Puppy Linux Discussion Forum Forum Index Puppy Linux Discussion Forum
Puppy HOME page : puppylinux.com
"THE" alternative forum : puppylinux.info
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

The time now is Sun 18 Nov 2018, 17:13
All times are UTC - 4
 Forum index » Off-Topic Area » Security
Intel Management Engine (again)
Post new topic   Reply to topic View previous topic :: View next topic
Page 1 of 1 [1 Post]  
Author Message
rufwoof

Joined: 24 Feb 2014
Posts: 2641

PostPosted: Sun 14 Oct 2018, 07:49    Post subject:  Intel Management Engine (again)  

https://ithardware.pl/aktualnosci/rosjanie_ujawniaja_ukryty_tryb_i_blad_fabryczny_w_nowych_procesorach_intela-7405.html

Positive Technologies is a Russian security company that has already discovered several bugs in the Intel Management Engine (ME) over the past years. This week, the Russians revealed more information about the Manufacturing Mode in the ME, which is present in some Intel processors and can be used remotely by hackers. This is the second hidden and officially undocumented mode in Intel ME, which was discovered by a Russian company. According to Positive Technologies, the Manufacturing Mode in Intel processors is designed to configure and test chips during production. However, this mode should be blocked before shipment of systems, for the same reason that the debugging mode is turned off before leaving the factory - no one wants hackers to have easy access to it. Positive Technologies claims, however, that this factory mode in Intel ME has not been blocked in the final products, and the average user is not able to block it, even from the very fact that no one knows about it (which is obvious, since it is not in the documentation) and because there are no official tools that would help in this process. For this reason, no software, including even advanced applications showing errors in the configuration of the processor from UEFI level, are unable to determine whether the factory mode has been turned off or is still active.

Intel counts another major slip. A (?) Factory error may allow remote control of the computer.

Manufacturing Mode allows you to configure critical areas of the platform, such as BootGuard - Intel technology, which verifies the boot process. These options are stored in only writeable memory (FUSE), and some of them are called Field Programmable Fuses (FPF). FPF is used to collect platform parameters. Saving information in FPF requires that Intel ME be in Manufacturing Mode. It is a two-stage process during which the FPF is first saved to the temporary memory and then permanently recorded when the factory mode is closed. However, if Manufacturing Mode is not closed, it means that the process has not been completed, which allows the hackers to overwrite the FPF and take control of the platform in this way. In this hackers way can set their own values in BootGuard and other security options. Intel's platform will automatically load the code uploaded by the hackers, regardless of the actions the user will take to protect his computer against Malware. What's more, if hackers finish the FPF process, this code will never be deleted again. Positive Technologies' employees believe that all newer Intel processors have a factory-enabled mode, including Apollo Lake, Gemini Lake and Cannon Lake, putting the user at risk, because attackers can not only control the boot process, but also steal OEM keys that are used for signing different software in a given machine. The Russians emphasize that Intel ME was previously located in a separate SPI flash memory, which had independent access rights to the CPU and ME, which meant that it was not possible to read and save ME from the CPU side. Intel, however, has changed this in recent platforms by presenting a mechanism for parent access that controls a special SPI region and can give the CPU access to ME regions to which there would normally be no permissions. Intel wanted to simplify the process of updating the ME, at the same time making it easier to take control over the CPUs hackers. The Russians also discovered that Intel processors delivered to Apple laptops are vulnerable to this threat, but after reporting to the manufacturer, the threat was eliminated along with macOS High Sierra 10.13.5. Allegedly, Lenovo Yoga and ThinkPad laptops have this mode turned off by default. The Russians from Positive Technologies were also the first to announce the discovery of another undocumented mode of High Assurance Platform (HAP), which was developed by the NSA for Intel. Intel ME is often criticized by activists involved in privacy. Technology is accused of being a potential backdoor and a danger for users.

_________________
( ͡° ͜ʖ ͡°) :wq
Back to top
View user's profile Send private message 
Display posts from previous:   Sort by:   
Page 1 of 1 [1 Post]  
Post new topic   Reply to topic View previous topic :: View next topic
 Forum index » Off-Topic Area » Security
Jump to:  

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group
[ Time: 0.0415s ][ Queries: 12 (0.0076s) ][ GZIP on ]