Security hole in Intel ME [was Re: who are the right people?]

John Newman jnn at synfin.org
Tue May 2 05:57:54 PDT 2017 


> On May 1, 2017, at 8:16 PM, Mirimir <mirimir at riseup.net> wrote:
> 
>> On 05/01/2017 11:21 AM, Ryan Carboni wrote:
>> https://semiaccurate.com/2017/05/01/remote-security-exploit-2008-intel-platforms/
>> 
>> 
>>> First a little bit of background. SemiAccurate has known about this
>> vulnerability for literally years now, it came up in research we were doing
>> on hardware backdoors over five years ago. What we found was scary on a
>> level that literally kept us up at night. For obvious reasons we couldn’t
>> publish what we found out but we took every opportunity to beg anyone who
>> could even tangentially influence the right people to do something about
>> this security problem. SemiAccurate explained the problem to literally
>> dozens of “right people” to seemingly no avail. We also strongly hinted
>> that it existed at every chance we had.
>> 
>> 
>> ...
>> 
>> 
>>> The problem is quite simple, the ME controls the network ports and has
>> DMA access to the system. It can arbitrarily read and write to any memory
>> or storage on the system, can bypass disk encryption once it is unlocked
>> (and possibly if it has not, SemiAccurate hasn’t been able to 100% verify
>> this capability yet), read and write to the screen, and do all of this
>> completely unlogged. Due to the network access abilities, it can also send
>> whatever it finds out to wherever it wants, encrypted or not.
>> 
>> 
>> keep in mind, just how many computers run Intel. We don't backdoor
>> encryption. We backdoor everything.
>> 
>> We should have adopted the Clipper chip.
> 
> ;)
> 
> Another useful quote from SemiAccurate:
> 
> | The short version is that every Intel platform with AMT, ISM, and
> | SBT from Nehalem in 2008 to Kaby Lake in 2017 has a remotely
> | exploitable security hole in the ME (Management Engine) not CPU
> | firmware. If this isn’t scary enough news, even if your machine
> | doesn’t have SMT, ISM, or SBT provisioned, it is still vulnerable,
> | just not over the network. For the moment. From what SemiAccurate
> | gathers, there is literally no Intel box made in the last 9+ years
> | that isn’t at risk. This is somewhere between nightmarish and
> | apocalyptic.[/QUOTE]
> 
> According to Intel:
> 
> | There is an escalation of privilege vulnerability in Intel® Active
> | Management Technology (AMT), Intel® Standard Manageability (ISM),
> | and Intel® Small Business Technology versions firmware versions
> | 6.x, 7.x, 8.x 9.x, 10.x, 11.0, 11.5, and 11.6 that can allow an
> | unprivileged attacker to gain control of the manageability features
> | provided by these products.  This vulnerability does not exist on
> | Intel-based consumer PCs.
> 
> https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00075&languageid=en-fr
> 
> You can check your CPUs for vPro etc at https://ark.intel.com/#@Processors
> 
> Intel's mitigation guide:
> https://downloadmirror.intel.com/26754/eng/INTEL-SA-00075%20Mitigation%20Guide%20-%20Rev%201.1.pdf
> 

Makes me want to boot a few of my netra t1s up ;).  

That 440mhz SPARC cpu is just a little slow...

More information about the cypherpunks mailing list