EFF Warns Most Of Intel's Chipsets Contain 'A Security Hazard'

The EFF is issuing a warning about the "tiny homunculus computer" in most of Intel's chipsets -- the largely-undocumented "Management Engine" which houses more than just the AMT module. An anonymous reader quotes their report: While AMT can be disabled, there is presently no way to disable or limit the Management Engine in general. Intel urgently needs to provide one....vulnerabilities in any of the other modules could be as bad, if not worse, for security. Some of the other modules include hardware-based authentication code and a system for location tracking and remote wiping of laptops for anti-theft purposes... It should be up to hardware owners to decide if this code will be installed in their computers or not. Perhaps most alarmingly, there is also reportedly a DRM module that is actively working against the user's interests, and should never be installed in a Management Engine by default...

While Intel may put a lot of effort into hunting for security bugs, vulnerabilities will inevitably exist, and having them lurking in a highly privileged, low-level component with no OS visibility or reliable logging is a nightmare for defensive cybersecurity. The design choice of putting a secretive, unmodifiable management chip in every computer was terrible, and leaving their customers exposed to these risks without an opt-out is an act of extreme irresponsibility... EFF believes that Intel needs to provide a minimum level of transparency and user control of the Management Engines inside our computers, in order to prevent this cybersecurity disaster from recurring. Unless that happens, we are concerned that it may not be appropriate to use Intel CPUs in many kinds of critical infrastructure systems.
TLDR: "We have reason to fear that the undocumented master controller inside our Intel chips could continue to be a source of serious vulnerabilities in personal computers, servers, and critical cybersecurity and physical infrastructure."

Are AMD chips scrutinized as well?

[shoor]

I've read about security issues with Intel chips. Makes me think I should go with AMD. But then I wonder, since AMD has a smaller market share, maybe they just aren't scrutinized as much.

Does anybody really know how 'safe' AMD chips are'? This is not a rhetorical question, and I'm not advocating or editorializing, just wondering.

Feature that screams NSA tampering..

[dweller_below]

".. presently no way to disable or limit the Management Engine in general.

Now this is the feature that screams of interference by a spy agency. If this feature was for Management, then YOU COULD MANAGE IT!

It would be turned off by default. You could turn it off. You could permanently disable it. I have been asking for these capabilities for years. I know I am not the only one. When I talk to other security folks and IT admins, the majority of them want to be able to manage and control the possibility of remote management.

A solution to AMD & Intel has been brewing: EO

This just reiterates the reason EOMA68 came about and why ThinkPenguin has funded its development for years. EOMA68 aims to reduce the cost of designing and manufacturing devices that are in the users control by modularizing critical components (CPU/RAM/etc). By taking these core components and putting them onto a card it reduces the cost of designing and manufacturing systems. By basing designs on open modular standards the user and community can retain control. And by basing on open modular standards anyone can design systems and devices around chipsets and SoCs we the community are in complete control of as we will have the complete corresponding source code for everything. So far there is a laptop and desktop design around EOMA68 and the first EOMA68 card is an AllWinner A20 dual-core with 2GB of ram, but there is a 4GB card with a Rockchip quad-core CPU in the works... and obviously much faster cards will follow.

Re:How many hospitals have been pwned?

If this vulnerability shut down all the hospitals in the UK, you'd see some action maybe. Without a crisis, you just have some snooty security gurus gnashing their teeth, which they do all the time, right?

This is a big problem -- getting chip / system / OS designers to spend time and money to debug systems beyond what end users ignorantly are willing to pay for.

The current UK NHS issue has nothing to do with CPU, but instead with unpatched XP based systems and SMB shares.

And the NHS Trusts where provided funds a couple years ago to update/replace things... where did that money go? obviously not on IT as envisioned.

Only Some Intel Chips Included ME and AMT

Namely the vPro and selected Xeon chips that were marketed to business users at extra cost. You had to pay extra to get these features on the chip, so most chips sold to individual consumers didn't come with them.

IPMI ; Backdoor

[DrYak]

AMD has a similar feature.

On AMD, it's called IPMI.
The difference is that IPMI is a vendor neutral industry standard (and could be found on chipset of any vendor),
whereas Intel's ME is their own "NIH-Syndrom" spin of the same concept.

The difference is that IPMI is considered a "special feature", and can only be found on specific server/workstation chipsets.
The AMD 990FX doesn't feature this micro server.

You need to order specific workstation motherboard from manufacturer such as SuperMicro.
(You know, the manufacturer with such a filmsy UEFI implementation, that the FlashROM can randomly commit suicide when you simply add a boot option).
Or from manufacturer of servers (HP, etc.)

the FSF warned about these backdoors in both Intel and AMD CPUs a while ago. I think the said the last processor made without this "backdoor" was an AMD processor made in 2011.

Huh.... no. Wrong.
For the record : both Intel's ME and industry standard IPMI live inside the motherboard chipset, not inside the CPU.
(i.e.: they live where they have access to all the critical component to function : network card, embed GPU's framebuffer, etc.).

On AMD's side, IPMI is *still* only featured on server chipset. Again, there's no IPMI in gamer-oriented chipsets such as 990FX.
So for most AMD-powered /.ers : the tower under their desk in their basement geek-cave is safe. It's the server at work at their day-jobs.

On Intel's side ME is much more widely spread even on normal desktop chipset (the idea is to make the life of sys admins in enterprises easier).

Tehcnically it's not much a "backdoor" (i.e.: something hidden) as it is a "maintenance entrance" (i.e.: makes the life of the sysadmin easier so he can remotely VNC and diagnostic a server that won't boot, flash computer's firmware UEFI/BIOS, etc.)

The problem is that the quality of this small server is horrendously bad. To the point that any motivated script kiddy can pwn all the workstations and servers across the whole enterprises network easily, simply by downloading some ready to use package.

(Luckily, most of the ME and IPMI implementation only listen to the secondary network port, and thus should be only visible on the private administration network. The bad news is that pro laptops also have ME and that can be enabled on the *WIFI* network)

So to keep with the above metaphore, ME and IPMI are a "maintenance access" door, which actually isn't even locked, but whose whole security boils down to a small sticky note say "please, sysadmins only".

Life would have been much more easy if the ME / IPMI firmware running on the embed system was open-sourced....