Posted on 11/22/2017 1:44:20 PM PST by dayglored
Bugs can be exploited to extract info, potentially insert rootkits
Intel today admitted its Management Engine (ME), Server Platform Services (SPS), and Trusted Execution Engine (TXE) are vulnerable to multiple worrying security flaws, based on the findings of external security experts.
The firmware-level bugs allow logged-in administrators, and malicious or hijacked high-privilege processes, to run code beneath the operating system to spy on or meddle with the computer completely out of sight of other users and admins. The holes can also be exploited by network administrators, or people masquerading as admins, to remotely infect machines with spyware and invisible rootkits, potentially.
Meanwhile, logged-in users, or malicious or commandeered applications, can leverage the security weaknesses to extract confidential and protected information from the computer's memory, potentially giving miscreants sensitive data – such as passwords or cryptographic keys – to kick off other attacks. This is especially bad news on servers and other shared machines.
In short, a huge amount of Intel silicon is secretly running code that is buggy and exploitable by attackers and malware to fully and silently compromise computers. The processor chipsets affected by the flaws are as follows:
Intel's Management Engine, at the heart of today's disclosures, is a computer within your computer. It is Chipzilla's much maligned coprocessor at the center of its vPro suite of features, and it is present in various chip families. It has been assailed as a "backdoor" – a term Intel emphatically rejects – and it is a mechanism targeted by researchers at UK-based Positive Technologies, who are set to reveal in detail new ways to exploit the ME next month.
The Management Engine is a barely documented black box. it has its own CPU and its own operating system – recently, an x86 Quark core and MINIX – that has complete control over the machine, and it functions below and out of sight of the installed operating system and any hypervisors or antivirus tools present.
It is designed to allow network administrators to remotely or locally log into a server or workstation, and fix up any errors, reinstall the OS, take over the desktop, and so on, which is handy if the box is so messed up it can't even boot properly.
The ME runs closed-source remote-administration software to do this, and this code contains bugs – like all programs – except these bugs allow hackers to wield incredible power over a machine. The ME can be potentially abused to install rootkits and other forms of spyware that silently snoop on users, steal information, or tamper with files.
SPS is based on ME, and allows you to remotely configure Intel-powered servers over the network. TXE is Intel's hardware authenticity technology. Previously, the AMT suite of tools, again running on ME, could be bypassed with an empty credential string.
Today, Intel has gone public with more issues in its firmware. It revealed it "has identified several security vulnerabilities that could potentially place impacted platforms at risk" following an audit of its internal source code:
In response to issues identified by external researchers, Intel has performed an in-depth comprehensive security review of our Intel Management Engine (ME), Intel Server Platform Services (SPS), and Intel Trusted Execution Engine (TXE) with the objective of enhancing firmware resilience.
The flaws, according to Intel, could allow an attacker to impersonate the ME, SPS or TXE mechanisms, thereby invalidating local security features; "load and execute arbitrary code outside the visibility of the user and operating system"; and crash affected systems. The severity of the vulnerabilities is mitigated by the fact that most of them require local access, either as an administrator or less privileged user; the rest require you to access the management features as an authenticated sysadmin.
But as Google security researcher Matthew Garrett pointed out in the past hour or so, the aforementioned AMT flaw, if not patched, could allow remote exploitation.
In other words, if a server or other system with the AMT hole hasn't been updated to kill off that vulnerabilities, these newly disclosed holes will allow anyone on the network to potentially log in and execute malicious code within the powerful ME coprocessor.
"The ME compromise presumably gives you everything the AMT compromise gives you, plus more," said Garrett via Twitter. "If you compromise the ME kernel, you compromise everything on the ME. That includes AMT, but it also includes PTT."
He explained, "PTT is Intel's 'Run a TPM in software on the ME' feature. If you're using PTT and someone compromises your ME, the TPM is no longer trustworthy. That probably means your Bitlocker keys are compromised, but it also means all your remote attestation credentials are toast."
Garrett said if an exploit allows unsigned data to be installed and interpreted by the ME, an attacker could effectively trigger the reinfection of malware after every ME reboot. Were that to happen, the only way to fix things would be to reflash the hardware by hand. At that point, he said, it would probably be cheaper just to get new hardware.
Thanks, Intel. pic.twitter.com/w16IyKuCtu — The Register (@TheRegister) November 20, 2017
Intel said systems using ME Firmware versions 11.0, 11.5, 11.6, 11.7, 11.10, and 11.20, SPS Firmware version 4.0, and TXE version 3.0 are affected. The cited CVE-assigned bugs are as follows:
Chipzilla thanked Mark Ermolov and Maxim Goryachy at Positive for discovering and bringing to its attention the flaw CVE-2017-5705, which sparked the aforementioned review of its source code for vulnerabilities.
Intel advises Microsoft and Linux users to download and run the Intel-SA-00086 detection tool to determine whether their systems are vulnerable to the above bugs. If you are at risk, you must obtain and install firmware updates from your computer's manufacturer, if and when they become available. The new code was developed by Intel, but it needs to be cryptographically signed by individual hardware vendors in order for it to be accepted and installed by the engine.
Lenovo was quick off the mark with patches for its gear ready to download.
We'll give you a roundup of fixes as soon as we can. It's not thought Apple x86 machines are affected as they do not ship with Intel's ME, as far as we can tell.
Today's news will no doubt fuel demands for Intel to ship components free of its Management Engine – or provide a way to fully disable it – so people can use their PCs without worrying about security bugs on mysterious secluded coprocessors. ®
That’s a service Microsoft provides in every version of Windows.
Thanks!!
Oopsie. Thanks dayglored.
Color me un-shocked
https://www.intel.com/content/www/us/en/support/articles/000025619/software.html
The linked page contains links to some computer manufacturers, giving their recommended responses to this mess. There is also a link to a detection tool.
I always thought it was planned obsolescence to get you to buy a new computer.
Sent this to my SA and he came right back and said that he had already patched two of my systems. The rest are too old to be vulnerable.The processor chipsets affected by the flaws are as follows:
- 6th, 7th and 8th Generation Intel Core processors
I have an Intel Core i5 so I guess my mac resembles that remark . . .
Any Mac made in 2015 and after would have at least a 6th generation Intel processor in it. Those are the ones that are vulnerable to this issue.
How many of these COTS chips (no doubt thoughtfully built in China) are in our military hardware? Wonder what’ll happen wwhen we go to defend Taiwan with our carriers and the Aegis cruisers all shut down?
Much better value.
Seriously? Just when I purchased a 2017 Macbook because XP was too vulnerable! Where’s my Selectric 2?
At this point the Apple Mac is NOT on the Intel list of vulnerable computers. . . so perhaps not. Apple does not use the same management tools that PCs do, so perhaps there is not the same exposure.
If you find out, ping the list. But really, at this point with hackers and all our data exposed time and again, security is so last year!
So, could you give non techies here hints on doing that?
A tech guy on Fox mentioned 2015 as the year to be aware of. I’d like to know where the cutoff is — a date during 2015 or just after 2015.
Being rigorous with memory management is boring and repetitive -- and "bloats" my code by ~20% -- but, it's worth it...
But, because I learned coding on an original Apple][ and Tandy's "Trash-80" -- where every byte of their minuscule memory was precious -- I must admit to being a fanatic about "tight" code and runtime memory management, as well as rigorously "cleaning house" before my app shuts down. YMMV...'-)
So — the most any of us on your pinglist can do is wait for Intel (and Apple) to implement fixes — if it can even be done outside Intel’s silicon?
The hidden independent processor has very little to do with memory management for the app processor or even the system housekeeping routines that run at root. It appears to be a processor that allows complete access to the computer without an OS even having been booted, or even being installed for that matter, so a remote manager can access the machine to repair or even installing a new OS remotely, regardless of whether or not a system has ever been installed or not.
That being said, this hidden independent processor IS built in to the Intel processor itself and is dependent on other computer system logic board and peripherals to be accessed, i.e. just existing on the Intel processor is, in and of itself not a risk. The Logicboard and peripherals chosen must permit the external access before there is any risk of outside vulnerability to the computer.
I was looking at the list of hardware manufacturers who use these processors that Intel itself had listed as vulnerable and noticed a blatant Intel chip user that was absent from that list: Apple. Although Apple Macs can run Windows and Linux, Apple's hardware does not use BIOS as part of their normal startup procedure, instead it runs an Extensible Firmware Interface (EFI) which may not support the Management Engine access in the Intel processor, or which has the ME switched off by default.
"Maybe they can fix the deprecation routine that slows the PC down gradually over time until it simply fails to run anymore.I never understood why a perfectly good computer running a limited number of application gradually slows to the point of unusability."
Frankly, I talked about apps -- rather than come right out and say that Apple's coding discipline enforces memory cleanup far more rigorously than Microsoft's does -- or, ever has -- including at the system level...
Maintaining runtime memory cleanup coding discipline is a PITA, but it pays off in long-term satisfaction. Example: my MBP runs for months without ever being shut down -- without any perceivable performance hit...
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.