmail.com> wrote:
keep in mind, just how many computers run Intel. We don't backdoor encryption. We backdoor everything.
The back door is a *feature*, not a bug, right? For instance, this company is quite proud of their back door technology, and are openly selling access to it: https://www.absolute.com/en/ about/persistence *Persistence is the only technology that keeps you in complete command with
a self-healing, two-way connection to any endpoint or application — even if they are off the network. It’s a fundamentally new approach to security, leveraging our privileged position embedded in the firmware of billions of endpoints.*
According to their knowledgeable and courteous salesman, whom I once chanced to meet, use cases for the back door include locating and recovering stolen corporate laptops.
participants (6)
-
Jason McVetta -
John Newman -
juan -
Mirimir -
Ryan Carboni -
Zenaan Harkness