Author Topic: Intel ME Vulnerability  (Read 509 times)

Offline Hardhead

  • Administrator
  • Hero Member
  • *****
  • Posts: 869
    • View Profile
Intel ME Vulnerability
« on: May 22, 2019, 01:56:34 am »
By exile360, Saturday at 04:26 PM in General Chat

Quote
For a long time security experts have warned about the dangers of using insecure software and hardware.  They tell us to never use simple passwords, never to write down our passwords, never leave our devices unlocked, and to always change the default administrator password on our routers and other devices.  But what if there was a device inside your CPU, the central 'brain' of your computer that was always on, even when the system is powered off, and what if I told you this device was inside every computer built in the last 11 or so years and that it was so secret and its code so obscured that security researchers can't even audit its code for potential vulnerabilities and that it has full access to your network devices and storage devices in your system, has the ability to power on your system remotely, and even access your hardware and data when no operating system is installed or running?  You would probably tell me that it's time to get my tinfoil hat resized because it's on a little too tight, right?  Well unfortunately not only is this a reality, but it has already had vulnerabilities discovered that could exploit it.

What I am referring to is a piece of technology called IME or the Intel Management Engine.  It is a piece of code that runs inside a chip inside every Intel CPU and it was designed to allow remote control of every Intel based PC.  Unfortunately even if you're using an AMD processor you still have something like this, except they call it 'TrustZone' (a rather ironic name in my opinion :P).

Well, as has been a theme lately, a new vulnerability has been discovered in Intel's Management Engine and the only way to patch it is through a firmware update.  This can be done manually, but it isn't very straightforward, especially if your OEM/system manufacturer hasn't supplied a patch (most don't for these kinds of vulnerabilities unfortunately, especially for older systems).  For those who wish to attempt patching it on your own, you'll find all the tools and instructions required at the Win-Raid Forum here.  They have links to downloads for all of the required tools to check your ME version and the utilities from Intel to patch it along with the latest firmware versions.  That said, if you do intend to patch as I did, BE CAREFUL and read the instructions and information in that post very carefully as there is no one size fits all firmware and you could easily brick your system if you do the wrong thing; sadly the only alternative is to remain vulnerable to potential ME exploits

https://forums.malwarebytes.com/topic/247575-intel-me-vulnerability-time-to-patchagain/


Note: Be sure to read all posts...

Offline gorblimey

  • Full Member
  • ***
  • Posts: 119
    • View Profile
Re: Intel ME Vulnerability
« Reply #1 on: July 03, 2019, 05:34:39 am »
By exile360, Saturday at 04:26 PM in General Chat
Quote
...  But what if there was a device inside your CPU, the central 'brain' of your computer that was always on, even when the system is powered off, and what if I told you this device was inside every computer built in the last 11 or so years and that it was so secret and its code so obscured that security researchers can't even audit its code for potential vulnerabilities and that it has full access to your network devices and storage devices in your system, has the ability to power on your system remotely, and even access your hardware and data when no operating system is installed or running? ...
...

I must confess, my first thought--and the second, third and fourth--were along the lines of "What planet do you...?"

But yes.  Powered down.  Exactly what is "powered down"?  Well, duh!  But switched off where?  Most people hit the (large) button on the front of the case to "power up".  Many like me touch the mouse twice, slowly.  Others "touch any key", and not just a few have machines "Wake On LAN" or similar. And all of these have one thing in common.  Whatever you call "powered down" isn't.  The box is sleeping, hibernating, estivating, but OFF it is NOT.  There is always electricity trickling through the CPU...  Actually the entire MoBo.  It's what keeps the internal battery charged, among other necessary things.  Do you off the box at the wall?

So no BS here.  A risk does exist, the threat is real.

Except.  OK, if you don't have a NAT router between your box and the modem, yes, it's a trivial exercise unless the modem is offed.  With a NAT router, life for the threat actor becomes... interesting.  I'm too lazy to look up the numbers in detail, but suffice it to say that, with IPv6 thrown in, the number of local addresses to be checked is in the high thousands.  Now I am making one assumption here: that our beloved CPU is not actively phoning home every few minutes, letting its masters know the necessary room number (and attaching the vital invitation the NAT router wants to see).

If you're like me, you also lack a fixed IP.  Most people settle for lower costs and happily accept a variable IP from the large pool kept by the ISP.  And mine is likely to change every time my router is offed for more than a few minutes, which happens at least once a month.

Tinfoil hat space?  Ask Sony, or Amazon, anybody with lists of usernames and passwords|addresses|employers|etc.  Yes, I know there are actors out there who would dearly love to operate my computer for me, but do they have the knowlege and skill to light up my IME?  I doubt it.
____________________
Win7 HPx64 SP1, VoodooShield, WFC

Offline Antus67

  • Global Moderator
  • Hero Member
  • *****
  • Posts: 4079
    • View Profile
Re: Intel ME Vulnerability
« Reply #2 on: July 03, 2019, 02:56:00 pm »
Quote
I must confess, my first thought--and the second, third and fourth--were along the lines of "What planet do you...?"
Posted by: gorblimey

Lets play nice everyone is entitled to their opinion. We can learn from everyone here :)
Windows Defender
VoodooShield 5.01
Trojan Remover

Offline Hardhead

  • Administrator
  • Hero Member
  • *****
  • Posts: 869
    • View Profile
Re: Intel ME Vulnerability
« Reply #3 on: July 04, 2019, 05:49:24 am »
By exile360, Saturday at 04:26 PM in General Chat
Quote
...  But what if there was a device inside your CPU, the central 'brain' of your computer that was always on, even when the system is powered off, and what if I told you this device was inside every computer built in the last 11 or so years and that it was so secret and its code so obscured that security researchers can't even audit its code for potential vulnerabilities and that it has full access to your network devices and storage devices in your system, has the ability to power on your system remotely, and even access your hardware and data when no operating system is installed or running? ...
...

I must confess, my first thought--and the second, third and fourth--were along the lines of "What planet do you...?"

But yes.  Powered down.  Exactly what is "powered down"?  Well, duh!  But switched off where?  Most people hit the (large) button on the front of the case to "power up".  Many like me touch the mouse twice, slowly.  Others "touch any key", and not just a few have machines "Wake On LAN" or similar. And all of these have one thing in common.  Whatever you call "powered down" isn't.  The box is sleeping, hibernating, estivating, but OFF it is NOT.  There is always electricity trickling through the CPU...  Actually the entire MoBo.  It's what keeps the internal battery charged, among other necessary things.  Do you off the box at the wall?

So no BS here.  A risk does exist, the threat is real.

Except.  OK, if you don't have a NAT router between your box and the modem, yes, it's a trivial exercise unless the modem is offed.  With a NAT router, life for the threat actor becomes... interesting.  I'm too lazy to look up the numbers in detail, but suffice it to say that, with IPv6 thrown in, the number of local addresses to be checked is in the high thousands.  Now I am making one assumption here: that our beloved CPU is not actively phoning home every few minutes, letting its masters know the necessary room number (and attaching the vital invitation the NAT router wants to see).

If you're like me, you also lack a fixed IP.  Most people settle for lower costs and happily accept a variable IP from the large pool kept by the ISP.  And mine is likely to change every time my router is offed for more than a few minutes, which happens at least once a month.

Tinfoil hat space?  Ask Sony, or Amazon, anybody with lists of usernames and passwords|addresses|employers|etc.  Yes, I know there are actors out there who would dearly love to operate my computer for me, but do they have the knowlege and skill to light up my IME?  I doubt it.
I think we are all on the same planet here in this forum. You may disagree with my post and I respect that as an opinion.
Powered off would be that the OS is shut down and off, plugged in or not plugged in unless you take the internal battery out so the CMOS will not boot. Now if you are able to get the MORPHEUS chip which has been developed then your OS may be bullet proof. I'm just being open mined and respectful. ;)

Cheers