Malware Uses Obscure Intel CPU Feature To Steal Data and Avoid Firewalls (bleepingcomputer.com) 39
An anonymous reader writes: Microsoft's security team has come across a malware family that uses Intel's Active Management Technology (AMT) Serial-over-LAN (SOL) interface as a file transfer tool. The problem with Intel AMT SOL is that it's part of Intel's ME, a separate chip inside Intel CPUs that runs its own OS and stays on even when the main CPU is off.
Inside Intel's ME, AMT SOL opens a virtual network interface which works even when the PC is turned off. Furthermore, because this virtual network interface runs inside ME, firewalls and security products installed on the main OS won't detected malware using AMT SOL to exfiltrate data.
The malware was created and used by a nation-state cyber-espionage unit codenamed PLATINUM, active since 2009, and which has targeted countries around the South China Sea. PLATINUM is by far one of the most sophisticated hacking groups ever discovered. Last year [PDF], the OS maker said the group was installing malware by abusing hotpatching — a mechanism that allows Microsoft to issue updates that tap into active processes and upgrade applications or the operating system without having to reboot the computer.
Details about PLATINUM's recent targets and attacks are available in a report [PDF] Microsoft released yesterday.
Inside Intel's ME, AMT SOL opens a virtual network interface which works even when the PC is turned off. Furthermore, because this virtual network interface runs inside ME, firewalls and security products installed on the main OS won't detected malware using AMT SOL to exfiltrate data.
The malware was created and used by a nation-state cyber-espionage unit codenamed PLATINUM, active since 2009, and which has targeted countries around the South China Sea. PLATINUM is by far one of the most sophisticated hacking groups ever discovered. Last year [PDF], the OS maker said the group was installing malware by abusing hotpatching — a mechanism that allows Microsoft to issue updates that tap into active processes and upgrade applications or the operating system without having to reboot the computer.
Details about PLATINUM's recent targets and attacks are available in a report [PDF] Microsoft released yesterday.
One more time, my friends! (Score:5, Insightful)
This is exactly what was said was going to happen when it came to light that Intel was sticking extra shit to motherboards no one was asking for. And at the time, Intel said no one would be capable of getting to it. Guess what?
So tired of this crap.
Obligatory:Intel CPU Backdoor Report (May 5 2017) (Score:1, Informative)
The goal of this report is to make the existence of Intel CPU backdoors a common knowledge and provide information on backdoor removal.
What we know about Intel CPU backdoors so far:
TL;DR version
Your Intel CPU and Chipset is running a backdoor as we speak.
The backdoor hardware is inside the CPU/Bridge and the backdoor firmware (Intel Management Engine) is in the chipset flash memory.
30C3 Intel ME live hack:
@21m43s, keystrokes leaked from Intel ME above the OS, wireshark failed to detect packets.
[Video Link] 30C3: Persistent, Stealthy, Remote-controlled Dedicated Hardware Malware [youtube.com]
[Quotes] Vortrag [events.ccc.de]:
"DAGGER exploits Intel's Manageability Engine (ME), that executes firmware code such as Intel's Active Management Technology (iAMT), as well as its OOB network channel."
"the ME provides a perfect environment for undetectable sensitive data leakage on behalf of the attacker. Our presentation consists of three parts. The first part addresses how to find valuable data in the main memory of the host. The second part exploits the ME's OOB network channel to exfiltrate captured data to an external platform and to inject new attack code to target other interesting data structures available in the host runtime memory. The last part deals with the implementation of a covert network channel based on JitterBug."
"We have recently improved DAGGER's capabilites to include support for 64-bit operating systems and a stealthy update mechanism to download new attack code."
"To be more precise, we show how to conduct a DMA attack using Intel's Manageability Engine (ME)."
"We can permanently monitor the keyboard buffer on both operating system targets."
Backdoor removal:
The backdoor firmware can be removed by following this guide [github.io] using the me_cleaner [github.com] script.
Removal requires a Raspberry Pi (with GPIO pins) and a SOIC clip.
Decoding Intel backdoors:
The situation is out of control and the Libreboot/Coreboot community is looking for BIOS/Firmware experts to help with the Intel ME decoding effort.
If you are skilled in these areas, download Intel ME firmwares from this collection [win-raid.com] and have a go at them, beware Intel is using a lot of counter measures to prevent their backdoors from being decoded (explained below).
Useful links:
The Intel ME subsystem can take over your machine, can't be audited [ycombinator.com]
REcon 2014 - Intel Management Engine Secrets [youtube.com]
Untrusting the CPU (33c3) [youtube.com]
Towards (reasonably) trustworthy x86 laptops [youtube.com]
30C3 To Protect And Infect - The militarization of the Internet [youtube.com]
30c3: To Protect And Infect Part 2 - Mass Surveillance Tools & Software [youtube.com]
1. Introduction, what is Intel ME
Short version, from Intel staff:
Re: What Intel CPUs lack Intel ME secondary processor? [intel.com]
Amy_Intel Feb 8, 2016 9:27 AM
The Management Engine (ME) is an isolated and protected coprocessor, embedded as a non-optional part in all current Intel chipsets, I even checked with the engineering department and they confirmed it.
Long version:
ME: Management Engine [libreboot.org]
The Intel Management Engine (ME) is a separate computing environment physically located in the MCH chip or PCH chip replacing ICH.
The ME consists of an individual processor core, code and data caches, a timer, and a secure internal bus to which additional devices are connected, including a cryptography engine, internal ROM and RAM, memory controllers, and a direct memory access (DMA) engine to access the host operating system's memory as well as to reserve a region of protected external memory to supplement the ME's limited internal RAM. The ME also has network access with its own MAC address through the Intel Gigabit Ethernet Controller integrated in the southbridge (ICH or PCH).
The Intel Management Engine with its proprietary firmware has complete access to and control over the PC: it can power on or shut down the PC, read all open files, examine all running applications, track all keys pressed and mouse movements, and even capture or display images on the screen. And it has a network interface that is demonstrably insecure, which can allow an attacker on the network to inject rootkits that completely compromise the PC and can report to the attacker all activities performed on the PC. It is a threat to freedom, security, and privacy that can't be ignored.
ME firmware versions 6.0 and later, which are found on all systems with an Intel Core i3/i5/i7 CPU and a PCH, include "ME Ignition" firmware that performs some hardware initialization and power management. If the ME's boot ROM does not find in the SPI flash memory an ME firmware manifest with a valid Intel signature, the whole PC will shut down after 30 minutes.
Quotes on Intel backdoors:
A message from RMS [fsf.org]
by Richard Stallman on Dec 29, 2016 09:45 AM
The current generation of Intel and AMD processor chips are designed with vicious back doors that users cannot shut off. (In Intel processors, it's the "management engine".)
No users should trust those processors.
2. The backdoor is next to impossible to decode and reverse engineer:
Due to multiple instruction sets + custom compression algorithm.
The Trouble With Intel's Management Engine [hackaday.com]
While most of the firmware for the ME also resides in the Flash chip used by the BIOS, the firmware isn't readily readable; some common functions are in an on-chip ROM and cannot be found by simply dumping the data from the Flash chip.
This means that if you're trying to figure out the ME, a lot of the code is seemingly missing. Adding to the problem, a lot of the code itself is compressed with either LZMA or Huffman encoding. There are multiple versions of the Intel ME, as well, all using completely different instruction sets: ARC, ARCompact, and SPARC V8. In short, it's a reverse-engineer's worst nightmare.
To break the Management Engine, though, this code will have to be reverse engineered, and figuring out the custom compression scheme that's used in the firmware remains an unsolved problem.
But unsolved doesn't mean that people aren't working on it. There are efforts to break the ME's Huffman algorithm. Of course, deciphering the code we have would lead to another road block: there is still the code on the inaccessible on-chip ROM. Nothing short of industrial espionage or decapping the chip and looking at the silicon will allow anyone to read the ROM code. While researchers do have some idea what this code does by inferring the functions, there is no way to read and audit it. So the ME remains a black box for now.
3. The backdoor is active even when the machine is powered off:
Intel rolled out something horrible [hackaday.com]
The ME has network access, access to the host operating system, memory, and cryptography engine. The ME can be used remotely even if the PC is powered off. If that sounds scary, it gets even worse: no one knows what the ME is doing, and we canâ(TM)t even look at the code.
4. Onboard ethernet and WiFi is part of the backdoor:
The ME has its own MAC and IP address for the out-of-band interface, with direct access to the Ethernet controller; one portion of the Ethernet traffic is diverted to the ME even before reaching the host's operating system
If your CPU has Intel Anti-Theft Technology enabled, it is also possible to directly access the backdoor from cell towers using 3G.
5. The backdoor uses encrypted communication:
https://en.wikipedia.org/wiki/Intel_Active_Management_Technology#Using_Intel_AMT [wikipedia.org]
AMT version 4.0 and higher can establish a secure communication tunnel between a wired PC and an IT console outside the corporate firewall. In this scheme, a management presence server (Intel calls this a "vPro-enabled gateway") authenticates the PC, opens a secure TLS tunnel between the IT console and the PC
6. Recent backdoors run Java applets
*3 billion devices run Java* and everyone's motherboard is running it.
https://en.wikipedia.org/wiki/Intel_Active_Management_Technology#cite_ref-is_31-0 [wikipedia.org]
Starting with ME 7.1, the ARC processor can also execute signed Java applets. The ME state is stored in a partition of the SPI flash, using the Embedded Flash File System.
7. Po
Re: (Score:2)
Re: (Score:2, Informative)
This is exactly what was said was going to happen when it came to light that Intel was sticking extra shit to motherboards no one was asking for. And at the time, Intel said no one would be capable of getting to it. Guess what?
So tired of this crap.
So tired of this crap? Disable it. It's not like SOL is some hidden buried feature that isn't accessible via a simple BIOS option. A lot of people froth at the mouth over IME without understand what the attack surface is, and what it isn't.
This has nothing to do with any of the complaints over IME since this functionality is completely within the user's control.
Good selection (Score:5, Insightful)
Also, Stallman was right all along.
Re: (Score:3)
Also, Stallman was right all along.
About what? About a feature which is controlable in the BIOS that offers power users a choice of network administration being a possible attack?
Oh you didn't realise this was something you could disable and has nothing to do with any hidden code did you?
Re: (Score:2)
Also, Stallman was right all along.
He usually is: Intel's chips contain a security hazard [slashdot.org]
As I recall, Intel came out with a rebuttal that went something like: "It's perfectly secure and a standard computer management feature, you bunch of dunces." I hope they like that crow they're eating.
And this is the problem... (Score:2)
...with the computer-within-a-computer model. Instead of doing one thing and doing it well, and to use a cliche, putting all of one's eggs in one basket and then watching the basket, a fragmented model means that inevitably pieces get missed, as the proliferation of extra and possibly extraneous systems makes it impossible to keep-up with everything going on.
More and more layers are piled-on, and more and more points are created for there to be problems.
Re: (Score:3)
You're talking about systemd, aren't you?
Re: (Score:2)
mmmm omelettes.
AMT (Score:2)
Fuck AMT (and AMD's PSP).
They have almost zero real world benefit, and are just absurdly dangerous.
Re: (Score:2)
I thought the PSP was made by Sony.
noooo... not AMT (Score:2)
I thought they said it was 100% secure, and this would never happen.. lol fools they are.
Re: (Score:2)
I vaguely remember seeing that post, and I believe it was on the article here talking about AMD maybe Open Sourcing their version(PSP). But I could be incorrect.
Above and beyond that anybody that knows how computers and the internet really works, has known for years(about 11) that AMT was most likely backdoored.
Re: (Score:2)
Re: (Score:2)
LOL that sounds good. but anybody with money to waste on a few cpu's could RE the thing with the skilled help of others(available on the internet if you know where to look) If I had the money and the will, I guarantee somebody I know would know the proper person to contact to get the information needed to access said backdoor. And obviously somebody has already done this(see article). I fully understand where you're coming from, Intel even went as far as to say it was impossible for somebody to hack. But no
AMD for the win! AMD for the max pci-e in each cpu (Score:1)
AMD for the win! AMD for the max pci-e in each cpu! Intel next round better be cheaper / better and no more of this cut down BS. Intel even tried cpu DLC windows only and it failed
Re: (Score:2)
Re: (Score:2)
They're hopefully going to open source that portion. Hopefully. there is nothing set in stone, but Lisa Su sounded and looked interested in the idea.. Plus they need to get a better leg up on intel anyways. So I will stay optimistic about it.
Obligatory:Intel CPU Backdoor Report (May 5 2017) (Score:4, Informative)
The goal of this report is to make the existence of Intel CPU backdoors a common knowledge and provide information on backdoor removal.
What we know about Intel CPU backdoors so far:
TL;DR version
Your Intel CPU and Chipset is running a backdoor as we speak.
The backdoor hardware is inside the CPU/Bridge and the backdoor firmware (Intel Management Engine) is in the chipset flash memory.
30C3 Intel ME live hack:
@21m43s, keystrokes leaked from Intel ME above the OS, wireshark failed to detect packets.
[Video Link] 30C3: Persistent, Stealthy, Remote-controlled Dedicated Hardware Malware [youtube.com]
[Quotes] Vortrag [events.ccc.de]:
"DAGGER exploits Intel's Manageability Engine (ME), that executes firmware code such as Intel's Active Management Technology (iAMT), as well as its OOB network channel."
"the ME provides a perfect environment for undetectable sensitive data leakage on behalf of the attacker. Our presentation consists of three parts. The first part addresses how to find valuable data in the main memory of the host. The second part exploits the ME's OOB network channel to exfiltrate captured data to an external platform and to inject new attack code to target other interesting data structures available in the host runtime memory. The last part deals with the implementation of a covert network channel based on JitterBug."
"We have recently improved DAGGER's capabilites to include support for 64-bit operating systems and a stealthy update mechanism to download new attack code."
"To be more precise, we show how to conduct a DMA attack using Intel's Manageability Engine (ME)."
"We can permanently monitor the keyboard buffer on both operating system targets."
Backdoor removal:
The backdoor firmware can be removed by following this guide [github.io] using the me_cleaner [github.com] script.
Removal requires a Raspberry Pi (with GPIO pins) and a SOIC clip.
Decoding Intel backdoors:
The situation is out of control and the Libreboot/Coreboot community is looking for BIOS/Firmware experts to help with the Intel ME decoding effort.
If you are skilled in these areas, download Intel ME firmwares from this collection [win-raid.com] and have a go at them, beware Intel is using a lot of counter measures to prevent their backdoors from being decoded (explained below).
Useful links:
The Intel ME subsystem can take over your machine, can't be audited [ycombinator.com]
REcon 2014 - Intel Management Engine Secrets [youtube.com]
Untrusting the CPU (33c3) [youtube.com]
Towards (reasonably) trustworthy x86 laptops [youtube.com]
30C3 To Protect And Infect - The militarization of the Internet [youtube.com]
30c3: To Protect And Infect Part 2 - Mass Surveillance Tools & Software [youtube.com]
1. Introduction, what is Intel ME
Short version, from Intel staff:
Re: What Intel CPUs lack Intel ME secondary processor? [intel.com]
Amy_Intel Feb 8, 2016 9:27 AM
The Management Engine (ME) is an isolated and protected coprocessor, embedded as a non-optional part in all current Intel chipsets, I even checked with the engineering department and they confirmed it.
Long version:
ME: Management Engine [libreboot.org]
The Intel Management Engine (ME) is a separate computing environment physically located in the MCH chip or PCH chip replacing ICH.
The ME consists of an individual processor core, code and data caches, a timer, and a secure internal bus to which additional devices are connected, including a cryptography engine, internal ROM and RAM, memory controllers, and a direct memory access (DMA) engine to access the host operating system's memory as well as to reserve a region of protected external memory to supplement the ME's limited internal RAM. The ME also has network access with its own MAC address through the Intel Gigabit Ethernet Controller integrated in the southbridge (ICH or PCH).
The Intel Management Engine with its proprietary firmware has complete access to and control over the PC: it can power on or shut down the PC, read all open files, examine all running applications, track all keys pressed and mouse movements, and even capture or display images on the screen. And it has a network interface that is demonstrably insecure, which can allow an attacker on the network to inject rootkits that completely compromise the PC and can report to the attacker all activities performed on the PC. It is a threat to freedom, security, and privacy that can't be ignored.
ME firmware versions 6.0 and later, which are found on all systems with an Intel Core i3/i5/i7 CPU and a PCH, include "ME Ignition" firmware that performs some hardware initialization and power management. If the ME's boot ROM does not find in the SPI flash memory an ME firmware manifest with a valid Intel signature, the whole PC will shut down after 30 minutes.
Quotes on Intel backdoors:
A message from RMS [fsf.org]
by Richard Stallman on Dec 29, 2016 09:45 AM
The current generation of Intel and AMD processor chips are designed with vicious back doors that users cannot shut off. (In Intel processors, it's the "management engine".)
No users should trust those processors.
2. The backdoor is next to impossible to decode and reverse engineer:
Due to multiple instruction sets + custom compression algorithm.
The Trouble With Intel's Management Engine [hackaday.com]
While most of the firmware for the ME also resides in the Flash chip used by the BIOS, the firmware isn't readily readable; some common functions are in an on-chip ROM and cannot be found by simply dumping the data from the Flash chip.
This means that if you're trying to figure out the ME, a lot of the code is seemingly missing. Adding to the problem, a lot of the code itself is compressed with either LZMA or Huffman encoding. There are multiple versions of the Intel ME, as well, all using completely different instruction sets: ARC, ARCompact, and SPARC V8. In short, it's a reverse-engineer's worst nightmare.
To break the Management Engine, though, this code will have to be reverse engineered, and figuring out the custom compression scheme that's used in the firmware remains an unsolved problem.
But unsolved doesn't mean that people aren't working on it. There are efforts to break the ME's Huffman algorithm. Of course, deciphering the code we have would lead to another road block: there is still the code on the inaccessible on-chip ROM. Nothing short of industrial espionage or decapping the chip and looking at the silicon will allow anyone to read the ROM code. While researchers do have some idea what this code does by inferring the functions, there is no way to read and audit it. So the ME remains a black box for now.
3. The backdoor is active even when the machine is powered off:
Intel rolled out something horrible [hackaday.com]
The ME has network access, access to the host operating system, memory, and cryptography engine. The ME can be used remotely even if the PC is powered off. If that sounds scary, it gets even worse: no one knows what the ME is doing, and we canâ(TM)t even look at the code.
4. Onboard ethernet and WiFi is part of the backdoor:
The ME has its own MAC and IP address for the out-of-band interface, with direct access to the Ethernet controller; one portion of the Ethernet traffic is diverted to the ME even before reaching the host's operating system
If your CPU has Intel Anti-Theft Technology enabled, it is also possible to directly access the backdoor from cell towers using 3G.
5. The backdoor uses encrypted communication:
https://en.wikipedia.org/wiki/Intel_Active_Management_Technology#Using_Intel_AMT [wikipedia.org]
AMT version 4.0 and higher can establish a secure communication tunnel between a wired PC and an IT console outside the corporate firewall. In this scheme, a management presence server (Intel calls this a "vPro-enabled gateway") authenticates the PC, opens a secure TLS tunnel between the IT console and the PC
6. Recent backdoors run Java applets
*3 billion devices run Java* and everyone's motherboard is running it.
https://en.wikipedia.org/wiki/Intel_Active_Management_Technology#cite_ref-is_31-0 [wikipedia.org]
Starting with ME 7.1, the ARC processor can also execute signed Java applets. The ME state is stored in a partition of the SPI flash, using the Embedded Flash File System.
7. Possible attack vectors from Intel/CIA/NSA (who holds the certificate):
Cross-Device Attack Vectors:
1. Obtain CA Cert trusted by ME > Broadcast DHCP announcement with domain name matching the certificate > Ethernet-Port > CPU backdoor (No exploits required, still works when system is turned off)
2. Insecure mobile > Broadcast wireless magic packet (CA cert broadcast) > On-Chip-Wifi/On-Chip-Intel-Wireless-Display > CPU backdoor (Only a backdoored mobile is required)
Other Attack Vectors:
3. Cell tower broadcast > Intel Anti-theft technology (On-Chip 3G receiver) > CPU backdoor
4. Zero day browser exploit > Powershell > Intel AMT > CPU backdoor
8. Backdoor inside a backdoor
For years Intel acted as if they weren't simply selling spy gears for the US government, but the Vault 7 leak forced them to come out in the open. On May 1st 2017, Intel released a "Critical" security bulletin INTEL-SA-00075 [intel.com], admitting Intel Core CPU from 1st gen to 7th gen (2006-2017) all share the same critical vulnerability:
CVE Name: CVE-2017-5689
Impact of vulnerability: Elevation of Privilege
Severity rating: Critical
Original release: May 01, 2017
There is an escalation of privilege vulnerability in Intel Active Management Technology (AMT), Intel Standard Manageability (ISM), and Intel Small Business Technology versions firmware versions 6.x, 7.x, 8.x 9.x, 10.x, 11.0, 11.5, and 11.6 that can allow an unprivileged attacker to gain control of the manageability features provided by these products.
Intel created a backdoor in the ME web console by using strncmp() to compare password, anyone sending an empty string as password (length 0) can get into the system, with no access log on both Intel ME and the OS:
The hijacking flaw that lurked in Intel chips is worse than anyone thought [arstechnica.com]
The bug was in the code to compare the two passwords. It used the strncmp function that compares the first N characters of two strings:
strncmp(string1, string2, N)
Sending an empty password, the compare code does this:
strncmp("6629fae49393a05397450978507c4ef1","",0)
Which is equivalent to:
strncmp("","",0)
And always return true.
Many vulnerable systems are exposed to the internet:
The hijacking flaw that lurked in Intel chips is worse than anyone thought [arstechnica.com]
A query of the Shodan security search engine found over 8,500 systems with the AMT interface exposed to the Internet, with over 2,000 in the United States alone.
Re: (Score:2)
Are you sure about "own MAC and IP address"? Common network chip set (e.g. Intel 82574 family) external interfaces include: NC-SI or SMBus connection to a Manageability Controller (MC) with IPMI MC pass through; multi-drop NC-SI. This generally results in UDP/TCP port 623 traffic being re-directed to the Management Controller. The way I have seen this manifested is port 623 on all network interfaces is passed through to the management engine. The IP and MAC for the management engine is the same as for
Wonder who that could be (Score:3)
Interest in countries around South China Sea? It was probably East Timor.
Re: (Score:1)
Whether or not you're connected directly to the Internet is irrelevant if the hackers can break into some insecure 'IoT' device on your LAN and use that to launch attacks on everything behind the firewalls.
The problem always is... (Score:2)
Well that didn't take long did it (Score:2)
Didn't take fucking long at all, now that the infosec companies know what they should've been looking for.
Re: (Score:2)