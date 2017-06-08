Malware Uses Obscure Intel CPU Feature To Steal Data and Avoid Firewalls (bleepingcomputer.com) 8
An anonymous reader writes: Microsoft's security team has come across a malware family that uses Intel's Active Management Technology (AMT) Serial-over-LAN (SOL) interface as a file transfer tool. The problem with Intel AMT SOL is that it's part of Intel's ME, a separate chip inside Intel CPUs that runs its own OS and stays on even when the main CPU is off.
Inside Intel's ME, AMT SOL opens a virtual network interface which works even when the PC is turned off. Furthermore, because this virtual network interface runs inside ME, firewalls and security products installed on the main OS won't detected malware using AMT SOL to exfiltrate data.
The malware was created and used by a nation-state cyber-espionage unit codenamed PLATINUM, active since 2009, and which has targeted countries around the South China Sea. PLATINUM is by far one of the most sophisticated hacking groups ever discovered. Last year [PDF], the OS maker said the group was installing malware by abusing hotpatching — a mechanism that allows Microsoft to issue updates that tap into active processes and upgrade applications or the operating system without having to reboot the computer.
Details about PLATINUM's recent targets and attacks are available in a report [PDF] Microsoft released yesterday.
One more time, my friends! (Score:2)
This is exactly what was said was going to happen when it came to light that Intel was sticking extra shit to motherboards no one was asking for. And at the time, Intel said no one would be capable of getting to it. Guess what?
So tired of this crap.
Also, Stallman was right all along.
Also, Stallman was right all along.
And this is the problem... (Score:2)
...with the computer-within-a-computer model. Instead of doing one thing and doing it well, and to use a cliche, putting all of one's eggs in one basket and then watching the basket, a fragmented model means that inevitably pieces get missed, as the proliferation of extra and possibly extraneous systems makes it impossible to keep-up with everything going on.
More and more layers are piled-on, and more and more points are created for there to be problems.
AMT (Score:2)
Fuck AMT (and AMD's PSP).
They have almost zero real world benefit, and are just absurdly dangerous.
noooo... not AMT (Score:2)
I thought they said it was 100% secure, and this would never happen.. lol fools they are.