71

A group of Security researchers has officially fucked hardware-level Intel botnet officially branded as "Intel Management Engine" they did so by gathering it all the autism they were able to get from StackOverflow mods... though they officially call it a Buffer Overflow.
On Wednesday, in a presentation at Black Hat Europe, Positive Technologies security researchers Mark Ermolov and Maxim Goryachy plan to explain the firmware flaws they found in Intel Management Engine 11, along with a warning that vendor patches for the vulnerability may not be enough.

Two weeks ago, the pair received thanks from Intel for working with the company to disclose the bugs responsibility. At the time, Chipzilla published 10 vulnerability notices affecting its Management Engine (ME), Server Platform Services (SPS), and Trusted Execution Engine (TXE).

The Intel Management Engine, which resides in the Platform Controller Hub, is a coprocessor that powers the company's vPro administrative features across a variety of chip families. It has its own OS, MINIX 3, a Unix-like operating system that runs at a level below the kernel of the device's main operating system.

It's a computer designed to monitor your computer. In that position, it has access to most of the processes and data on the main CPU. For admins, it can be useful for managing fleets of PCs; it's equally appealing to hackers for what Positive Technologies has dubbed "God mode."

The flaws cited by Intel could let an attacker run arbitrary code on affected hardware that wouldn't be visible to the user or the main operating system. Fears of such an attack led Chipzilla to implement an off switch, to comply with the NSA-developed IT security program called HAP.

But having identified this switch earlier this year, Ermolov and Goryachy contend it fails to protect against the bugs identified in three of the ten disclosures: CVE-2017-5705, CVE-2017-5706, and CVE-2017-5707.

The duo say they found a locally exploitable stack buffer overflow that allows the execution of unsigned code on any device with Intel ME 11, even if the device is turned off or protected by security software.

For more of the complete story go here:
https://blackhat.com/eu-17/...
https://theregister.co.uk/2017/12/...

I post mostly daily news, commentaries and such on my site for anyone that wish to drop by there

Comments
  • 5
  • 6
    @FrodoSwaggins My users are quite happy to have someone tell them about security and such topics mate, if you want an audience I can offer it to you then
  • 5
    @FrodoSwaggins Holy shit that's some old hardware you're using 😄. It's a temporary solution tho, soon you'll be 10 years behind, then 20, then 30. You'll have to upgrade at some point or you'll miss out on any tech innovation.

    As for the article itself. It sure makes some wild claims, i'd have to do some reading on this on my own before I can accept them.
  • 4
    Also to keep notice AMD has its own botnet called PSP (platform service processor)
  • 2
    @sam9669 Yes I know, I did write about it here too, not as a rant though
  • 8
    imagine a 14 yo scriptkiddy captures entire cloud server farms 😄
  • 3
    Ok be ready since the text limit here I will have to post many of this:
    AMD Platform Security Processor (PSP)
    This is basically AMD's own version of the Intel Management Engine. It has all of the same basic security and freedom issues, although the implementation is wildly different.
  • 7
    The Platform Security Processor (PSP) is built in on all Family 16h + systems (basically anything post-2013), and controls the main x86 core startup. PSP firmware is cryptographically signed with a strong key similar to the Intel ME. If the PSP firmware is not present, or if the AMD signing key is not present, the x86 cores will not be released from reset, rendering the system inoperable.

    The PSP is an ARM core with TrustZone technology, built onto the main CPU die. As such, it has the ability to hide its own program code, scratch RAM, and any data it may have taken and stored from the lesser-privileged x86 system RAM (kernel encryption keys, login data, browsing history, keystrokes, who knows!).
  • 6
    To make matters worse, the PSP theoretically has access to the entire system memory space (AMD either will not or cannot deny this, and it would seem to be required to allow the DRM "features" to work as intended), which means that it has at minimum MMIO-based access to the network controllers and any other PCI/PCIe peripherals installed on the system.
    In theory any malicious entity with access to the AMD signing key would be able to install persistent malware that could not be eradicated without an external flasher and a known good PSP image. Furthermore, multiple security vulnerabilities have been demonstrated in AMD firmware in the past, and there is every reason to assume one or more zero day vulnerabilities are lurking in the PSP firmware. Given the extreme privilege level (ring -2 or ring -3) of the PSP, said vulnerabilities would have the ability to remotely monitor and control any PSP enabled machine. completely outside of the user's knowledge.
  • 2
    @legionfrontier Does the Ryzen lineup use PSP ? If yes, baus gib me some sauze.
  • 2
  • 3
    @kvsjxd unistall systemD on any linux distro could be another start too 😏
  • 4
    To this is so big that it borders the "should I even care" line.

    It's like if some scientist discovered that all sentient life will be wiped out in 20 years and there is nothing you can do about it. It's like.. meh... right. Could be bogus, and if it's not there isn't much you can do about it.

    Maybe it's wilful ignorance but I don't see any benefit in going nuts over stuff I can't change.
  • 3
    @fox8091 I doubt enough people would care.
  • 3
    @masterdoctor and that´s why the small folks always get assfucked by the big guys.
  • 3
    @nukasev don't get me wrong, I'm going to make as much noise as I can - but I don't think enough people will care.
  • 2
    @masterdoctor I see where you are coming from, and unfortunately that´s probably the case. :(
  • 4
    @masterdoctor This. Community can shout all they want but in the end the consumer market which doesn't know or understand these things will keep feeding them money. Unless we start FOSS design CPU manufacturing.
  • 1
  • 0
    @Froot I'm using a MacBook Pro late 2008 at home and a MacBook Pro from 2011 at work. Until now there is no need for an upgrade. There are still security patches and all software is running fine.

    So I think you don't have to upgrade when your computer is doing everything you want. Maybe there are some "new technologies" but most of them are marketing wanks or just not worth it.
  • 0
    @lastNick I like to do some gaming every now and then so I quite need a capable GPU and CPU. Also, a good CPU helps with those pesky build times.
Add Comment