Thread replies: 47
Thread images: 12
Thread images: 12
File: 1488732256780.gif (2MB, 351x303px) Image search:
[Google]
2MB, 351x303px
So as it turns out those backdoors Intel puts in all of it's chips, the fabled "management engine" has in fact been exploitable for years.
https://semiaccurate.com/2017/05/01/remote-security-exploit-2008-intel-platforms/
>>
File: 1487603961823.jpg (260KB, 1280x847px) Image search:
[Google]
260KB, 1280x847px
>>60159560
>https://semiaccurate.com
>>
Who fucking cares.
>>
>>60159560
When does this all come crashing down
>>
hmm... really activates my almonds
>>
>>60159614
>Who fucking cares.
If he made this thread he cares, and thats at least ONE person.
Or do you think he has an mental problem where he make random threads about stuff he don't care about?
>>
>>60159560
We've known this for years, only you new people are surprised.
>>
>>60159560
>semiaccurate.com
>speculation.com
>no other site running this story today
>legit
kek
>>
>>60161065
>repackaging publicly known information as an anonymous shitpost to make it seem more exciting
>>
I don't care I just want to know how to write my own software to the Management Engine
>>
>>60159560
>https://semiaccurate.com/2017/05/01/remote-security-exploit-2008-intel-platforms/
>for literally years...
>there is literally no...
>for literally years now...
>that literally kept us up...
>to literally dozens of...
>quite literally years...
the quite literally trashy article senpai
>>
>>60159560
When will corelets ever fucking learn?
>>
File: 0313bc7c5efc42488ab5b0db6173d79626206eec4983137bfe1946169a7b95a4_1(2).jpg (97KB, 749x646px) Image search:
[Google]
97KB, 749x646px
>include network accessable SoC with Ring 0 access
>be surprised when it gets cracked
>>
>>60161065
shieeeeet
>>
>>60159560
>horrendous exploit that we've known for years
>don't say what the exploit actually is
sure, 100% trustworthy and not some clickbait article
>>
>>60159560
>semiaccuate.com
>semi
>>
>>60161317
Yes half the post was just describing the function of the management engine which isn't even meant to be a secret. But do you have proof that it's backdoored? Has there ever been a known virus that uses it?
>>
>>60159560
I am a security expert. There is nothing of interest in this.
>>
File: tmp_3779-1491841169557-1955684123.jpg (372KB, 1090x1142px) Image search:
[Google]
372KB, 1090x1142px
>>60161576
https://github.com/corna/me_cleaner neutralizes it.
The code ME executes has to be signed by intel.
>>
File: BillGatesonPhone2.jpg (19KB, 140x140px) Image search:
[Google]
19KB, 140x140px
>>60159560
>"Activate the hardware backdoor "
>>
>>60163269
Seconding this. Please go back to programming "apps" everyone, we got this.
>>
File: 3200d05ba3b297ef53db82f5731f3f2e.png (247KB, 411x498px) Image search:
[Google]
247KB, 411x498px
>>60163285
>implying I know how to code
I just have a money making idea
>>
>>60161065
here is the thread
http://archive.4plebs.org/pol/thread/117886401/
>>
https://hardenedlinux.github.io/firmware/2016/11/17/neutralize_ME_firmware_on_sandybridge_and_ivybridge.html
>First introduced in Intel’s 965 Express Chipset Family, the Intel Management Engine (ME) is a separate computing environment physically located in the (G)MCH chip (for Core 2 family CPUs which is separate from the northbridge), or PCH chip replacing ICH(for Core i3/i5/i7 which is integrated with northbridge).
>The ME consists of an individual processor core, code and data caches, a timer, and a secure internal bus to which additional devices are connected, including a cryptography engine, internal ROM and RAM, memory controllers, and a direct memory access (DMA) engine to access the host operating system’s memory as well as to reserve a region of protected external memory to supplement the ME’s limited internal RAM. The ME also has network access with its own MAC address through the Intel Gigabit Ethernet Controller integrated in the southbridge (ICH or PCH).
>The Intel Management Engine with its proprietary firmware has complete access to and control over the PC: it can power on or shut down the PC, read all open files, examine all running applications, track all keys pressed and mouse movements, and even capture or display images on the screen. And it has a network interface that is demonstrably insecure, which can allow an attacker on the network to inject rootkits that completely compromise the PC and can report to the attacker all activities performed on the PC. It is a threat to freedom, security, and privacy that can’t be ignored.
>>
>>60163907
The ME working with Core 2 processors (Q43, Q45, GM45 and the like) can be disabled by setting a couple of values in the SPI flash memory. The ME firmware can then be removed entirely from the flash memory space. libreboot does this on the Intel 4 Series systems (GM45, GS45, G41, etc) that it supports, such as the Libreboot X200 and Libreboot T400. Later ME found on all systems with an Intel Core i3/i5/i7 CPU and a PCH, include “ME Ignition” firmware that performs some hardware initialization and power management. If the ME’s boot ROM does not find in the SPI flash memory an ME firmware manifest with a valid Intel signature, the whole PC will shut down after 30 minutes.
As mentioned above, completely removing the ME is hardly possible on platforms with PCH
the whole system stable (thus prevent the 30-minute-shutdown Defective by Design)
>>
>>60159560
ITT a bunch of people who don't know how Intel ME works but have VERY IMPORTANT OPINIONS about Intel
>>
>>60163951
>>60163907
HOW DO I ESCAPE THIS BUTTNET
>>
How exactly do you use this legitimately, if you want to patch another computer remotely, for example? Is there a windows interface for it?
>>
>>60163256
>But do you have proof that it's backdoored?
Management Engine IS a backdoor. That is literally its intended, advertised function. Might as well try to prove that 1 = 1.
>>
>>60164094
>How exactly do you use this legitimately
ha
>>
File: 05012510.png (29KB, 775x124px) Image search:
[Google]
29KB, 775x124px
>>
>>60163983
>a bunch of people who don't know how Intel ME works
So, literally everybody outside a few Intel chip designers? Enjoy your security through obscurity BS.
>>
https://www.kernel.org/doc/Documentation/misc-devices/mei/mei.txt
The Intel Management Engine (Intel ME) is an isolated and protected computing
resource (Co-processor) residing inside certain Intel chipsets. The Intel ME
provides support for computer/IT management features.
Prominent usage of the Intel ME Interface is to communicate with Intel(R)
Active Management Technology (Intel AMT) implemented in firmware running on
the Intel ME.
Intel AMT provides the ability to manage a host remotely out-of-band (OOB)
even when the operating system running on the host processor has crashed or
is in a sleep state.
>>
NSA shills: nothing to fear, nothing to hide
also NSA shills: why do you want to know what code your machines are running? Don't you retards trust us? It's for your own security
>>
File: outofmyplane.gif (4MB, 480x270px) Image search:
[Google]
4MB, 480x270px
>>60159614
Saying "Who Cares" and "I don't care if they know what porn I watch" doesn't work, shill.
We're too intelligent for your forced meme to work on us.
>>
File: ZesE8yv.png (56KB, 636x449px) Image search:
[Google]
56KB, 636x449px
> What we found was scary on a level that literally kept us up at night. For obvious reasons we couldn’t publish what we found out
Literally nothing!
>>
http://hackaday.com/2016/01/22/the-trouble-with-intels-management-engine/
The TPM model has been shown to be vulnerable to attack, though. Intel’s solution was to add another layer of security: the Management Engine. Extremely little is known about the ME. The ME has complete access to all of a computer’s memory, its network connections, and every peripheral connected to a computer. It runs when the computer is hibernating, and can intercept TCP/IP traffic. Own the ME and you own the computer.
we’re all locked out of the ME. But that is security through obscurity. Once the ME falls, everything with an Intel chip will fall. It is, by far, the scariest security threat today, and it’s one that’s made even worse by our own ignorance of how the ME works.
The best description of what the ME is and does doesn’t come from Intel. Instead, Skochinsky a talk he gave at REcon
The ME has a few specific functions, and although most of these could be seen as the best tool you could give the IT guy deploying thousands of workstations, there are some tools that would be very interesting avenues for an exploit. These functions include Active Managment Technology, with the ability for remote administration as well as functioning as a KVM.
There are also functions for an ‘anti-theft’ function that disables a PC if it fails to check in to a server at some predetermined interval or if a ‘poison pill’ was delivered through the network. This anti-theft function can kill a computer, or notify the disk encryption to erase a drive’s encryption keys.
These are all extremely powerful features that would be very interesting to anyone who wants or needs to completely own a computer, and their sheer breadth makes the attack surface fairly large.
With a trusted processor connected directly to the memory, network, and BIOS of a computer, the ME could be like a rootkit on steroids in the wrong hands. Thus, an exploit for the ME is what all the hackers want
>>
>>60164564 cont.
There are many researchers trying to unlock the secrets of Intel’s Management Engine, and for good reason: it’s a microcontroller that has direct access to everything in a computer. Every computer with an Intel chip made in the last few years has one, and if you’re looking for the perfect vector for an attack, you won’t find anything better than the ME. It is the scariest thing in your computer, and this fear is compounded by our ignorance: no one knows what the ME can actually do. And without being able to audit the code running on the ME, no one knows exactly what will happen when it is broken open.
The first person to find an exploit for Intel’s Management Engine will become one of the greatest security researchers of the decade. Until that happens, we’re all left in the dark, wondering what that exploit will be.
>>
http://www.networkworld.com/article/3085494/security/intel-management-engines-security-through-obscurity-should-scare-the-out-of-you.html
Not only can the ME function when the host processor is in sleep mode, it can also read and write to anywhere in memory without the host processor knowing anything about it and run any code that the ME’s software decides to install.
Even though the ME is protected by RSA 2048 encryption, researchers managed to take control of early versions of the system by exploiting firmware weaknesses.
This makes ME a huge security loophole, and it has been called a very powerful rootkit mechanism. Once a system is compromised by a rootkit, attackers can gain administration access and undetectably attack the computer.
I can’t stress strongly enough how bad this is. Anybody involved with computer security will tell you that security through obscurity isn’t security at all and has never worked but that’s exactly what Intel is doing with ME. The consequence will be that no matter how good Intel’s secrecy might be, no matter how good their ME code might be, no matter how strong their encryption might be, the ME will be cracked, hacked, and organizations of all kinds will get whacked. And, in reality, it won't take much
>>
>>60164983
Ryzen doesn't have this problem.
>>
>>60165104
AMD's is scarier, worse software quality guaranteed.
>>
https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00075&languageid=en-fr
Intel Active Management Technology, Intel Small Business Technology, and Intel Standard Manageability Escalation of Privilege
Impact of vulnerability: Elevation of Privilege
Severity rating: Critical
Original release: May 01, 2017
Summary:
There is an escalation of privilege vulnerability in Intel® Active Management Technology (AMT), Intel® Standard Manageability (ISM), and Intel® Small Business Technology versions firmware that can allow an unprivileged attacker to gain control of the manageability features provided by these products.
Description:
There are two ways this vulnerability may be accessed
An unprivileged network attacker could gain system privileges to provisioned Intel manageability SKUs: Intel® Active Management Technology (AMT) and Intel® Standard Manageability (ISM).
An unprivileged local attacker could provision manageability features gaining unprivileged network or local system privileges on Intel manageability SKUs: Intel® Active Management Technology (AMT), Intel® Standard Manageability (ISM), and Intel® Small Business Technology (SBT).
>>
itt
people fail to understand what is what want the TCG
>>
>>60159560
>>60159568
>>60159762
>>60161182
>>60161296
>>60162504
>>60162568
>>60163008
>>60163039
>>60163269
>>60163287
>>60163983
https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00075&languageid=en-fr
>not knowing semiaccurate.com
the "semi" in "semiaccurate" comes from "semiconductors"
go back to >>>/v/
>>
https://www.theregister.co.uk/2017/05/01/intel_amt_me_vulnerability/
Confirmed: Intel patches remote execution hole that's been hidden in its chips since 2008
Developing Intel processor chipsets have, for roughly the past nine years, harbored a security flaw that can be exploited to remotely control and infect vulnerable systems with virtually undetectable spyware and other malicious code.
Specifically, the bug is in Intel's Active Management Technology (AMT), Standard Manageability (ISM) and Small Business Technology (SBT) firmware
, the security hole allows "an unprivileged attacker to gain control of the manageability features provided by these products."
That means hackers exploiting the flaw can silently snoop on a vulnerable machine's users, make changes to files and read them, install rootkits and other malware, and so on. This is possible across the network, or with local access.
unauthenticated miscreants on your network can access an at-risk system and hijack it. If AMT isn't provisioned, a logged-in user can still potentially exploit it.
According to Intel today, this critical security vulernability, labeled CVE-2017-5689
>>
https://news.ycombinator.com/item?id=14237266
Intel platforms from 2008 onwards have a remotely exploitable security hole (semiaccurate.com)
https://www.reddit.com/r/netsec/comments/68lqzq/remote_security_exploit_in_all_2008_intel/
Remote security exploit in all 2008+ Intel platforms (semiaccurate.com)
>>
>intel shills ignoring these threads now that there is a confirmed CVE
what a surprise!
Thread posts: 47
Thread images: 12
Thread images: 12