Slashdot Mirror
Researchers Run Unsigned Code on Intel ME By Exploiting USB Ports (thenextweb.com)
Slashdot user bongey writes:
A pair of security researchers in Russia are claiming to have compromised the Intel Management Engine just using one of the computer's USB ports. The researchers gained access to a fully functional JTAG connection to Intel CSME via USB DCI. The claim is different from previous USB DCI JTAG examples from earlier this year. Full JTAG access to the ME would allow making permanent hidden changes to the machine.
"Getting into and hijacking the Management Engine means you can take full control of a box," reports the Register, "underneath and out of sight of whatever OS, hypervisor or antivirus is installed."
They add that "This powerful God-mode technology is barely documented," while The Next Web points out that USB ports are "a common attack vector."
"Getting into and hijacking the Management Engine means you can take full control of a box," reports the Register, "underneath and out of sight of whatever OS, hypervisor or antivirus is installed."
They add that "This powerful God-mode technology is barely documented," while The Next Web points out that USB ports are "a common attack vector."
This Management Engine stuff just gets scarier and scarier. Just like intentional backdoors in encryption WILL be found and exploited, these undocumented "systems" within our systems will be cracked and the result can and will be DEVASTATING. It is hard enough to keep operating systems updated and secure. Firmware-level security is not something that can be easily maintained on running machines, even if Intel and friends can put out patches fast enough. I want my machine to be MINE.
These "infected" machines are making their way into our entire infrastructure- controlling everything from power generation, traffic, government operations, military, healthcare, just about everything. Imagine black-hatters, rogue nations, criminals, or terrorists simply bypassing all normal security and just taking control of the hardware and doing whatever they want.
WE ALL NEED THE ABILITY TO ABSOLUTELY DISABLE ME AT THE BIOS AND/OR HARDWARE LEVEL. And we need it NOW!
Oh, and AMD is doing the same thing as Intel, so don't look to them as some alternative.
This could potentially give people full access to the Intel Insider core which is what all the 4K DRM relies on.
I hope after IME is fully pwn3d that people will start taking a crack at AMD's PSP because I would like to have a fully open system but I refuse to financially support Intel due to their highly unethical and anti-competitive behavior.
Anons need not reply. Questions end with a question mark.
What I hate about all these stories? We have security researchers who decry the evil of Intel ME. How it can be used to fully control a system. How it allows remote access. You know, those are GOOD things. The only bad parts are (1) it's closed source, (2) it has security vulnerabilities, and (3) the owner (whether it's a corporation or a single person) doesn't have control over it. What I want to see is not the Intel ME disabled. I want to see it turned into a bare bones OS precisely for the average user to remotely log in, flash a new BIOS (or recover from a brick), and to maximize control over things like power settings, usb access, etc.
There's nothing wrong with a God mode. They key is making sure the right person is God.
The problem here is as the TFA points out, the Intel ME stuff is really poorly documented and it's very complicated what tools and documents I've come across. Certainly way more than an end user could wrap their head around if a refurbisher like me is still trying to understand ME and how it works, when it works, etc.
The closed-source nature of it is a huge problem too, as obvious from this article. So yeah, sure, God-mode might be pretty cool, but it's a bit dangerous if others can exploit it just as easily as I can. This is a pretty viable attack vector too, since you know, a payload could deliver the ME sploit, infect any usb storage devices, and hope for the next fool who boots accidentally or intentionally from those devices. I imagine if an attacker took control of the ME subsystem, it'd be a real bitch to eject their crap, considering how poorly ME is documented and how arcane the tools are.
In my experience as a refurbisher, it's a very rare sight to see any laptop or desktop computer that even mentions ME, or has an option to turn it off in the BIOS. Most of the ME implementations are completely transparent to the host computer, never mentioned in the BIOS, no way to turn it off, no indication it's even there.
So all this is really saying is physical access is god mode. You don't need an ME for that to be true.
Sadly, you're incorrect. This is a fairly viable remote attack vector. All you need to have is something to deliver the sploit to the host, infect any usb storage devices with your ME sploit and wait for some fool to boot one of those devices accidentally or intentionally. In the mean time, your malware continues to infect every USB device ever attached to the machine. You'll definitely hook a good number of targets, with that number always climbing as more machines get infected and infect more USB storage devices.
What you describe covers a lot of electronics that have been co-opted by hackers and turned into Linux running systems. I'm not saying it's a trivial task, and I don't think I'm personally up to the challenge. But these security researchers who know how to exploit the Intel ME are the forefront of being able to document how it works and working out how to inject a whole new OS.
Compared to what? Exploiting the kernel? Exploiting the BIOS? We're talking about another level underneath that's fundamentally the same thing. Is getting rid of it any sort of answer? About as much as getting rid of the kernel or the BIOS. Obviously, the focus should be about documenting it and pushing for as many people as possible to replace it.
Which, again, is how far away from kernel and extant BIOS exploits? It wasn't but a few days ago that it was pointed out how much of a mess the Linux USB subsystem is. I can't believe that Windows' closed source drivers are any better, even if the exact attack vector is different. The answer is, again, to document and replace. However you look at it, throwing around a lot of fear at this stage is only useful if we're hearing ways to mitigate (which is true to at least the extent of mentioning USB ports as an attack vectory but really to broad a point unless that was actually the message being delivered). It doesn't sound like that's being pushed at all, though, which is actually the greatest disservice.
Which only highlights the point about educating users. If the setting does exist, disable it. If you're not sure and you're Intel, presume the worst and protect your USB ports. That's good advice, period, given the repeated stories of social engineering with dropped usb drives. Don't think you're safe with AMD because they have the PSP which may be just as bad.
I guess my overall point is, the sky isn't falling. We're just finding new ground. We should be the ones to exploit it before bad hackers do.
We have security researchers who decry the evil of Intel ME.
The part they decry more than anything else is that it cannot be disabled. Seriously, this is the biggest issue about IME is that it is designed to always run no matter what and if it's not running, the rest of the system is prevented from running.
You may think it's cool but doing so is as stupid as thinking, "that's an awesome gun" when someone has one pointed at your head.
Anons need not reply. Questions end with a question mark.