Become a fan of Slashdot on Facebook

 



Forgot your password?
typodupeerror
Security Intel Hardware Technology

Intel: We've Found Severe Bugs in Secretive Management Engine, Affecting Millions (zdnet.com) 207

Liam Tung, writing for ZDNet: Thanks to an investigation by third-party researchers into Intel's hidden firmware in certain chips, Intel decided to audit its firmware and on Monday confirmed it had found 11 severe bugs that affect millions of computers and servers. The flaws affect Management Engine (ME), Trusted Execution Engine (TXE), and Server Platform Services (SPS). Intel discovered the bugs after Maxim Goryachy and Mark Ermolov from security firm Positive Technologies found a critical vulnerability in the ME firmware that Intel now says would allow an attacker with local access to execute arbitrary code. The researchers in August published details about a secret avenue that the US government can use to disable ME, which is not available to the public. Intel ME has been a source of concern for security-minded users, in part because only Intel can inspect the firmware, yet many researchers suspected the powerful subsystem had bugs that were ripe for abuse by attackers.
This discussion has been archived. No new comments can be posted.

Intel: We've Found Severe Bugs in Secretive Management Engine, Affecting Millions

Comments Filter:
  • Further proof (Score:5, Insightful)

    by WoodstockJeff ( 568111 ) on Tuesday November 21, 2017 @10:28AM (#55594831) Homepage

    of how well "security by obscurity" works.

    • by Anonymous Coward

      Apparently it works pretty well. Intel ME has been out for how many years now, and this is just coming to light now. So...sounds like they got away with it for quite a while.

    • of how well "security by obscurity" works.

      Given the length of time it has been in place combined with the complete lack of any open exploits until very recently I'd say so far the answer to that question is "incredibly well" clearly out performing most other forms of security.

      • by gweihir ( 88907 )

        And now it demonstrated how it works in the face of a competent attacker: Full, catastrophic, immediate failure. It outperforms any other security in this regard as well, only that it does worse than any other for of security.

      • by DarkOx ( 621550 )

        combined with the complete lack of any published open exploits

        There fixed that for you.
        We have no idea if the 3 letters American or otherwise have known about or have been abusing this for years! Nor do we know if organized crime groups might have been using it.

        • Exploits don't need to be published to be in the wild, actually the vast majority of exploits aren't.

    • ...where I run CentOS and Firefox. I'm not trusting any sensitive personal data to Intel until I get easy tools to remove the ME.

      I wish Oracle would put out a "Raspberry-Pi" class of the SPARC T2 [oracle.com]. The design is open and can be trusted.

      • ...where I run CentOS and Firefox. I'm not trusting any sensitive personal data to Intel until I get easy tools to remove the ME.

        I wish Oracle would put out a "Raspberry-Pi" class of the SPARC T2 [oracle.com]. The design is open and can be trusted.

        Nothing from Oracle can be trusted. Being open doesn't mean something is trustworthy. It means you're able to build your own and audit it. You can't trust something unless you actually do that.

    • Re:Further proof (Score:5, Informative)

      by Groo Wanderer ( 180806 ) <charlie@seTOKYOmiaccurate.com minus city> on Tuesday November 21, 2017 @01:08PM (#55596427) Homepage

      As the one who outed the 10+ year AMT bug a few months ago, Intel's ''security' policy is a joke. No it is worse than that, it is willfully malign. They know how to do the right thing but they refuse to do so for whatever reason. I have been begging them for quite literally years not to be abjectly stupid on TXT and ME security issues but they just get worse. You are seeing the tip of the iceberg, wait for the hardware issues you can't patch to be found....

                    -Charlie

      • Re:Further proof (Score:4, Insightful)

        by MangoCats ( 2757129 ) on Tuesday November 21, 2017 @06:26PM (#55599169)

        But, are you privy to the government deals which have been brokered to leave these flaws in the mass market chips?

        Oftentimes, willfully malign is a signpost for covertly compensated.

        • Some, enough to keep me from sleeping some nights, and more than enough to keep me from having any respect for the people ostensibly working in our best interest who simply don't get the implications what they are doing.

    • How is this different from full transparency? Are you somehow under the impression there are no security vulnerabilities in open source software, which is completely open to anyone for inspection?

  • ugh... (Score:4, Funny)

    by Anonymous Coward on Tuesday November 21, 2017 @10:32AM (#55594871)

    I want my C64 back. I want hardware I can understand and software I can control. Fuck this modern bloated 4 gigabyte web browser tab horseshit with thousands of people mashing their keyboards randomly and millions more observing my private data.

  • Are we just to assume that they're effectively obsolete and have to purchase new "patchable ME" CPUs that are probably just putting a newer, more secure back door in?

    • by networkBoy ( 774728 ) on Tuesday November 21, 2017 @11:30AM (#55595459) Journal

      Actually on ME9 Intel changed the kernel. In ME6 they changed the platform layout.

      * ME < 6: GMCH northbridge and southbridge. ME lived in the GMCH and had full access to RAM even in S5 (off) system state. Kernel is based on ThreadX. CPU is ARM core.
      * ME 6-8, same kernel, but moved to PCH (formerly southbridge) and the CPU gined the GM part of GMCH. Northbridge removed from platforms. ME loses access to RAM in all states besides S0 (on) and has to make do with PRAM on PCH.
      * ME9+: ME now runs on Minix and Quark CPU. Vulnerabilities become an issue.
      * ME10: internal struggle for dominance between kernel and AMT teams (based in US and Israel respectively) leads to departures. (including mine)
      * ME11 (12?): US team is disbanded.

      • Like many others trying to do the right thing on Intel security, I am sorry you left. I know several others starting with the pre-AMT vPro reveal team members who got sick of beating their heads against the wall and quit in frustration. The idiots stay. This is not good for humanity.

        • Eh, when the inevitable hacking starts and then the lawsuits start Intel as a company may cease to exist in it's current form.

          • The hacking is already done and it is more than documented. I have been warning Intel directly about the financial implications for literally years. They denied it was a problem. Now it is too late.

        • Yeah, I started in the 3.1 days, so AMT was already there.
          I still maintain that the ME kernel (prior to the push to get on to tiny IA and Minix) was pretty damn secure.
          I also maintain that a sub processor with a kernel based os running apps for system bringup is a good idea. It allows not having to build dedicated hardware for all the separate functions on a motherboard (power management, USB init, SATA init, etc.) the issue is making this kernel have *any* outside world connection other than an output onl

      • I predict that as Intel gradually loses its grip on the desktop and server markets, Israel will gradually lose its grip on US policy, with some lag time.

  • by Luthair ( 847766 ) on Tuesday November 21, 2017 @10:33AM (#55594897)

    Going out on a limb here.... while Intel claims the problems affect the 6th, 7th, and 8th gen processors, I bet they probably didn't bother testing or auditing earlier systems. Hasn't ME been around much longer than that?

    Really, this ought to be factory disabled by OEMs and only shipped enabled to large corporate customers.

    • Does the Core 2 Duo series have any of this bullshit?

      • by thegarbz ( 1787294 ) on Tuesday November 21, 2017 @11:26AM (#55595423)

        Yes. Everything after about 2006 does to varying extent.

      • The Core 2 Duo series are the last design that can have the ME entirely removed (see Libreboot project).
    • Going out on a limb here.... while Intel claims the problems affect the 6th, 7th, and 8th gen processors, I bet they probably didn't bother testing or auditing earlier systems. Hasn't ME been around much longer than that?

      Really, this ought to be factory disabled by OEMs and only shipped enabled to large corporate customers.

      Yes ME has been around for 10 years or more. I would not be surprised that the older ones have the same issues or very similar ones. Unfortunately I work for a large university that purchased all of our systems with vPro enabled so no help here.

      • ME Ver 9 saw an architecture change (new kernel, new CPU core). Not actually sure what "generation" that maps to, as MEINFOVer is not the same as CPU gen ID

    • by AmiMoJo ( 196126 ) <mojo@@@world3...net> on Tuesday November 21, 2017 @10:52AM (#55595099) Homepage Journal

      Unfortunately you can't disable the ME. It's needed for the CPU to start up from cold. It manages the cold boot process. The best you can do is disable it after the initial boot up, but you have to trust that setting the disable flag really did what it claims to.

      You can also erase all the firmware modules not related to the early boot process, but again you have to trust that the ME is lying when it says they are gone.

    • Going out on a limb here.... while Intel claims the problems affect the 6th, 7th, and 8th gen processors, I bet they probably didn't bother testing or auditing earlier systems. Hasn't ME been around much longer than that?

      ME in some form or another has been around since 2006. However it has gone through many changes over the years with 11 major versions each introducing additional features. It stands to reason that bugs may be introduced in certain versions. e.g. Despite how long it's been around the majority of it's more advanced remote control features weren't introduced until AMT 7.0 which provided remote provisioning and KVM functionality. That didn't even come out until ... 2013 ... I think.

  • As can be nicely seen, not only do back-doors allow people in that you do not really want to let in (Intel, the NSA), they often have serious flaws that let everybody else into your machines as well. The only sane and secure design is not to have any back-doors in the first place.

    Since Intel now has a ton of egg on their faces after their announcement, I expect we have a really, really serious problem now as long as the ME stays active in any significant number of computers. Otherwise they would just have t

  • Let me guess... (Score:4, Insightful)

    by jonr ( 1130 ) on Tuesday November 21, 2017 @10:37AM (#55594945) Homepage Journal

    ...and very difficult to patch?

    • Why would it be? Surely since it's backdoored Intel can just push out a global update to everyone on the internet.

  • local only though... (Score:2, Interesting)

    by Anonymous Coward

    I do not like the ME, but at least this is local acess exploit only:

    would allow an attacker with local access to execute arbitrary code.

    To be fair, a local attacker can pretty much always gain access to your system, ME or no ME. A simple HW keylogger is ample and most people would never notice.

    So you HAVE to keep your hardware secure if you want the data ot be secure. That is still true with the ME. I will be much more worried if there is a remote exploit.

    • There is a remote exploit in AMT (one of the apps for ME). So if you have AMT you're remotely exploitable if it's not disabled in ME.

    • by gweihir ( 88907 )

      You are mistaken. This is an attacker that can locally execute code. It is not one with physical access. And a local code execution can sometimes be upgraded to a fully remote code execution, especially as the ME can snoop at least on chipset-integrated network cards.

      In addition, AV cannot detect an infection...

    • Local access can mean a heap of trouble as well. Especially on the CPU level where a VM may run untrusted code, and the code is able to use the ME to escalate privs.

    • Re: (Score:2, Interesting)

      by Anonymous Coward

      If you have a server running public services. Web server, mail server, FTP server, etc. then everyone on the public Internet has some level of "local" access. That's just the way it works. Think about it.

    • by cfalcon ( 779563 ) on Tuesday November 21, 2017 @12:10PM (#55595869)

      > I do not like the ME, but at least this is local acess exploit only

      It's still fucked up.

      The previous ME flaw involved gaining remote access illegitimately. This one involves being able to inject stuff into the super ultra privileged secret area that operating systems can't see or guard against once you have that access. And there's NO REASON to believe that this is the final bug that exists. So far it looks like chained vulns from internet down to a run level that the chip prevents the kernel from seeing.

  • Have other chipmakers clearly and unambiguously said their chips do not have a back door mechanism?

    More importantly has there been any independent verification of chips from others? Intel has been doing it for years. Employees, senior developers and managers routinely leave one chip company and join other chip companies. This idea must have metastasized by now and the dispersed cells must have established new locations to grow.

    Are you really going to trust any statement from the management of Samsung, of all companies? Heck, I can't even trust German companies after Volkswagen.

    • by iCEBaLM ( 34905 )

      AMD has started adding what they call the PSP to their zen core chips. It's apparently an ARM trustzone system. Lots of AMD customers have been asking AMD for a way to disable it since Ryzen launched.

    • by e r ( 2847683 )
      They ALL have back doors similar to Intel's, though they're called other names [wikipedia.org].

      But this doesn't mean there's no way to punish Intel. Here are some options:

      1. Send them some nasty letters and emails. Even better: be polite but detailed and specific in explaining exactly how they went wrong and why you will no longer buy from them nor allow your company to buy from them.

      2. Buy AMD chips instead. Yes, of course, AMD chips have the same thing in them-- but that is still money that Intel won't get from you
      • Allow me to suggest a modification to your plans...

        1. Send them some nasty letters and emails. Even better: be polite but detailed and specific in explaining exactly how they went wrong and why you will no longer buy from them nor allow your company to buy from them UNTIL THEY CHANGE THEIR WAYS.

        2. Buy AMD chips instead. Yes, of course, AMD chips have the same thing in them-- but that is still money that Intel won't get from you and you'd be fostering competition which is a good way to motivate AMD or Intel

    • by infolation ( 840436 ) on Tuesday November 21, 2017 @01:20PM (#55596565)

      Have other chipmakers clearly and unambiguously said their chips do not have a back door mechanism?

      Yes, IBM's Power [wikipedia.org] series of CPUs are fully open without any equivalent of the Management Engine.

    • Intel can't say their chips don't have a back door. They also haven't said their chips don't have a back door so at least they are honest.

      AMD is working on greater disclosure and I am prodding them as hard as I can. Internally they seem to be doing the right things, or at least trying to.

      ARM has their full code base published on Github. This doesn't prevent licensees from using something else, adding nefarious things etc, but I can almost guarantee most don't. You can always checksum the code if you want.

      As an aside, AMD's PSP is based on ARM's stuff which is completely open source. I am fairly sure that the majority of AMD's code in this area is unchanged from the vanilla ARM version so you could consider AMD's partially open.

              -Charlie

      • >"AMD is working on greater disclosure and I am prodding them as hard as I can. Internally they seem to be doing the right things, or at least trying to."

        Unfortunately, there is only one real acceptable solution to many of us, and that is the owner of the computer needs to have the ability to turn it all OFF. Anything short of that is really an automatic "fail." If they are worried about how THAT might be accessed, then make it a jumper or physical switch on the motherboard. Done.

        • I agree. Inte; has that feature but they deny it and hide it from users, even users who they know are being exploited. I am pissed.

  • The CIA thinks it gets to have it's hands into everyone's computer.

    They don't.

  • Forget Intel chips, use AMD

    • by Kokuyo ( 549451 )

      I've got bad news for ya, matey...

    • Same problem, different name. AMD now uses what they call PSP, which is essentially their own version of IME.

      As much as I'd like to support AMD adoption, they're unlikely to back off on PSP if everyone who dislikes IME switches to AMD without holding them to the same standard. If you want to see a change it might be better to loudly complain about IME while commenting that you would switch to AMD if only they didn't have the same problem. Maybe then AMD would eventually notice that they're missing out on a

  • Somebody bring me my fainting couch. Security through obscurity never works.

  • OK. It's there and it's not going to just disappear, sooooo, is there any way to root it and use it ourselves? Who wouldn't want to turn a dual-core into a tri-core (or even just a dual and 1/2 core)?
    • is there any way to root it and use it ourselves?

      Yes.

      Why do you think a patch is necessary?

    • it'd be a dual and a couple cents.
      there is not much memory available to it, and it's a pretty limited Quark core (or ARM if older than ME9).

  • The kind where the user can take control of his machine against the wishes of its maker? Yeah, that's a nasty one, fix that immediately!

  • Two thumbs WAY down for Intel pulling this shit in the first place.

    One thumb sorta up for them admitting they have bugs in said shit.

  • The govcode/malware is installed directly by the manufacturer.

    One wonders how fast computers would be if they were not running other priority tasks at all times.
  • http://www.templeos.org/ToPuni... [templeos.org]

    Heed Terry the Terrible's Edict!!!

    Brian Richardson directly challenged authority of King 11/18/17. Gets a beating for stupidity. 11/18/17 NIST at 17:20 hours

I am a computer. I am dumber than any human and smarter than any administrator.

Working...