[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] company devised process to disable Intel Management Engine

To: tor-talk@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-talk] company devised process to disable Intel Management Engine
From: Milton Scritsmier <ktr-theonionrouter@xxxxxxxxxxxxxxx>
Date: Mon, 11 Dec 2017 13:02:38 -0700
Authentication-results: smtp01.onyx.dfw.sync.lan smtp.user=mscritsm@xxxxxxxxxxxxxxx; auth=pass (LOGIN)
Delivered-to: archiver@xxxxxxxx
Delivery-date: Mon, 11 Dec 2017 15:03:01 -0500
In-reply-to: <X_Co8jTaGUUXaim8W18dU0bREiqrPg6TXzlSR-rR9wOc0pY0U3fDwIDnURhILu6-Py_5joM-q9xShsfIA0ZtDY4NLmhDd9QKkK8Zhnjuor8=@protonmail.com>
List-archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-id: "all discussion about theory, design, and development of Onion Routing" <tor-talk.lists.torproject.org>
List-post: <mailto:tor-talk@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
References: <8ff986b0-2827-4f21-3b51-87b56732bdce@gmx.com> <GCJ1rVa74sQUdHlYx8HP3m2uaf5-vz5CeOMOVAs2YdMsmfdzKo9rhtKlLpuqJGw0_-Loqa3S82B-0inp8hINK2UoYpusvB4w_6JPyitGqes=@protonmail.com> <08e0c7bc-d6d9-0f66-5397-d0e7f621f58e@dea.spamcon.org> <X_Co8jTaGUUXaim8W18dU0bREiqrPg6TXzlSR-rR9wOc0pY0U3fDwIDnURhILu6-Py_5joM-q9xShsfIA0ZtDY4NLmhDd9QKkK8Zhnjuor8=@protonmail.com>
Reply-to: tor-talk@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-talk" <tor-talk-bounces@xxxxxxxxxxxxxxxxxxxx>
User-agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:52.0) Gecko/20100101 Thunderbird/52.5.0
X_cmae_category: , ,

On 12/11/2017 8:48 AM, InterN0T wrote:
> Interesting, do you have a proof of concept supporting that desktop PCs without remote administration such as AMT, can still be reached remotely via Intel ME?

No, I don't nor do I assert that. To the best of my knowledge Intel has
never commented one way or the other on whether or not the ME in
consumer PCs is capable of accessing the internet (although the ME is on
the same die as the ethernet silicon), whether the hardware is capable
of remote access but the consumer ME firmware simply doesn't support it,
etc.

But see below, on recent consumer PCs your ME is completely hackable if
the attacker has local access.

Intel has recently revealed that the current ME firmware has bugs. See
https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00086&languageid=en-fr
. All but one of these bugs require local access to the PC; one can be
accessed via AMT on enterprise PCs that support it. Not all of the bugs
apply to consumer PCs. Unfortunately Intel doesn't issue ME firmware
patches directly, you have to get them from your PC or mobo manufacturer
as part of a BIOS update.

Recently Positive Technologies announced that ever since Intel Skylake
processors came out, Intel processors contain a special JTAG debug port
that can be accessed via an USB port on your computer
(https://www.ptsecurity.com/upload/corporate/ww-en/analytics/Where-theres-a-JTAG-theres-a-way.pdf
). They then exploited this to run unsigned code on the ME, in theory
giving them complete access to your PC even if it is turned off. They
presented the details last week at Black Hat Europe 2017
(https://www.blackhat.com/eu-17/briefings/schedule/index.html#how-to-hack-a-turned-off-computer-or-running-unsigned-code-in-intel-management-engine-8668
) though I have seen anything from the talk yet.

--
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

References:
- [tor-talk] company devised process to disable Intel Management Engine
  - From: Joe
- Re: [tor-talk] company devised process to disable Intel Management Engine
  - From: InterN0T
- Re: [tor-talk] company devised process to disable Intel Management Engine
  - From: Milton Scritsmier
- Re: [tor-talk] company devised process to disable Intel Management Engine
  - From: InterN0T

Prev by Author: [tor-talk] Tor HiddenService Setup fails to run deamon at APPARMOR (with apt-get install tor on ubuntu)
Next by Author: Re: [tor-talk] company devised process to disable Intel Management Engine
Previous by thread: Re: [tor-talk] company devised process to disable Intel Management Engine
Next by thread: Re: [tor-talk] company devised process to disable Intel Management Engine
Index(es):
- Author
- Thread