Researchers Run Unsigned Code on Intel ME By Exploiting USB Ports

Slashdot user bongey writes: A pair of security researchers in Russia are claiming to have compromised the Intel Management Engine just using one of the computer's USB ports. The researchers gained access to a fully functional JTAG connection to Intel CSME via USB DCI. The claim is different from previous USB DCI JTAG examples from earlier this year. Full JTAG access to the ME would allow making permanent hidden changes to the machine.
"Getting into and hijacking the Management Engine means you can take full control of a box," reports the Register, "underneath and out of sight of whatever OS, hypervisor or antivirus is installed."

They add that "This powerful God-mode technology is barely documented," while The Next Web points out that USB ports are "a common attack vector."

Please explain

A couple of days ago, a story ran discussing many massive vulnerabilities in the Linux kernel USB drivers. Users laughed it off, saying that if someone has physical access, the computer is already compromised. When USB is then used to exploit a vulnerable IME, it's considered a serious issue. Why is it that Linux gets a free pass when other systems do not?

Re:Please explain

IT doesn't.

But Linux machines in a server farm are common. So all it takes is someone on the "inside", like someone who owns a machine next to yours in a shared cabinet to start compromising all the neighboring machines.

With a laptop or desktop, you only need to compromise one machine to access the network. Like I need to express this point bluntly. IF YOU CAN UNPLUG THE MACHINE, YOU HAVE ACCESS TO THE NETWORK. Change the MAC address on your device to match the one you unplugged and then go nuts via the ethernet cable.

The idea behind stealthy compromises is to prevent detection. Eg, servicing your laptop by staff outside your business or government lease a real possibility of compromise. Never mind people who stupidly leave machines unattended and unlocked.

Janitorial staff is the easiest way to compromise a network.

Re:Please explain

even an AC on this site should be smart enough to know the difference. if you can't, perhaps you should go run along to reddit or some other site where the users and their submissions are down at your own comprehension level.

vulnerabilities in linux kernel drivers for usb are relatively easy-to-fix *SOFTWARE* issues.

the code is worked-on and reviewed by multiple, independent parties; and can also be examined and compiled by end users.

vulnerabilities in intel management engine are not. they are flaws in the *HARDWARE*

the feature is embedded in the silicon of every fucking processor they manufacture. a similar feature is also found inside the more recent amd processors as well. problems here would require swapping hardware (processors, processors and/or bios). these features and the firmware that controlls them are closed-source, proprietary, and not documented for the public. you have to give blind faith and trust to hardware vendors (intel, amd, bios producers, motherboard manufacturers, etc) to actually fix the vulnerabilities and/or allow the total and irreversible disabling of the features.

Re: Please explain

The vulnerabilities in IME are software. The software is stored in the BIOS and can be upgraded.

Re:Please explain

[rudy_wayne]

vulnerabilities in intel management engine are not. they are flaws in the *HARDWARE*

But you still need physical access to the machine.

And I think its mostly firmware, not hardware, so it's probably patchable.

Re:Please explain

[DontBeAMoran]

Why does everybody keeps saying that AMD made the PSP? It's made by SONY you morans!

Re: Please explain

[BLToday]

You know this is Intel right? They didn’t even bother fixing scaling issue on some of their integrated graphics (over scanning or under scanning). Their solution was to load custom resolution which doesn’t work on some effected system because the drivers didn’t allow you to load custom resolutions. And you can’t add a graphics board because the system is a micro PC. Do you really think Intel will go back and fix ME for systems that are more than 3 years old?

Re:Please explain

[Khyber]

"vulnerabilities in linux kernel drivers for usb are relatively easy-to-fix *SOFTWARE* issues."

And yet one sits there, still fucking untouched, and has been since 2003.

Wake me up when Linus actually makes a WORKING fucking product and maintains the core components of it.

Re:Please explain

[infolation]

Linux and other OSS are near and dear friends.

GNU/Linux and other FOSS are near and dear friends.

Linux and other OSS are only friends.

Re:Please explain

[infolation]

There's no IME on my Intel computer.

I write this on a Thinkpad with Libreboot.

Re:Please explain

[thegarbz]

you morans

It's spelled mor... oh for Pete's sake.

Re:Please explain

[ls671]

I am not sure what booting has to do with IME being present on your computer or not..

Re:Please explain

[DontBeAMoran]

http://i0.kym-cdn.com/photos/i...

Re:Please explain

[thegarbz]

Just what I needed, A good sunday night laugh :-)

Re: Please explain

[Khyber]

Looked at latest release. Vulnerability still present.

Back to sleep I go.

Re:Please explain

[infolation]

Libreboot is just the name of the project and does not mean it only replaces the UEFI (although it is downstream of Coreboot). The SPI flash chip containined the IME is reprogrammed (in my case I used a Beaglebone Black). When a Thinkpad is flashed with Libreboot, the IME is overwritten and completely neutralised.

There's only about 8 Thinkpad models, all pre-2009, that this can be applied to. The core2duo architecture is the last generation of machine that can have the IME entirely removed.

The only newer IME-free Libreboot option is Chromebook C201 (not suitable for my purposes as it's Rockchip, so won't run TAILS).

Re: MODERATION IS CENSORSHIP

[140Mandak262Jamuna]

You here the right to speak. We have the right to ignore you. It is our freedom of speech to call you a crack pot.

Re: MODERATION IS CENSORSHIP

[140Mandak262Jamuna]

Probably a bot. Watching new topics and post first.

JTAG = direct serial connection?

[Narcocide]

If they can get a JTAG connection to it directly, does this mean we could also just fry the thing to neutralize it without harming the rest of the computer then?

Re:JTAG = direct serial connection?

[BoRegardless]

Epoxy the USB ports!

Re:JTAG = direct serial connection?

[whoever57]

Epoxy the USB ports!

Not going to help if it's already been compromised before you receive it.

Re: MODERATION IS CENSORSHIP

[Narcocide]

When you post off topic drivel in an attempt to derail a conversation you're suppressing the free speech of others. Get fucked.

Will Intel ME run Windows ME?

[jfdavis668]

I here it runs a version of MINUX 3. Can we hack in and install the more nomenclaturely correct Windows ME?

God mode.

So all this is really saying is physical access is god mode. You don't need an ME for that to be true.

Re:God mode.

[duke_cheetah2003]

So all this is really saying is physical access is god mode. You don't need an ME for that to be true.

Sadly, you're incorrect. This is a fairly viable remote attack vector. All you need to have is something to deliver the sploit to the host, infect any usb storage devices with your ME sploit and wait for some fool to boot one of those devices accidentally or intentionally. In the mean time, your malware continues to infect every USB device ever attached to the machine. You'll definitely hook a good number of targets, with that number always climbing as more machines get infected and infect more USB storage devices.

Re:God mode.

[squiggleslash]

I don't think this exploit involves booting from a USB storage device, rather it's taking advantage of the fact a USB device can send malformed packets. To exploit this, you're going to need to do more than write data to a USB storage device, you're going to have to hack the USB device's firmware.

That's a tall order - yeah, there's probably quite a few out there that have exploits that would allow you to overwrite the firmware, but what's the betting your virus is going to have the right exploit for the actual USB devices the user is going to be using?

Maybe a better option would be to target the phone of the user you're trying to hack, as (I believe) Android phones would be very easy to reprogram to send malformed USB packets, if you're able to find an exploit that gives you access to root or whatever the equivalent is these days.

Re:God mode.

[SuricouRaven]

Rewrite or replace the hardware. Many USB memory sticks have plenty of free space inside - you could easily stick a little CPLD chip in there to sit between the USB port and the flash memory. It'd even still work as a memory stick. You'd need one skilled hacker to design the CPLD, but once it's designed the actual construction is only a low-skill soldering job. Anyone who can buy a PCB and solder an SMD could do it, and you can buy custom-made PCBs on eBay. And CPLDs too.

Re:God mode.

[thegarbz]

infect any usb storage devices with your ME sploit and wait for some fool to boot one of those devices accidentally or intentionally

USB DCI doesn't work like that. This would need to enumerate as a specific DCI device to the USB Host. It isn't some virus that sits on a storage controller and short of bricking every device that becomes attached to the system it won't spread. Furthermore it will be immediately obvious that something has gone wrong.

Additionally DCI is highly system specific, and while it is possible that Intel's ME is configured identically in every system the odds of it are highly unlikely limiting any exploit, even if it could be automated and remoted to likely a specific family of processors.

This is bad, but it is hardly end of the world bad. Practice safe sex and don't stick foreign appendages in your ports. It may have an STD.

Re:God mode.

[squiggleslash]

Yep, that would do it too. The point is though it's not something you can (easily and effectively) do by creating a virus that'll target USB mass storage devices. If you were going the "untargeted virus" route, you'd have to write something that knows about a lot of exploits for a lot of different USB devices. Targeting cellphones, or just creating a custom USB stick the way you're suggesting for a specific target, is much easier.

Re: MODERATION IS CENSORSHIP

[Narcocide]

Provably false. You're not very smart, are you?

Intel ME is awesome

What I hate about all these stories? We have security researchers who decry the evil of Intel ME. How it can be used to fully control a system. How it allows remote access. You know, those are GOOD things. The only bad parts are (1) it's closed source, (2) it has security vulnerabilities, and (3) the owner (whether it's a corporation or a single person) doesn't have control over it. What I want to see is not the Intel ME disabled. I want to see it turned into a bare bones OS precisely for the average user to remotely log in, flash a new BIOS (or recover from a brick), and to maximize control over things like power settings, usb access, etc.

There's nothing wrong with a God mode. They key is making sure the right person is God.

Re:Intel ME is awesome

[duke_cheetah2003]

What I hate about all these stories? We have security researchers who decry the evil of Intel ME. How it can be used to fully control a system. How it allows remote access. You know, those are GOOD things. The only bad parts are (1) it's closed source, (2) it has security vulnerabilities, and (3) the owner (whether it's a corporation or a single person) doesn't have control over it. What I want to see is not the Intel ME disabled. I want to see it turned into a bare bones OS precisely for the average user to remotely log in, flash a new BIOS (or recover from a brick), and to maximize control over things like power settings, usb access, etc.

There's nothing wrong with a God mode. They key is making sure the right person is God.

The problem here is as the TFA points out, the Intel ME stuff is really poorly documented and it's very complicated what tools and documents I've come across. Certainly way more than an end user could wrap their head around if a refurbisher like me is still trying to understand ME and how it works, when it works, etc.

The closed-source nature of it is a huge problem too, as obvious from this article. So yeah, sure, God-mode might be pretty cool, but it's a bit dangerous if others can exploit it just as easily as I can. This is a pretty viable attack vector too, since you know, a payload could deliver the ME sploit, infect any usb storage devices, and hope for the next fool who boots accidentally or intentionally from those devices. I imagine if an attacker took control of the ME subsystem, it'd be a real bitch to eject their crap, considering how poorly ME is documented and how arcane the tools are.

In my experience as a refurbisher, it's a very rare sight to see any laptop or desktop computer that even mentions ME, or has an option to turn it off in the BIOS. Most of the ME implementations are completely transparent to the host computer, never mentioned in the BIOS, no way to turn it off, no indication it's even there.

Re:Intel ME is awesome

[fahrbot-bot]

There's nothing wrong with a God mode. They key is making sure the right person is God.

Problem is that everyone thinks they're the one - or should be.

Re:Intel ME is awesome

[MrKaos]

There's nothing wrong with a God mode. They key is making sure the right person is God.

Yeah, I'm kinda thinking that if the management engine is on the machine and it is MINIX, I'd like to use it myself to, you know, manage the machine. I'm pretty sure I paid for it.

Re:Intel ME is awesome

The problem here is as the TFA points out, the Intel ME stuff is really poorly documented and it's very complicated what tools and documents I've come across. Certainly way more than an end user could wrap their head around if a refurbisher like me is still trying to understand ME and how it works, when it works, etc.

What you describe covers a lot of electronics that have been co-opted by hackers and turned into Linux running systems. I'm not saying it's a trivial task, and I don't think I'm personally up to the challenge. But these security researchers who know how to exploit the Intel ME are the forefront of being able to document how it works and working out how to inject a whole new OS.

he closed-source nature of it is a huge problem too, as obvious from this article. So yeah, sure, God-mode might be pretty cool, but it's a bit dangerous if others can exploit it just as easily as I can.

Compared to what? Exploiting the kernel? Exploiting the BIOS? We're talking about another level underneath that's fundamentally the same thing. Is getting rid of it any sort of answer? About as much as getting rid of the kernel or the BIOS. Obviously, the focus should be about documenting it and pushing for as many people as possible to replace it.

This is a pretty viable attack vector too, since you know, a payload could deliver the ME sploit, infect any usb storage devices, and hope for the next fool who boots accidentally or intentionally from those devices. I imagine if an attacker took control of the ME subsystem, it'd be a real bitch to eject their crap, considering how poorly ME is documented and how arcane the tools are.

Which, again, is how far away from kernel and extant BIOS exploits? It wasn't but a few days ago that it was pointed out how much of a mess the Linux USB subsystem is. I can't believe that Windows' closed source drivers are any better, even if the exact attack vector is different. The answer is, again, to document and replace. However you look at it, throwing around a lot of fear at this stage is only useful if we're hearing ways to mitigate (which is true to at least the extent of mentioning USB ports as an attack vectory but really to broad a point unless that was actually the message being delivered). It doesn't sound like that's being pushed at all, though, which is actually the greatest disservice.

In my experience as a refurbisher, it's a very rare sight to see any laptop or desktop computer that even mentions ME, or has an option to turn it off in the BIOS. Most of the ME implementations are completely transparent to the host computer, never mentioned in the BIOS, no way to turn it off, no indication it's even there.

Which only highlights the point about educating users. If the setting does exist, disable it. If you're not sure and you're Intel, presume the worst and protect your USB ports. That's good advice, period, given the repeated stories of social engineering with dropped usb drives. Don't think you're safe with AMD because they have the PSP which may be just as bad.

I guess my overall point is, the sky isn't falling. We're just finding new ground. We should be the ones to exploit it before bad hackers do.

Re:Intel ME is awesome

[daniel23]

That's easy, Intel and no one else.
However, during development a guy in a dark suit comes along, representing $TLA.
"Thou shalt not..." he says, so now there 2 Gods.

Said agency looks at the matter and insists on a kill switch for their own boxes - which is a wise move and everyone should have that. But then again, where is the fun in being God if everyone can lock you out?

So it is kept top secret how to access the ME and only $ThirdParty with the appropriate clearing learn about it. Amongst them $Contractor sees the value and sells the details to $Spy in exchange for $$$.
Spies spy on spies, trust turns trusted and not long there is a small crowd of gods and semi gods competing to reap and exploit.

Enter $researcher who, by dilligence and ingenuity finds a way in no one else thought about before.

Re:Intel ME is awesome

There's nothing wrong with a God mode.

There certainly is something wrong with a "God mode" management engine. Think about it--why do you need a second processor running MINIX and controling the main CPU? It's only because the present-day operating systems running on the main CPU are too handicapped to do the things you want. In principle, if things were designed elegantly, you could just have a single processor with a single operating system that actually did everything.

Re:Intel ME is awesome

[Gravis+Zero]

We have security researchers who decry the evil of Intel ME.

The part they decry more than anything else is that it cannot be disabled. Seriously, this is the biggest issue about IME is that it is designed to always run no matter what and if it's not running, the rest of the system is prevented from running.

You may think it's cool but doing so is as stupid as thinking, "that's an awesome gun" when someone has one pointed at your head.

Re:Intel ME is awesome

The part they decry more than anything else is that it cannot be disabled. Seriously, this is the biggest issue about IME is that it is designed to always run no matter what and if it's not running, the rest of the system is prevented from running.

No, people decry the level of authority (the God mode) that is granted to Intel along with the difficulty or inability to disable it. Although to that end, it's absurd precisely because Intel is the creator of the CPU and hence already has a lot of supreme power over the system. That the IME consolidates that power into something other than the CPU is only distressing for people because so many people were focused on the CPU as the lynch pin of security. Well, that was absurd from the start because even a lowly PIC could interject or monitor key presses and route them in a fashion that could be picked up by others (encoding them in the EM noise).

So, to that end the IME just seems the blatant and obvious example of the power grab people were expecting with just enough of the cloak and dagger to not outright mention its existence. I get it. I don't even really disagree with the characterization. My point is that through it all, security researches aren't seeing the other part of the big picture: Intel gave us a really useful security tool to undermine just about every other supposed protection that the CPU can provide. That includes VM protection, DRM, and all sorts of malware that would try to subvert the kernel.

So, regardless of Intel's intent, it seems clear that God Mode is such a substantial undermining of a lot of moneyed interests if used properly, that any claim that TLAs had it put in really don't get that subverted for good it's one of the most undermining technologies against those people.

You may think it's cool but doing so is as stupid as thinking, "that's an awesome gun" when someone has one pointed at your head.

If all the Intel ME is is a loaded gun pointed at our heads, then we're all already dead. But me cleaner and other researches that have shown that it CAN be functionally disabled in many (maybe all?) cases speak more about the fundamental question: what can you do with the technology of the gun? Whether you like it or not, the gun is a major component that revolutionized warfare and is substantially the reason the world moved from monarchies to democracies. Not to say that was wholly it, but consider that you talk in terms of a gun at your head, not an army at your throat. Worry about the oppression IME can cause. And subvert it to free us. That is the hacker way. That is the way of freedom, not of fear.

Re:Intel ME is awesome

[phantomfive]

The problem is you can't get rid of it by reformatting your hard drive. This isn't a root account, and it's not ring 0. Unless you know how to make it secure, it shouldn't exist, and Intel doesn't know how to make it secure.

Re:Intel ME is awesome

[Zumbs]

Indeed. The default should be disabled, so that it is possible for experts, e.g. the IT department, to enable the specific parts of it that they want to use.

Re:Intel ME is awesome

[AmiMoJo]

The problem is that they use it to boot the system, so you need it for at least the boot part before it can be disabled. There is that secret NSA disable bit, but you can't rely on it because at the very least the boot code has the execute first and that could be compromised.

To overcome this either Intel would have to create a new boot system and somehow disable any capability to change/update it (unlikely), or it will have to be replaced by an open source system that we can at least audit. Well, I guess there is another option, Intel could open source the boot code.

Re:Intel ME is awesome

[rastos1]

No, people decry the level of authority (the God mode) that is granted to Intel along with the difficulty or inability to disable it. Although to that end, it's absurd precisely because Intel is the creator of the CPU and hence already has a lot of supreme power over the system.

Yes, Intel has supreme power over the system. And we trusted Intel to not abuse that power. Those that did not trust it were ridiculed for the tinfoil hat. And now we have found (*) out that they did abuse the power. Or prepared the ground to abuse it - by themselves, TLA or any other bad actors.

*) I mean - as far as I understand, IME was not exactly closely guarded secret that nobody knew about. It is just that the scope was not known and more of general public is becoming aware of the it.

Re:Intel ME is awesome

[thegarbz]

You may think it's cool but doing so is as stupid as thinking, "that's an awesome gun" when someone has one pointed at your head.

I would think the same thing if I knew there were no bullets. Intel's ME runs all the time because it has system reasons for doing so. The thing that freaks out most people (remote administration) is controlled by the user. This can easily be verified by a network that doesn't respond to anything when it is disabled.

At that point you are limited to physical attacks that require someone to already own your machine.

"That's a pretty neat and loaded gun that you're about to shoot me with" I said as I lay bleeding out from my stab wounds.

Re:Intel ME is awesome

[phantomfive]

But, yea, keep on beating the dead horse. Or, you know, recommend that IME be updated (with something better, perhaps?) like every security ridden nightmare that is the modern PC. Push for Intel to document it a lot better?

Intel should use formal verification. They already do it for a lot of their hardware. Also, they should at least have code review, because current evidence shows that really really dumb stuff is getting through (for example, empty password always accepted).

Re:Intel ME is awesome

[Gravis+Zero]

Intel's ME runs all the time because it has system reasons for doing so.

It only has reason to run during the initial boot sequence. This has been verified and yet IME still runs even if you disable ATM.

The thing that freaks out most people (remote administration) is controlled by the user. This can easily be verified by a network that doesn't respond to anything when it is disabled.

IME monitors packets and only acts when it gets the proper packet sequence. The stars will burn out long before you're done enumerating every packet value.

At that point you are limited to physical attacks that require someone to already own your machine.

Permanently disconnecting your computers from all networks and external devices is the only real option here. A compromised installer, updater or USB device could easily result in a permanently owned box. At that point the only option is to replace your CPU... unless you are using a laptop in which case you need to replace your laptop.

Re:Intel ME is awesome

[thegarbz]

IME monitors packets and only acts when it gets the proper packet sequence.

IME enumerates a separate interface for networking. When you disable the network interface IME is no longer listening.

Unless you can show me a detailed description of where it says otherwise.

Re:Intel ME is awesome

[sjames]

It's a dangerous as hell way to "solve" an already solved problem. The servers I work with have IPMI and a BMC on them rather than the ME. The BMC can emulate a USB DVD drive so I can do a fresh OS install. It also connects to an internal serial port so I can do serial console over LAN. It can simulate a press on the power and reset buttons. The newer ones can also act as a KVM for dealing with OSes that insist on GUI interaction. Using that, I can fully manage a server I have never actually seen that lives across the country from me.

The big difference is that it can't silently scan or modify memory while the OS isn't looking. It can't snoop the contents of the HDs. It can't log the physical keyboard. It's not just that it pinky swears not to, the hardware simply can't do it.

It's not like that capability is expensive these days. It long ago went from being an add-on to being built-in. It was already starting to appear on desktop machines as well as servers. There simply wasn't a legitimate gain from giving the ME god level access.

Re:Intel ME is awesome

[unrtst]

So yeah, sure, God-mode might be pretty cool, but it's a bit dangerous if others can exploit it just as easily as I can.

Compared to what? Exploiting the kernel? Exploiting the BIOS? We're talking about another level underneath that's fundamentally the same thing. Is getting rid of it any sort of answer? About as much as getting rid of the kernel or the BIOS. Obviously, the focus should be about documenting it and pushing for as many people as possible to replace it.

WTF? It is not fundamentally the same thing! The BIOS is there to initialize the hardware so that the OS can boot. The boot manager handles passing on that to the OS, where the kernel takes over as the running/managing process. That entire time, the ME is still there, and provides no value to that process. (I'm not saying it has zero value, but its value is not in that series of events, but outside it)

Is getting rid of it any sort of answer? About as much as getting rid of the kernel or the BIOS.

So "yes", definitely. Is that way you meant to say? We've been working to get rid of the traditional BIOS for a LONG LONG time. We've also been actively working for the past several years on minimizing the role the kernel plays (for example, the move towards vm and, more so, containers). The ME is technically unnecessary, so yes, let's just get rid of it!

I guess my overall point is, the sky isn't falling.

The sky already fell.

Re:Intel ME is awesome

[havana9]

What should be done for safety is to add a couple of pin on the chip, one that enables the BIOS flash an the one that enables the ME engine or not. So a couple of jumpers on the motherboard could make the buyer to control the behaviour. IF this is difficult because is a laptop or an embedded ssytem they could be changed with soldered blobs or even using a keyboard controller that remember the configuration set with a particular key combo on power on in an eeprom. Problem solved.

Re:Intel ME is awesome

[Gravis+Zero]

Intel won't even allow people to disable IME, let alone give them the option of how to do it. They could solve this problem a bunch different ways with ease but the point is that Intel does not want to allow you to disable IME.

Re:Intel ME is awesome

[phantomfive]

You do realize that formal verification on software is somewhere between a lot harder to impossible, right?

There have been a lot of tools created in the last decade that make formal verification easier.
At a minimum, Intel needs to use basic security practices like code review, which in many cases they are not.

Re:Intel ME is awesome

[unrtst]

The ME is technically unnecessary, so yes, let's just get rid of it!

USB is technically unnecessary. WiFi is technically unnecessary. GPUs are technically unnecessary. Again, baby out with the bathwater.

USB is the only one of those built into most motherboards, and it can be disabled. They can all be disabled. The power management in BIOS that you spoke of can be disabled. The IME can't be disabled.
These comparisons are not of equal parts.

If the IME were easily disabled (and veritably so), that would probably suffice for the majority of people complaining about it, and the majority of normal people still wouldn't even know what it is and would just leave it running.

Re:Intel ME is awesome

[thejynxed]

They've found at least in the case of laptops that have cellular enabled wireless, disabling your network interface does nothing because the IME has direct access and control over the wireless radio. Neither does yanking the power cord or removing the battery, because the newer ones have started coming with their own power supplies, sort of like the old CMOS batteries, only you can't access or remove those, either.

Re:Intel ME is awesome

[thegarbz]

They've found at least in the case of laptops that have cellular enabled wireless, disabling your network interface does nothing because the IME has direct access and control over the wireless radio.

And yet IME does not actually listen or respond to cellular interfaces. It does have control but that's about it. If you did have a point it was diminished by the fact that you believe a tiny battery will power fully functioning network interfaces / cellular modems.

Re:MODERATION IS CENSORSHIP

Yes, it's important to censor dumbasses.

dahlink

[PopeRatzo]

A pair of security researchers in Russia

I've found a photo of this pair of "security researchers" in Russia:

https://pre00.deviantart.net/f...

 

Re:Mandatory vulnerability

It's a non-story until someone writes a destructive virus or ransomeware that uses ME, but then it's too late. The journalists' laptops will not longer work. So I guess it's always a non-story.

Beyond scary

[markdavis]

This Management Engine stuff just gets scarier and scarier. Just like intentional backdoors in encryption WILL be found and exploited, these undocumented "systems" within our systems will be cracked and the result can and will be DEVASTATING. It is hard enough to keep operating systems updated and secure. Firmware-level security is not something that can be easily maintained on running machines, even if Intel and friends can put out patches fast enough. I want my machine to be MINE.

These "infected" machines are making their way into our entire infrastructure- controlling everything from power generation, traffic, government operations, military, healthcare, just about everything. Imagine black-hatters, rogue nations, criminals, or terrorists simply bypassing all normal security and just taking control of the hardware and doing whatever they want.

WE ALL NEED THE ABILITY TO ABSOLUTELY DISABLE ME AT THE BIOS AND/OR HARDWARE LEVEL. And we need it NOW!

Oh, and AMD is doing the same thing as Intel, so don't look to them as some alternative.

Re:Beyond scary

[110010001000]

No computer running a general purpose OS is secure. None. Security is the antithesis of general purpose computers.

Re:Beyond scary

[markdavis]

>"No computer running a general purpose OS is secure. None. Security is the antithesis of general purpose computers."

With that type of broad statement, you are correct- NOTHING is really "secure". Security is always matter of degrees. There is no safe that can't be broken into, eventually, with enough effort and resources. And once that method is found, it could quickly enable other safes to be broken. We shouldn't allow some company to have control over our safes and install a bunch of secret "locks" and entrances into those safes.

ME introduces another attack vector/path. And one that is not well known, and not under our (the owner's) control.

Re:Beyond scary

[Gravis+Zero]

This Management Engine stuff just gets scarier and scarier. Just like intentional backdoors in encryption WILL be found and exploited, these undocumented "systems" within our systems will be cracked and the result can and will be DEVASTATING.

You are now finally on the same page that computer scientists have been on for over a decade. It's been repeated many times that it's not a question of "if" it will be compromised but rather "when".

The fact that you are only just started freaking out clearly exemplifies the problem: the general public doesn't care about security until it's too late and they won't listen to experts.

Re:Beyond scary

[markdavis]

>"You have no choice but to adopt whatever they sell, or go back to the stone age and use pen and paper or some old CPU."

There are some other options:

1) Pressure the two companies to stop it
2) Try to pass a law to make them stop it
3) Use white-hatters to break into it and release ways to stop it.

Re:Beyond scary

[markdavis]

>"The fact that you are only just started freaking out clearly exemplifies the problem: the general public doesn't care about security until it's too late and they won't listen to experts."

I have been freaking out about it ever since it was introduced, and really believed that it would have been stopped or undone by now. I am not the "general public" but I agree with what you are saying. Now that there are millions of such chips out there, we have lots of ticking time bombs just waiting for the right exploits to appear.

Re:Beyond scary

[WaffleMonster]

No can do. Only two companies sell the CPU, Intel and AMD that runs your windows, linux, osx apps. Don't like their terms? Don't buy their products.

No big deal. The way things are going we're all going to be running ARM on desktop before too long anyway. Intel and AMD should do everyone a favor and go back to sleep.

You have no choice but to adopt whatever they sell, or go back to the stone age and use pen and paper or some old CPU.

The customer has all the power in the world.

Re:Beyond scary

[Bert64]

With physical access there are many ways...
Open the case, extract the disk, load some malware onto it, put it back in?

Re:Beyond scary

[omnichad]

Scan for RF interference from the keyboard to get the password.

Re:MODERATION IS CENSORSHIP

[MrL0G1C]

Posting as AC is self-censorship.

Re:Nonsense if you are smart.

Since the ME has access to all peripherals, the network, and the RAM, it doesn't matter how many VMs you run in a live DVD of whatever. The ME has full access, and whoever has control over the ME has full access.

Could make DRM core accessible

[Gravis+Zero]

This could potentially give people full access to the Intel Insider core which is what all the 4K DRM relies on.

I hope after IME is fully pwn3d that people will start taking a crack at AMD's PSP because I would like to have a fully open system but I refuse to financially support Intel due to their highly unethical and anti-competitive behavior.

epoxy is not the panacea

Even if the USB ports are epoxied, one can open up the box and still access the USB bus quite easily.

Re: epoxy is not the panacea

[gaussey]

Well you could epoxy the headers on the motherboard too.

Re: Beyond perspective.

You mean someone had physical access to the computer you now own. Like the guy at the shop who sold it to you.

Re:Beyond perspective.

[markdavis]

>"Funny how you find that scary, and not the fact that someone has physical access to your computers."

Today it is a compromise with physical means. Tomorrow it could be remote.... remember, the ME has access to the network and the host OS, so attack vectors could come from various places.

Re:God mode: Remote...for dummies.

You're still forgetting the "remote" part. There's nothing remote about saying physical access means root. And if someone has physical access there's a whole bunch of ways that don't require an ME to execute.

Looks like we're all about to be bitcion miners

[doug141]

... for a botnet.

Designing hidden access is bad for Intel.

[Futurepower(R)]

Maybe they should make a movie, "Why Intel went bankrupt."

How can you deliver Intel (and AMD) computers to customers knowing that there is secret control by unknown agencies? Do you tell the customers? If you don't tell the customers, can you be taken to court and sued for damages?

Does anyone think that secret government agencies are well-managed? No one at a secret agency would ever steal?

Could the problem be solved by isolating Intel computers from the Internet, providing internet access from other computers, and providing some secure method of data transfer?

This Ask Slashdot story didn't get sufficient attention, in my opinion: Ask Slashdot: Best Way To Isolate a Network And Allow Data Transfer?

The problem of hidden access is not just with Intel and AMD. Microsoft does it: Windows 10 is possibly the worst spyware ever made Quote: "Buried in the service agreement is permission to poke through everything on your PC.

Re:Designing hidden access is bad for Intel.

[infolation]

Ironically, Google might be the answer to this.

Google's engineer's work to remove unwanted firmware from Intel's chips is only one of their directions in this area.

Hopefully Google's interest in the fully open IBM Power architecture will move OpenPower out of the niche market. Google's specifically said that concerns about Intel ME and other related tech is part of their interest in the Power platform.

Re:Designing hidden access is bad for Intel.

[Agripa]

How can you deliver Intel (and AMD) computers to customers knowing that there is secret control by unknown agencies?

Maybe the NSA was the customer and paid for it like they paid RSA.

If you don't tell the customers, can you be taken to court and sued for damages?

Do you mean like all of those people who took the telecommunication companies to court when it was revealed that they were cooperating with the US Government to conduct warrantless surveillance?

https://en.wikipedia.org/wiki/...

Epoxy is easily removed.

[Futurepower(R)]

Epoxy is easily removed using a Dremel tool.

Re:Epoxy is easily removed.

[BoRegardless]

That is the problem, the hardware "fixes" are just impediments to bad guys.

Intel ME as a back door is even scarier. That is why a friend I know who does missle targeting programing does it in an isolation room with no external connections of any type and no electronic devices allowed to be brought in or you might have a very serious accident.

I don't think there is a perfect answer to security. Probably the only thing I can imagine is you carry your own OS/data in your external device and it just boots whatever computer you need, which has no CPU itself. But that still won't stop it from getting corrupted.

Re: MODERATION IS CENSORSHIP

Oh, please cite of stfu

Here is a well researched article describing the lack of any Federal support for freedom of speech on private property through SCOTUS rulings over the past 70 years. Only one case found for free speech, because the California constitution allowed for it and it was seen to supersede the US Constitution. Laws like that only apply in 6 states.

You really should learn how to back up your spew

Questions

[NicknameUnavailable]

• How practical is it to execute code on ME?
• How powerful is the ME processor compared to the real one? 100% the power? 10%? etc?
• Is it possible to take advantage of this to not only stop the ME from spying, but to increase performance?

Re:Questions

[Gravis+Zero]

How practical is it to execute code on ME?

For general applications, it's absolutely worthless. It doesn't even use the x86 architecture.

Is it possible to take advantage of this to not only stop the ME from spying, but to increase performance?

Realistically, no.

This isn't a bug

This is not an exploitable bug, it is an NSA feature.

I'm safe!

[DontBeAMoran]

I knew there was a good reason to keep this VIA C3 Mini-ITX motherboard around!

Re: MODERATION IS CENSORSHIP

[omnichad]

viewing threshold above that level.

Right...because they don't want to see it. Why is that not fine?

A very important front for software freedom

[jbn-o]

WE ALL NEED THE ABILITY TO ABSOLUTELY DISABLE ME AT THE BIOS AND/OR HARDWARE LEVEL. And we need it NOW!

What you're describing is software freedom. And you deserve software freedom for all of the computers you own. You should be allowed to run, inspect, share, and modify the BIOS, "Management Engine" (or workalike), and all of the other software on the computer including any encryption keys used. Fortunately for all of us people are working on different architectures and on freeing common architectures, so I hope you'll help them.

Re:A very important front for software freedom

[thejynxed]

Except the software is the smallest part of the ME.The ME comprises a series of CPUs (some ARM-based), low-level hardware access, and in some cases found so far, it's own power supplies and cellular data connection.

The software side of it is only a small start to things that need remedied in this situation, especially a situation in which we find a system-within-a-system such as this that can entirely override the command functions of the UEFI/BIOS firmware, the OS, and last but not least, the end-users/system admins themselves, remotely, even if you pull the plug.

Re:Not news...

[Z80a]

I think it is news, but due the other way around.
As you can access the thing via USB, now you can in theory create an USB device that knocks the unneeded ME modules off

Re: MODERATION IS CENSORSHIP

[Dog-Cow]

You deserve to have a rusty spike shoved through your eyeball.

Abort! Abort!

[mentil]

Nerd: *tapa tapa tapa* Oh my god! The Intel Managament Engine... it's gone rogue! It's out of control!
Man With Shades And Many Chevrons: Shut it down!
Nerd: *tapa tapa tapa* I'm trying! But it's not responding to the shutdown code!
Man With Shades And Many Chevrons: Just pull the plug or something!
Nerd: It already has control over our systems! We'll need to do a manual override!
Man With Shades And Many Chevrons: Dammit! Where's Bruce Willis when you need him?!

Thank God Minix 3 is under a BSD-style License

[rodia]

It helps to protect Intel's valuable intellectual property called ME from people like us. Don't listen to this barefoot Hippie Stallman from the FSF, he just wants the unwashed masses to have actual control over the machines they payed for.

Something useful?

[aglider]

I have no idea how powerful that engine is.

I hope someone will come out with some neat idea to usefully exploit that ME in favour of the users.
Maybe some femto-kernel or the likes...

Re:Something useful?

I have no idea how powerful that engine is.

In raw number crunching "power"? Not very powerful.

In complete access to your system "power"? Quite powerful.

Re:MODERATION IS CENSORSHIP

[thegarbz]

Undoubtedly, your first reaction is to censor this position to -1.

Yep, the title alone qualifies for an "offtopic" mod. Goodbye. It was nice not reading your irrelevant opinion.

Re: MODERATION IS CENSORSHIP

[thegarbz]

but consider this civil disobedience against a system that suppresses dissenting opinions.

Trust us, the irony of your disobedience along with the resulting moderation they receive is not lost on us.

Re: MODERATION IS CENSORSHIP

[BronsCon]

invisible to other users with a viewing threshold above that level

Well, it sounds like those users who don't see it have decided they wanted to exercise their

right to ignore you.

You still had (and exercised) your

right to speak

and people who wish to hear you can still hear you. How do I know this to be true? I moderate (with a heavy slant toward positive moderation or none at all -- I rarely use all of my mod points), I browse at -1, and I see all of your moronic comments. You are not being censored, but you are being sorted and categorized so that people who wish to ignore your messages, which you seem to imply that you're fine with, can do so.

Re: MODERATION IS CENSORSHIP

[uncqual]

Which Supreme Court? Are you thinking of the Pruneyard Shopping Center v. Robins (1980) case? This was initially decided by the California Supreme Court based on the California Constitution. The Supreme Court of the United States upheld the California Supreme Court decision by ruling that State Constitutions are not in violation of the United States Constitution if they grant broader rights within the state than the United States Constitution does - they didn't find that the United States Constitution protects a "free speech" right under the First Amendment in the common areas of a shopping mall.

Perhaps you're thinking of another case, but I don't recall such a case right off the top of my head. Do you have a cite?