Security hole in Intel ME [was Re: who are the right people?]

Mon May 1 17:16:32 PDT 2017

On 05/01/2017 11:21 AM, Ryan Carboni wrote:
> https://semiaccurate.com/2017/05/01/remote-security-exploit-2008-intel-platforms/
> 
> 
>> First a little bit of background. SemiAccurate has known about this
> vulnerability for literally years now, it came up in research we were doing
> on hardware backdoors over five years ago. What we found was scary on a
> level that literally kept us up at night. For obvious reasons we couldn’t
> publish what we found out but we took every opportunity to beg anyone who
> could even tangentially influence the right people to do something about
> this security problem. SemiAccurate explained the problem to literally
> dozens of “right people” to seemingly no avail. We also strongly hinted
> that it existed at every chance we had.
> 
> 
> ...
> 
> 
>>  The problem is quite simple, the ME controls the network ports and has
> DMA access to the system. It can arbitrarily read and write to any memory
> or storage on the system, can bypass disk encryption once it is unlocked
> (and possibly if it has not, SemiAccurate hasn’t been able to 100% verify
> this capability yet), read and write to the screen, and do all of this
> completely unlogged. Due to the network access abilities, it can also send
> whatever it finds out to wherever it wants, encrypted or not.
> 
> 
> keep in mind, just how many computers run Intel. We don't backdoor
> encryption. We backdoor everything.
> 
> We should have adopted the Clipper chip.

;)

Another useful quote from SemiAccurate:

| The short version is that every Intel platform with AMT, ISM, and
| SBT from Nehalem in 2008 to Kaby Lake in 2017 has a remotely
| exploitable security hole in the ME (Management Engine) not CPU
| firmware. If this isn’t scary enough news, even if your machine
| doesn’t have SMT, ISM, or SBT provisioned, it is still vulnerable,
| just not over the network. For the moment. From what SemiAccurate
| gathers, there is literally no Intel box made in the last 9+ years
| that isn’t at risk. This is somewhere between nightmarish and
| apocalyptic.[/QUOTE]

According to Intel:

| There is an escalation of privilege vulnerability in Intel® Active
| Management Technology (AMT), Intel® Standard Manageability (ISM),
| and Intel® Small Business Technology versions firmware versions
| 6.x, 7.x, 8.x 9.x, 10.x, 11.0, 11.5, and 11.6 that can allow an
| unprivileged attacker to gain control of the manageability features
| provided by these products.  This vulnerability does not exist on
| Intel-based consumer PCs.

https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00075&languageid=en-fr

You can check your CPUs for vPro etc at https://ark.intel.com/#@Processors

Intel's mitigation guide:
https://downloadmirror.intel.com/26754/eng/INTEL-SA-00075%20Mitigation%20Guide%20-%20Rev%201.1.pdf