News Intel warns of serious Management Engine vulnerabilities

Discussion in 'Article Discussion' started by bit-tech, 21 Nov 2017.

  1. bit-tech

    bit-tech Supreme Overlord Staff Administrator

    Joined:
    12 Mar 2001
    Posts:
    550
    Likes Received:
    11
    Read more
     
  2. Corky42

    Corky42 What did walle eat for breakfast?

    Joined:
    30 Oct 2012
    Posts:
    7,646
    Likes Received:
    98
    In the article it says any machine running a 6th, 7th, or 8th generation Intel Core processor ,etc, etc, is vulnerable to attack, I'm confused as i thought "*normal" processors didn't have the disaster that is the Intel Management Engine enabled.

    *Normal as in something like a i3 7100, i5 7500, and similar desktop CPUs.
     
  3. Chicken76

    Chicken76 Member

    Joined:
    10 Nov 2009
    Posts:
    828
    Likes Received:
    19
    So is this thing remote exploitable?
     
  4. Ramble

    Ramble Ginger Nut

    Joined:
    5 Dec 2005
    Posts:
    5,550
    Likes Received:
    31
    Not a surprise to anyone that reads security news, this is most likely a way to stop tools like me_cleaner (https://github.com/corna/me_cleaner) from working. I bet someone at a popular three-letter agency is having a bad day.

    Nope, every Intel processor has ME and they've had it for a while now. Enjoy.

    Notice Intel didn't actually give any details, but probably yes it is. ME is awash with this kind of **** and it's impossible to detect and you can't really do anything about it either.
     
    Corky42 likes this.
  5. RedFlames

    RedFlames ...is not a Belgian football team

    Joined:
    23 Apr 2009
    Posts:
    8,120
    Likes Received:
    378
    Every intel CPU/Platform of recent times [Sandy Bridge onwards iirc] has some form of ME component... what the ME does varies by platform. From what I've read/understood on the matter if you're on a consumer platform [H/Z-series chipsets] you're probably ok, the ME isn't remotely acessible and doesn't do much beyond basic monitoring [it's how most motherboard OEM's widgets get motherboard temps, let you tweak settings etc.]. It's anything enterprise orientated and/or with vPro that's in for a bad time as those are the ones where the ME is remotely accessible and the ones where the ME does all the things.
     
    Corky42 likes this.
  6. Corky42

    Corky42 What did walle eat for breakfast?

    Joined:
    30 Oct 2012
    Posts:
    7,646
    Likes Received:
    98
    That makes things clearer, thanks.

    I do wonder sometimes where companies come up with ideas like the ME, I mean even with my laymens understanding of security i know less is more.
     
  7. RedFlames

    RedFlames ...is not a Belgian football team

    Joined:
    23 Apr 2009
    Posts:
    8,120
    Likes Received:
    378
    It's as clear as mud, but that's what i've been able to discern based on what I've seen others observe/mention.

    Intel aren't exactly forthcoming about any of it.
     
  8. RedFlames

    RedFlames ...is not a Belgian football team

    Joined:
    23 Apr 2009
    Posts:
    8,120
    Likes Received:
    378
  9. Gareth Halfacree

    Gareth Halfacree WIIGII! Staff Administrator Super Moderator Moderator

    Joined:
    4 Dec 2007
    Posts:
    9,446
    Likes Received:
    310
    I'll add that in, ta.

    In other news, deep joy:

    Code:
    blacklaw@xerxes:~/Downloads/intelmecheck$ sudo ./intel_sa00086.py
    INTEL-SA-00086 Detection Tool
    Copyright(C) 2017, Intel Corporation, All rights reserved
    
    Application Version: 1.0.0.128
    Scan date: 2017-11-21 16:37:10 GMT
    
    *** Host Computer Information ***
    Name: xerxes
    Manufacturer: Dell Inc.
    Model: XPS 13 9360
    Processor Name: Intel(R) Core(TM) i7-7560U CPU @ 2.40GHz
    OS Version: Ubuntu 16.04 xenial (4.10.0-38-generic)
    
    *** Intel(R) ME Information ***
    Engine: Intel(R) Management Engine
    Version: 11.7.0.3307
    SVN: 1
    
    *** Risk Assessment ***
    Based on the analysis performed by this tool: This system is vulnerable.
    Explanation:
    The detected version of the Intel(R) Management Engine firmware is considered vulnerable for INTEL-SA-00086.
    Contact your system manufacturer for support and remediation of this system.
    
    
    For more information refer to the SA-00086 Detection Tool Guide or the Intel security advisory Intel-SA-00086 at the following link:
    https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00086&languageid=en-fr
    That's my new laptop vulnerable, then. Cheers, Intel. Not. (And, for the curious, that's a system which does not have vPro or Intel Trusted Execution Technology, proving that even client devices with the 'neutered' IME are vulnerable to attack.)
     
  10. RedFlames

    RedFlames ...is not a Belgian football team

    Joined:
    23 Apr 2009
    Posts:
    8,120
    Likes Received:
    378
    Just have to hope Dell patch it.
     
  11. Gareth Halfacree

    Gareth Halfacree WIIGII! Staff Administrator Super Moderator Moderator

    Joined:
    4 Dec 2007
    Posts:
    9,446
    Likes Received:
    310
    Aye. The Dell support article just has a big ol' sea of "TBD" in all its columns, but just look at how long the list of affected systems is. This is a major, major screw-up - and, worse still, it's one people have been warning Intel about for a decade now.
     
  12. RedFlames

    RedFlames ...is not a Belgian football team

    Joined:
    23 Apr 2009
    Posts:
    8,120
    Likes Received:
    378
    It's also my main gripe with Android... Whenever a flaw is found, you then basically have to resort to *divination method of choice* to work out if your OEM can be arsed to patch it, can they be arsed to patch it for your specific device, and if so when.
     
  13. jrs77

    jrs77 theorycrafting

    Joined:
    17 Feb 2006
    Posts:
    5,319
    Likes Received:
    124
    I'm pretty sure that all newer intel aswell as AMD CPUs have inbuilt backdoors for the US intelligence services. Windows and Android are having them too. Funnily enough Apple seems to be the only one so far resisting the pressure to install backdoors, as was shown during the last two years.

    Think of it, almost every PC/tablet/smartphone in the world runs on intel, AMD and/or Windows/Android, With that in mind, the USoA have total control over the world, as they can decide to render every one of these PCs/tablets/smartphones useless with a flick of a switch, if they're connected to the net.

    That's the real power the USoA have over the world nobody seems to really think about.
     
  14. Corky42

    Corky42 What did walle eat for breakfast?

    Joined:
    30 Oct 2012
    Posts:
    7,646
    Likes Received:
    98
    It's a shame we can't take it out and shoot it IMO, I'm not going to pretended to know how vulnerable a 'neutered' IME processor is and quiet frankly i shouldn't have to know, it was my understanding that Intel disabled IME on non-vPro chips so it couldn't be used, obviously their idea of disabled is very different than mine.
     
  15. Ramble

    Ramble Ginger Nut

    Joined:
    5 Dec 2005
    Posts:
    5,550
    Likes Received:
    31
    Is there any reasonable evidence of Apple resisting anything? I can't check iOS or OS X myself so I would assume they're not resisting.

    Some people discuss it but most people don't care. The UK is worse in this regard btw.

    Puri.sm sell proper Intel ME disabled laptops nowadays. The only way to fight back against this is to support open hardware and software initiatives. Giving up office or windows or something similar is a good first step.
     
  16. jrs77

    jrs77 theorycrafting

    Joined:
    17 Feb 2006
    Posts:
    5,319
    Likes Received:
    124
    Well, there's the whole fight against the FBI for example, where Apple refused to help them break into their phones.
     
  17. Gareth Halfacree

    Gareth Halfacree WIIGII! Staff Administrator Super Moderator Moderator

    Joined:
    4 Dec 2007
    Posts:
    9,446
    Likes Received:
    310
    You do know that Apple uses the same backdoored Intel processors as everybody else, right? Sure, the iPhones aren't Intel... oh, except for the 50% (soon to be 100%) of 'em using an Intel cellular modem, that is.

    If Intel's deliberately backdooring stuff for a Three Letter Agency - and bear in mind I'm not saying it isn't doing that, here - then using Apple stuff ain't going to keep you safe.
    That's not a secret back door, though, is it? The whole point of a secret back door is that it's, y'know, secret. What a company does when very publicly asked to invade users' privacy is not always the same thing it does when approached in secret by a serious man in a cheap suit with a briefcase full of cash and/or proposed legislation that would gut its business but could be tabled if only the company were to sign on the dotted line of the Official Secrets Act...
     
  18. jrs77

    jrs77 theorycrafting

    Joined:
    17 Feb 2006
    Posts:
    5,319
    Likes Received:
    124
    Yeah, Apple using intel-parts makes these devices vulnerable aswell. Forget about it then :p
     
  19. Corky42

    Corky42 What did walle eat for breakfast?

    Joined:
    30 Oct 2012
    Posts:
    7,646
    Likes Received:
    98
    Apparently there are ways to lessen the security risk that is posed by ME, I wouldn't be brave enough to try it myself though as I'd probably end up bricking my PC because of a lack of understanding. o_O
     
  20. Gareth Halfacree

    Gareth Halfacree WIIGII! Staff Administrator Super Moderator Moderator

    Joined:
    4 Dec 2007
    Posts:
    9,446
    Likes Received:
    310
    D'you know what *isn't* vulnerable? A PowerPC-based Amiga. Calling it now, 2018's going to be the Year of the Amiga Desktop, and I for one welcome our new boingball overlords.
     
Tags: Add Tags

Share This Page