Intel platforms from 2008 onwards have a remotely exploitable security hole

<i>The short version is that every Intel platform with AMT, ISM, and SBT from Nehalem in 2008 to Kaby Lake in 2017 has a remotely exploitable security hole in the ME (Management Engine) not CPU firmware.</i><p>We knew this would happen. We knew that the Management Engine was a backdoor, and we knew it was only a matter of time before someone would figure out how to exploit it. This is exactly the reason why Libreboot exists (<a href="https:&#x2F;&#x2F;libreboot.org&#x2F;faq.html#intel" rel="nofollow">https:&#x2F;&#x2F;libreboot.org&#x2F;faq.html#intel</a>). And now, far from being the tinfoil hat distro that is often portrayed, it will become a bare necessity.

&gt; For obvious reasons we couldn’t publish what we found<p>It&#x27;s not obvious to me why anyone not under an NSL or NDA would sit on this vulnerability for 5 years and wait until it&#x27;s actively being exploited in the wild before public disclosure.<p>It&#x27;s extremely negligent to global security for SemiAccurate to not immediately publicly disclose the vulnerability 5 years ago after Intel refused to fix it. Of course this is ignoring the root of the problem, which is that the US government has deeply compromised Intel since the very first security management interfaces were added to Intel chips in the early 90s.<p>The real solution to the root issue is legislation that forces security disclose timelines of 90 days or less for government-found vulnerabilities, and prevents the stockpiling of vulnerability exploit kits.

Is there a better source for this than SemiAccurate? The article doesn&#x27;t really have much beyond self-aggrandizement and &quot;we can&#x27;t tell you any details, but you&#x27;re screwed&quot;. For something that could be anything from &quot;Charlie Demerjian heard a rumor about a ME patch and wanted some pageviews&quot; to the actual security apocalypse, I&#x27;d like credible sources.

&gt;&gt;every Intel platform with AMT, ISM, and SBT from Nehalem in 2008 to Kaby Lake in 2017 has a remotely exploitable security hole in the ME (Management Engine) not CPU firmware.<p>&gt;&gt;there is literally no Intel box made in the last 9+ years that isn’t at risk<p>&gt;&gt;SemiAccurate has been begging Intel to fix this issue for literally years<p>Am I the only one who is so cynical to think it must have been deliberate? Intel dragging their feet for YEARS -- what could justify such a delay? The paranoid side of me asks &quot;Were they waiting to patch this hole, until they found a different one that could be utilized?&quot; Which begs the next quesion: Where is the NSA in all of this? It&#x27;s the sort of thing that would be mighty handy to a group wishing to snoop on everyone and everything?<p>Last question: Why would anyone trust the encrypted management engine after this? (Why would anyone trust it before?)<p>&gt;&gt; What about embedded devices that are increasingly PC based? Digital signage perhaps? Industrial controls. HVAC. Security systems. Flight controls. Air traffic controls. Medical devices.<p>What, indeed? Is this the method used to interfere with Iran&#x27;s nuclear program centrifuges?

As a sysadmin at a Windows shop, I don&#x27;t know what to make of this. Has Intel commented on this, yet? Any OEM?<p>Joanna Rutkowska, who <i>is</i> a renowned security researcher, warned of something like this happening sooner or later[1], so I don&#x27;t think I can afford to just ignore this.<p>But without something more specific to act on, there is nothing I <i>can</i> do, except wait firmware updates to be released by various vendors. <i>If</i> that happens.<p>And what if Intel does make a statement that essentially says, &quot;This is all total BS&quot;? I wouldn&#x27;t know whether to believe them or not.<p>The only scenario where I could have any degree of certainty would be if Intel came out and said, &quot;Yeah there&#x27;s an exploitable security hole in ME, here&#x27;s a patch to disable it&quot;.<p>[1] <a href="http:&#x2F;&#x2F;blog.invisiblethings.org&#x2F;papers&#x2F;2015&#x2F;x86_harmful.pdf" rel="nofollow">http:&#x2F;&#x2F;blog.invisiblethings.org&#x2F;papers&#x2F;2015&#x2F;x86_harmful.pdf</a>

Zero details and zero cross references, zero mentions on Google and zero mentions in any security list I&#x27;m on. Charlie blowing nonsensical steam yet again?

FTA, Intel confirms? <a href="https:&#x2F;&#x2F;security-center.intel.com&#x2F;advisory.aspx?intelid=INTEL-SA-00075&amp;languageid=en-fr" rel="nofollow">https:&#x2F;&#x2F;security-center.intel.com&#x2F;advisory.aspx?intelid=INTE...</a>

I think it is high time for companies who make hardware be financially fined for lapses like this. In this particular case, the manufacturer was warned and did nothing for years.<p>This is negligence especially considering these chips control critical devices that can cause damage or even loss of life if they are successfully exploited.<p>Can you imagine if car maker didn&#x27;t fix a hardware defect they knew for years. Oh wait...

What is the motivation behind Management Engine?<p>From the perspective of an everyday user these things came out of nowhere to evolve into this para-computer running along side me that I cannot see and have no control of. It is on literally <i>ALL</i> hardware<p>Why is it that any attempts to disable it knock your whole computer out?<p>And this is the world of technology that we want? I&#x27;m so sick of technology companies appearing to work for their customers but secretly working against them.

&#x2F;r&#x2F;netsec link: <a href="https:&#x2F;&#x2F;www.reddit.com&#x2F;r&#x2F;netsec&#x2F;comments&#x2F;68lqzq&#x2F;remote_security_exploit_in_all_2008_intel&#x2F;?submit_url=https%3A%2F%2Fsemiaccurate.com%2F2017%2F05%2F01%2Fremote-security-exploit-2008-intel-platforms%2F&amp;already_submitted=true&amp;submit_title=Alleged+remotely+exploitable+vulnerability+in+Intel+AMT%2C+ISM%2C+and+SBT+since+2008" rel="nofollow">https:&#x2F;&#x2F;www.reddit.com&#x2F;r&#x2F;netsec&#x2F;comments&#x2F;68lqzq&#x2F;remote_secur...</a>

<p><pre><code> Security is a cost center and most OEMs run on margins too thin to bother with security patches even if they cared. Most simply don’t care. </code></pre> I think that sums up pretty well why downstream vendors are treating security casually. So the billion dollar question is, how do we fix this, as a tech community?

Great news that this finally came to light.<p>After learning about remote management capabilities I&#x27;ve always suspected it had holes. Large attack surface, any exploit would have a high value, and closed source.<p>Perhaps one day we&#x27;ll be able to buy CPU&#x27;s without this &quot;feature&quot;. I&#x27;m betting AMD and ARM are in the same boat.

&quot;It is this last point that has been causing some political unrest in the US, and the rest of the Western world. As you undoubtedly know, China is very nearly the sole producer of all electronic goods. It would be very, very easy for the Chinese government to slip a hardware backdoor into the firmware of every iPad, smartphone, PC, and wireless router.&quot; 2012 <a href="https:&#x2F;&#x2F;www.extremetech.com&#x2F;computing&#x2F;133773-rakshasa-the-hardware-backdoor-that-china-could-embed-in-every-computer" rel="nofollow">https:&#x2F;&#x2F;www.extremetech.com&#x2F;computing&#x2F;133773-rakshasa-the-ha...</a><p>Made in China, designed in the USA. Everyone wants their own backdoor.

Patching is going to be a nightmare considering that many OEMs drop support for a motherboard after 3 years. There will be unpatched systems floating around for a very, very long time.

I&#x27;ve got a Lenovo T530 and a Lenovo T450s. I wonder if they&#x27;ve released a firmware update yet...?<p>I can&#x27;t say I&#x27;m surprised, but I am surprised at the fact that finally, after all these years, someone finally got down to patching some vulnerabilities in this area.<p>props to whomever forced Intel&#x27;s hand.

Can anyone add any details? The article is very very vague. Doesn&#x27;t this work thru the Ethernet port in the chipset silicon?<p>So if you&#x27;re running a desktop that has a physical Ethernet card in it, and the Intel Ethernet isn&#x27;t connected, are you OK?<p>And if you&#x27;re running on a laptop that uses Intel&#x27;s Ethernet, (and most of them do?) then are you vulnerable?

Worrying about the ME and my dislike of secure boot is what has kept me from upgrading beyond the Core 2 Duo with BIOS. It&#x27;s starting to feel slow now, but I still don&#x27;t feel I can upgrade unless there is at least a way to disable the ME. So far, there don&#x27;t seem to be any reliable methods of doing so.

Even without any newly discovered backdoor. The Intel ME was always a fu<i></i>ing security issue. A BACKDOOR. It is completely naive to think the NSA can&#x27;t use the ME to get access to anything, but hey it needs another Snowden for people to listen again.

Intel ME always reminding me of the saying, &quot;Absolute power corrupts absolutely.&quot;

Relevant discussion:<p><a href="https:&#x2F;&#x2F;news.ycombinator.com&#x2F;item?id=11913379" rel="nofollow">https:&#x2F;&#x2F;news.ycombinator.com&#x2F;item?id=11913379</a>

For those who cannot switch to Libreboot, <a href="https:&#x2F;&#x2F;github.com&#x2F;corna&#x2F;me_cleaner" rel="nofollow">https:&#x2F;&#x2F;github.com&#x2F;corna&#x2F;me_cleaner</a> may be a solution to this issue.

What is the management engine, and how does one access it remotely?

Does this affect an Apple MacBook?

It&#x27;ll be interesting to see how Intel deals with it.<p>Looking at the recent Atom failures (with vendors told in no uncertain terms to present publicly as generic &quot;timing component&quot; failure), will they even admit it&#x27;s an ME thing?

The way this article is written leads me to believe that it is not entirely accurate.

Now this less-mainstream theory about the precarious state of our communication systems has confirmed to a greater degree, would anyone here know of similar risks that few seem to be aware of right now?<p>I&#x27;m not sure if this would be considered OT, but considering the nature and scope of these vulnerabilities I don&#x27;t consider it reasonable to exclude the possibility of intent and malice.<p>For this reason I&#x27;d like to ask: what do you consider to be &quot;the next, most likely to surface, conspiracy of this flavor&quot;?<p>The flavor being: &quot;the struggle for control of any and all data and computational resources&quot;.

I have a Sun workstation that seems to be no longer supported by Oracle (Sun Ultra 24 with a Q9300). I guess I&#x27;ll just be vulnerable forever.<p>I don&#x27;t really know what AMT does, but this has me thinking, if AMT is provisioned while a machine is used inside a company and then that machine shows up on eBay still provisioned, is it going to be phoning home and still be remotely manageable? How many of these machines have what are essentially persistent rootkits managed by large corporations that have had large fleets of laptops&#x2F;desktops deployed that are then sold on?

I&#x27;m a total n00b to how this stuff works, but I can&#x27;t seem to find any information for this sort of stuff online. I have an Intel CPU with a Gigabyte Motherboard and BIOS. If I&#x27;m running Linux without a GUI (headless) is this something that I have to worry about? If so, how do I turn it off? I don&#x27;t see any options for the Intel AMT or ME in my BIOS settings.<p>EDIT: I have a Core i3-4130T. Looks like it doesn&#x27;t have vPro so I&#x27;m hoping I&#x27;m safe?

My ignorance is showing, but what product lines are impacted?<p>Obviously things like Xeons and Core iXs, but what about things like Atom processors in tablets?

Vulnerable as in how vulnerable? Do you need to be physically connected to local Ethernet for this? WiFi?<p>If it&#x27;s WiFi that&#x27;s damn scary.

<i>Warning: Baseless, Idle Speculation</i><p>With the lead time on the silent patch before Shadow Brokers published all the Microsoft exploits, I wonder if Shadow Brokers will be publishing this one soon. No chance of an Intel ME patch going out without being noticed though!<p>A Shadow Brokers release would be a real mess.

Are remote management functions of portable consumer electronics (i.e.: remotely wiping your iPad) also supported by similar hardware chips from other vendors?

I&#x27;ve disabled ME on my PC because at some point LMS (Local Management Service) started consuming too much resources for no apparent reason.

Site is throwing NET::ERR_CERT_AUTHORITY_INVALID on latest Chrome Canary, is anyone else seeing that?

So they (SemiAccurate) knew about this for years, and STILL haven&#x27;t bothered with disclosure to force Intel&#x27;s hand earlier?<p>Thank you, SemiAccurate, for sitting on a vulnerability for years when you could&#x27;ve reported on it long ago and not had us left with this garbage of a security hole to deal with.

A back door is a back door is a back door.<p>Let&#x27;s hope Intel and all the other chipmakers will learn this lesson (unless it&#x27;s done on purpose, in which case they won&#x27;t care about any lessons learned - they&#x27;ll do it anyway).

Is there an analog of this issue on AMD chips?

I&#x27;ve always wondering why nobody seems to notice the fact that this site is literally called &quot;Semi Accurate&quot;. I mean sure, everyone makes mistake and even the most credible news sources are not entirely accurate all the time. But what am I to think when your organization is literally named after being only half truthful?