1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

News Intel warns of serious Management Engine vulnerabilities

Discussion in 'Article Discussion' started by bit-tech, 21 Nov 2017.

  1. bit-tech

    bit-tech Supreme Overlord Lover of bit-tech Administrator

    Joined:
    12 Mar 2001
    Posts:
    3,676
    Likes Received:
    138
    Read more
     
  2. Corky42

    Corky42 Where's walle?

    Joined:
    30 Oct 2012
    Posts:
    9,648
    Likes Received:
    388
    In the article it says any machine running a 6th, 7th, or 8th generation Intel Core processor ,etc, etc, is vulnerable to attack, I'm confused as i thought "*normal" processors didn't have the disaster that is the Intel Management Engine enabled.

    *Normal as in something like a i3 7100, i5 7500, and similar desktop CPUs.
     
  3. Chicken76

    Chicken76 Minimodder

    Joined:
    10 Nov 2009
    Posts:
    952
    Likes Received:
    32
    So is this thing remote exploitable?
     
  4. Ramble

    Ramble Ginger Nut

    Joined:
    5 Dec 2005
    Posts:
    5,596
    Likes Received:
    43
    Not a surprise to anyone that reads security news, this is most likely a way to stop tools like me_cleaner (https://github.com/corna/me_cleaner) from working. I bet someone at a popular three-letter agency is having a bad day.

    Nope, every Intel processor has ME and they've had it for a while now. Enjoy.

    Notice Intel didn't actually give any details, but probably yes it is. ME is awash with this kind of **** and it's impossible to detect and you can't really do anything about it either.
     
    Corky42 likes this.
  5. RedFlames

    RedFlames ...is not a Belgian football team

    Joined:
    23 Apr 2009
    Posts:
    15,401
    Likes Received:
    2,996
    Every intel CPU/Platform of recent times [Sandy Bridge onwards iirc] has some form of ME component... what the ME does varies by platform. From what I've read/understood on the matter if you're on a consumer platform [H/Z-series chipsets] you're probably ok, the ME isn't remotely acessible and doesn't do much beyond basic monitoring [it's how most motherboard OEM's widgets get motherboard temps, let you tweak settings etc.]. It's anything enterprise orientated and/or with vPro that's in for a bad time as those are the ones where the ME is remotely accessible and the ones where the ME does all the things.
     
    Corky42 likes this.
  6. Corky42

    Corky42 Where's walle?

    Joined:
    30 Oct 2012
    Posts:
    9,648
    Likes Received:
    388
    That makes things clearer, thanks.

    I do wonder sometimes where companies come up with ideas like the ME, I mean even with my laymens understanding of security i know less is more.
     
  7. RedFlames

    RedFlames ...is not a Belgian football team

    Joined:
    23 Apr 2009
    Posts:
    15,401
    Likes Received:
    2,996
    It's as clear as mud, but that's what i've been able to discern based on what I've seen others observe/mention.

    Intel aren't exactly forthcoming about any of it.
     
  8. RedFlames

    RedFlames ...is not a Belgian football team

    Joined:
    23 Apr 2009
    Posts:
    15,401
    Likes Received:
    2,996
  9. Gareth Halfacree

    Gareth Halfacree WIIGII! Lover of bit-tech Administrator Super Moderator Moderator

    Joined:
    4 Dec 2007
    Posts:
    17,085
    Likes Received:
    6,635
    I'll add that in, ta.

    In other news, deep joy:

    Code:
    blacklaw@xerxes:~/Downloads/intelmecheck$ sudo ./intel_sa00086.py
    INTEL-SA-00086 Detection Tool
    Copyright(C) 2017, Intel Corporation, All rights reserved
    
    Application Version: 1.0.0.128
    Scan date: 2017-11-21 16:37:10 GMT
    
    *** Host Computer Information ***
    Name: xerxes
    Manufacturer: Dell Inc.
    Model: XPS 13 9360
    Processor Name: Intel(R) Core(TM) i7-7560U CPU @ 2.40GHz
    OS Version: Ubuntu 16.04 xenial (4.10.0-38-generic)
    
    *** Intel(R) ME Information ***
    Engine: Intel(R) Management Engine
    Version: 11.7.0.3307
    SVN: 1
    
    *** Risk Assessment ***
    Based on the analysis performed by this tool: This system is vulnerable.
    Explanation:
    The detected version of the Intel(R) Management Engine firmware is considered vulnerable for INTEL-SA-00086.
    Contact your system manufacturer for support and remediation of this system.
    
    
    For more information refer to the SA-00086 Detection Tool Guide or the Intel security advisory Intel-SA-00086 at the following link:
    https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00086&languageid=en-fr
    That's my new laptop vulnerable, then. Cheers, Intel. Not. (And, for the curious, that's a system which does not have vPro or Intel Trusted Execution Technology, proving that even client devices with the 'neutered' IME are vulnerable to attack.)
     
  10. RedFlames

    RedFlames ...is not a Belgian football team

    Joined:
    23 Apr 2009
    Posts:
    15,401
    Likes Received:
    2,996
    Just have to hope Dell patch it.
     
  11. Gareth Halfacree

    Gareth Halfacree WIIGII! Lover of bit-tech Administrator Super Moderator Moderator

    Joined:
    4 Dec 2007
    Posts:
    17,085
    Likes Received:
    6,635
    Aye. The Dell support article just has a big ol' sea of "TBD" in all its columns, but just look at how long the list of affected systems is. This is a major, major screw-up - and, worse still, it's one people have been warning Intel about for a decade now.
     
  12. RedFlames

    RedFlames ...is not a Belgian football team

    Joined:
    23 Apr 2009
    Posts:
    15,401
    Likes Received:
    2,996
    It's also my main gripe with Android... Whenever a flaw is found, you then basically have to resort to *divination method of choice* to work out if your OEM can be arsed to patch it, can they be arsed to patch it for your specific device, and if so when.
     
  13. Corky42

    Corky42 Where's walle?

    Joined:
    30 Oct 2012
    Posts:
    9,648
    Likes Received:
    388
    It's a shame we can't take it out and shoot it IMO, I'm not going to pretended to know how vulnerable a 'neutered' IME processor is and quiet frankly i shouldn't have to know, it was my understanding that Intel disabled IME on non-vPro chips so it couldn't be used, obviously their idea of disabled is very different than mine.
     
  14. Ramble

    Ramble Ginger Nut

    Joined:
    5 Dec 2005
    Posts:
    5,596
    Likes Received:
    43
    Is there any reasonable evidence of Apple resisting anything? I can't check iOS or OS X myself so I would assume they're not resisting.

    Some people discuss it but most people don't care. The UK is worse in this regard btw.

    Puri.sm sell proper Intel ME disabled laptops nowadays. The only way to fight back against this is to support open hardware and software initiatives. Giving up office or windows or something similar is a good first step.
     
  15. Gareth Halfacree

    Gareth Halfacree WIIGII! Lover of bit-tech Administrator Super Moderator Moderator

    Joined:
    4 Dec 2007
    Posts:
    17,085
    Likes Received:
    6,635
    You do know that Apple uses the same backdoored Intel processors as everybody else, right? Sure, the iPhones aren't Intel... oh, except for the 50% (soon to be 100%) of 'em using an Intel cellular modem, that is.

    If Intel's deliberately backdooring stuff for a Three Letter Agency - and bear in mind I'm not saying it isn't doing that, here - then using Apple stuff ain't going to keep you safe.
    That's not a secret back door, though, is it? The whole point of a secret back door is that it's, y'know, secret. What a company does when very publicly asked to invade users' privacy is not always the same thing it does when approached in secret by a serious man in a cheap suit with a briefcase full of cash and/or proposed legislation that would gut its business but could be tabled if only the company were to sign on the dotted line of the Official Secrets Act...
     
  16. Corky42

    Corky42 Where's walle?

    Joined:
    30 Oct 2012
    Posts:
    9,648
    Likes Received:
    388
    Apparently there are ways to lessen the security risk that is posed by ME, I wouldn't be brave enough to try it myself though as I'd probably end up bricking my PC because of a lack of understanding. o_O
     
  17. Gareth Halfacree

    Gareth Halfacree WIIGII! Lover of bit-tech Administrator Super Moderator Moderator

    Joined:
    4 Dec 2007
    Posts:
    17,085
    Likes Received:
    6,635
    D'you know what *isn't* vulnerable? A PowerPC-based Amiga. Calling it now, 2018's going to be the Year of the Amiga Desktop, and I for one welcome our new boingball overlords.
     
  18. Gareth Halfacree

    Gareth Halfacree WIIGII! Lover of bit-tech Administrator Super Moderator Moderator

    Joined:
    4 Dec 2007
    Posts:
    17,085
    Likes Received:
    6,635
    Well, Dell says it'll be mid-December before there's a firmware fix for my XPS 13, so... yaaay(!)
     
  19. Gareth Halfacree

    Gareth Halfacree WIIGII! Lover of bit-tech Administrator Super Moderator Moderator

    Joined:
    4 Dec 2007
    Posts:
    17,085
    Likes Received:
    6,635
    Dell's finally put out a BIOS update, and I'm no longer vulnerable! Well, to *those specific* vulnerabilities, anyway...
     
Tags: Add Tags

Share This Page