#WHEW

security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00075&languageid=en-fr

Whew.

Other urls found in this thread:

en.wikipedia.org/wiki/Intel_AMT_versions
thinkwiki.org/wiki/Intel_QM57
theregister.co.uk/2017/05/01/intel_amt_me_vulnerability/
downloadcenter.intel.com/download/26754
software.intel.com/en-us/forums/intel-business-client-software-development/topic/563988
reddit.com/r/thinkpad/comments/4w3sr3/t430s_accidentally_permanently_disabled_access_to/
semiaccurate.com/2017/05/01/remote-security-exploit-2008-intel-platforms/
arstechnica.com/security/2017/05/the-hijacking-flaw-that-lurked-in-intel-chips-is-worse-than-anyone-thought/
tenable.com/blog/rediscovering-the-intel-amt-vulnerability
embedi.com/files/white-papers/Silent-Bob-is-Silent.pdf
support.lenovo.com/fr/en/product_security/len-14963
hardenedlinux.github.io/firmware/2016/11/17/neutralize_ME_firmware_on_sandybridge_and_ivybridge.html
twitter.com/NSFWRedditGif

Fun

What did they mean by this?

They mean they don't want consumers knowing the NSA can already take control of their machine.

en.wikipedia.org/wiki/Intel_vPro

The Management Engine (ME) is an isolated and protected coprocessor, embedded as a non-optional[29] part in all current (as of 2015) Intel chipsets.

The ME has its own MAC and IP address for the out-of-band interface, with direct access to the Ethernet controller; one portion of the Ethernet traffic is diverted to the ME even before reaching the host's operating system, for what support exists in various Ethernet controllers, exported and made configurable via Management Component Transport Protocol (MCTP)

Who's willing to bet they're reluctantly 'closing' it now because it's part of future Vault 7 releases?

Imagine the carnage when less subtle actors gain knowledge of that vulnerability, all the critical infrastructure that might be exposed.

What is the difference between Intel AMT and Intel ME, and how are they related? If I'm not mistaken ME is the underlying engine behind AMT.
So what does it mean for me if I permanently disabled AMT in BIOS? Is there any other way ME can be run on my machine?

AMT is the buzzword that Intel uses when businesses call them up and ask for Intel to control a computer directly from the northbridge (that has now become part of the die itself, power saving + """security""")
AMT uses the Management Engine (hardware buzzword).
Technically, yes, but there has to be a reason. Knowing the name Jim Watkins might be enough for XKeyScore-tier, might not. Go ask /bane/.

This is a titanic monstrous zero day. Fuck Intel with a rake. Made Ars' front page and was then pushed down by a deluge of shit. Noone else seems to care except tech communities who are horrified. The only reason everything hasn't been destroyed is likely due to the incompetence of Russian and Chinese hackers.


Core i5, i7 and Xeons only from the looks of it. Intel is lying about the consumer stuff to save face. Disable AMT in your bios if you can and get Intel's patch as well if you're affected.

Perhaps people don't care because it doesn't actually affect them. Is there any news story of somebody being directly exploited by this exact bug?

It wouldn't be news unless someone made a big fucking mistake and got caught or some tool was released to exploit it. After all, how would you know? Maybe there already is one for sale by hackers, ala the shadow brokers?

This is a great vector for theft of information without people knowing. Basically any concerns we had about NSA style surveillance and how the IME could be a part of that now apply to anyone smart enough to look at the IME as an attack vector, and I'd wager that the chinks, russians and other bored blackhat types probably already had found this. That said, it's never been shown off at DEFCON or similar.

Why do you feel relieved about this?

How can I see which version I have?

If you have an i5 or i7 you are vulnerable.

I'd just like to know the version to see how old mine is. Older machines probably won't be patched by OEMs because they don't give a fuck.
I already tried pressing Ctrl+P during boot to enter AMT configuration or whatever, but it doesn't work, probably because I have AMT disabled.

whew

jokes on them i like being hacked

sysctl bla bla bla bla

hw.machine=sparc64
hw.model=SUNW,UltraSPARC-IIe (rev 1.4) @ 502 MHz

whew!

brb burning my CF-31 and getting a CF-18 Mk4 again

Lesson learned?

Wishful thinking. According to SemiAccurate the vulnerability was known to security researchers and in turn Intel for 5 years.
I think we'll see the reason why they decided to act now in a few days or weeks.

On a different note, I'm curious if they've used the opportunity to do something about me_cleaner.

Can anyone check any newer (2010 onward) ThinkPads they own? They could be vulnerable to this.

Intel AMT versions and the chipsets they go with:
en.wikipedia.org/wiki/Intel_AMT_versions
The QM57 is found in the T410, T410i, T410s, T410si, T510, T510i, W510, W701, W701ds, X201, X201i, X201s, and X201 Tablet: thinkwiki.org/wiki/Intel_QM57
The QM 67 can be found in the X220 and probably all the other xx20 models judging by the previous generation: www.thinkwiki.org/wiki/Category:X220

Severely underrated post.

The lesson *to* be learned here is you need open, verifiable firmware to be able to trust your computer. The lesson that *will* be learned here is for the NSA to be more subtle next time and for Intel to double down on the backdoors and control. And the USA surveillance state continues.

Do y'think they'll ever actually go through on that "move all 'important' compputing(like banking) onto management engine programs" thing? I read they wanted to do that.

how can hardware even have RCE vulnerabilities? they should be fired or the entire company shut down if required

Ever heard of the baseband processor on phones (which there have been plenty of talks about at DEFCON and other similar events) or the recent Broadcom wifi chipset vulnerability? Remote code execution vulnerabilities will always be a risk on anything that deals with networking, firmware included.

...

This is seriously horrible! The people in the OpenSSD and RISC-V projects really need to hurry the hell up.

Newfag
>>>/4chan/

They need a new ME bootrom afaik which means a new cpu generation.
Or keep pushing for boot guard.

Version is dependent on cpu generation.
Or you could download MEInfo and check

we cyberpunk now. as soon as you connect to a network you have 10 different state-level actors knocking on their backdoors, completely automated systems. and you're targeted because you were flagged for not having a jewbook account and being disconnected from the normie net for greater than 2 hours.

now what?

Can you explain it?

What exactly do you mean by "check"? Obviously anyone with thinkpad models higher than xx00 is vulnerable, this was known for a long time, hence why X200 is the popular choice in the security bubble.

Am I right that Apple computers are unaffected even if they have Intel CPU?

Probably Apples are rotten as well, let's not forget that Intel ME and AMT is a feature not a bug. As business laptops Apples would be seen as lacking compared to Windows machines.

proofs?
Never heard about possibility to enable AMT on Apple computers

So what does this mean for the future of Intel CPUs? No backdoors, more secure backdoors, or more hidden backdoors?

theregister.co.uk/2017/05/01/intel_amt_me_vulnerability/

That article from a day ago only states that Macs do not ship with AMT software.
I'm also wondering how deep this vulnerability goes in general. In the following document Intel is acting as if it affects only computers with configured and running AMT:
downloadcenter.intel.com/download/26754

Not only Intel but others as well. In that article:
The thing is you don't know if disabling it in BIOS really disables it:
software.intel.com/en-us/forums/intel-business-client-software-development/topic/563988
My thinkpad has a third BIOS option to "permanently disable" it which means it can't be ever turned back on. Some guy says that only permanently disables access to the ME interface:
reddit.com/r/thinkpad/comments/4w3sr3/t430s_accidentally_permanently_disabled_access_to/
So things are pretty fucking confusing.

There's no new lesson here. We've already known for some time that Intel platform is botnet, just like most other recent stuff (Internet of Things). Intel won't change, and neither will CIA/NSA/etc. Consumers won't change either, and hardware manufacturers will keep out cranking junk for them.
At this point, the only way "out" is to stop being dependent on Intel architecture. My next computer will most likely be a beagle/panda board, since those are supported by OpenBSD, without blobs. The only problem is there's no Firefox or Chromium port (I don't see any package anyway), so a lot of websites won't be accessible. But I've been trying to reduce my dependence on modern webshit anyway, and probably will just go back to postal mail and voice phone transactions for administrative tasks.

I hope you do something worthwhile with all that security. Otherwise it's just a waste of time.

shill

I'm just really worried people who are smart enough to realize that things are bad are going to get caught up too much in securing themselves individually and do absolutely nothing to resist the system.
Tbh I know exactly this is going to happen. A tiny minority of people are going to really secure their systems while things just keep getting worse and worse. At some point even those few security memesters won't be safe in their little security bubbles.

shill

Those who actively resist can't be subverted. The others will be, and nothing can be done about it to save them. Trying to do so (against their will) would be the biggest waste of time, and they will even get angry at you for trying.

Seems pretty shilly to me. I'm sure NSA loves that there's no one trying to challenge their existence. Everybody who could do so is just completely obsessed with securing their own banal lives under this same system. I don't think they expected that they would defeat their opponents by infecting them with their own security paranoia. Just as NSA only secures the status quo by perceiving terrorists everywhere and refusing to deal with the cause of terrorism itself, so do people only secure their own passivity by perceiving omnipotent NSA everywhere and refusing to deal with the system itself. The only difference is that NSA is working in their own self-interest, they only care about preserving the existence of the system as it is without changing anything. What is your excuse? Does your battle against your little machine's backdoors finally give your life some meaning, a distraction so that you don't have to really change the situation itself?

CIANigger, relax. What is he supposed to do? Git guns and score one for the good guys?

This whole obsession with security is not about regarding alphabet agencies as invincible and all-powerful, it's the opposite. They're not using magic but the same tech as you and me, and the more aware people are, the harder their job becomes.

Check the firmware version to double check the information that I provided against the actual hardware. Also, I can't find any information on when the update that fixed it was released and if it may have already been distributed before this came to light.

Wow, if you already knew about this particular vulnerability for that long, then you should have gone to Intel with it and got some money.

>reddit.com/r/thinkpad/comments/4w3sr3/t430s_accidentally_permanently_disabled_access_to/
Well a two sentence post by some nobody with no in depth explanation or evidence to back up their claim is certainly a great bit of information to base your opinions on.

My Intelâ„¢ i5 3570K CPU doesn't have this problem.

Slowpoke OP from the other thread:

semiaccurate.com/2017/05/01/remote-security-exploit-2008-intel-platforms/

You really think this is about lack of coordination? Please, this was by design. Their failure to do anything about this despite the exploit being known for years indicates this was almost certainly an NSA commission from the start.

I have a Macbook Pro with Retina. I don't have this problem.

I don't care it's CIA niggers, chinese hackers, or some IRC script kiddies. I don't want them around me. I've been running OpenBSD for over 10 years, and even longer if you consider firewalls, routers, and servers. I left Linux behind because they weren't taking security seriously enough and that created more work for me as a sysadmin. Now I'm going to leave Intel architecture behind for similar reasons. Anyway I never liked it to begin with. I dearly miss my Amiga computers, and the other stuff I had before. Everything after 1995 sucked ass, quite frankly, and OpenBSD is the "least crappy" thing that actually runs on my hardware and that I can stomach. If shit keeps going south, then I'll just have to bite the bullet and forget about anything modern whatsoever. Unlike most people here, I don't give a damn about modern games or web, HD video, and whatever else requires big complicated ugly Wintel box full of bloated crapware. The whole thing stinks, you can keep it.

You're already fucked by Apple. There's no escape. Eliminate gays.

[email protected]/* */ ~ % sysctl bla bla bla blasysctl: error: 'bla' is an unknown keysysctl: error: 'bla' is an unknown keysysctl: error: 'bla' is an unknown keysysctl: error: 'bla' is an unknown key
W E W

AMD masterrace

Is it true that the new AMD processors don't ship with a botnet? They look very capable performance-wise, especially for the price. I feel like such an oldfag after digging for this image. Nigil sub sole novum.

NO

I own stock in AMD and have reason to shill, but the the New Ryzen CPUs ABSOLUTELY come with a botnet installed

See >>>Holla Forums for more information, but IIRC, the FX is going to be their last series of CPU without this "functionality" according to AMD's own tech support, according an user there who asked CS and posted screencaps of their reply to him. Make of that what you will.

That's too bad, I guess that image is useless now. Will you hold?

go back to coding ur retarded chan faggot

How do I check the fucking firmware version? I can't find any info whatsoever on that.

>y-you're a newfag!

arstechnica.com/security/2017/05/the-hijacking-flaw-that-lurked-in-intel-chips-is-worse-than-anyone-thought/
tenable.com/blog/rediscovering-the-intel-amt-vulnerability

Apparently you need to have "The Intel Management Engine Interface" installed and "Local Management Service" running.

Thankfully Intel ME is neutered on my computer, and it will even become feasable on some later models.


Oh it's another piece of that thing, what's it actually from?

My bot stumbled over this.jpg
Is this some "NULL" -sessions thing? I never fully understood this, never really tried.

From reading embedi.com/files/white-papers/Silent-Bob-is-Silent.pdf
The client is supposed to submit a string which proves he knows the password. But the server compares only N bytes of the actual expected string to the client's string. So if the client submits a one character string, the server only compares the first character, and you should be able to get in after a few guesses. But you can just send an empty string and it is guaranteed to work.

Well I mean literally every big software company does this and I've personally seen many do it. Not all thousands of them can be malicious. Most cases are likely to be incompetence. Personally it makes no difference - I will never buy any hardware that has an OS and web server built into it, or any form of remote control, or DRM.

Here's Lenovo's response:
support.lenovo.com/fr/en/product_security/len-14963

There's no X201 on that list. Any ideas why?

Unrelated to the thread, but i'm also rather interested in knowing this.

You are correct. AMT is basically an application running on top of the ME platform. ME cannot be disabled, it is necessary to boot the system and to keep it running (the CPU periodically checks with the ME and shuts down if it isn't running), though it can be gutted at least on some platform generations with me_cleaner.
Disabling AMT shuts down only the application, not the botnet underneath it.


Network-enabled firmware. It's the future, goy!

Add me to the list.
Sauce?

Reverse image search (on both tineye and google) returned nothing.
Source?

Sauce needed, this is very important.

If it's not the CIA, NSA, FBI, Russians, Chinese, Skiddies on your local coffee shop's wifi, it will be someone else. Even if we managed to eliminate all known malicious attackers, there is absolutely no reason to not try and secure ourselves against attacks. Why on earth are you discouraging user's secure their platforms? If a security hole exists, it must be plugged. Regardless of if you are an activist or just some weeb, gaymer, or normie. To imply that security is a waste of time if you aren't fighting the alphabet agencies and tech corps is to imply that you want the NSA/CIA/whoever to have open access to every system not directly involved with activism. The first step to fighting back is to neuter the weapons these groups wield. Telling people not to bother with securing themselves if they aren't fighting back just increases the circle of NSA/CIA/etc. control/infiltration and gives them a bigger hammer to hit us with.

No u.

Somewhat disagree. Someone could break into my house if they wanted to. I do not think this is a problem, I do not fear someone breaking into my house. If I thought there was a significant risk of someone breaking into my house I would take measures to secure it.

On the internet there definitely are malicious attackers, it is a very real threat. My ssh is constantly getting brute forced.

Please kill yourselves

No, give source.

Does the Intel Core 2 quad Q6600 have the ME?

They'll just hide the backdoors deeper, as they make their cpus ever more and more complicated.
Anyway, just remember the old saying: Fool me once, shame on you. Fool me twice, shame on me.


A lot of people have valuable stuff in their house, and anyway even if I didn't I still don't want anyone snooping around and raiding the fridge.
Anyway you're obviously a jew shill since you're defending communism and anti-american values.

No update because fuck you.

t. Lenovo

That said, I should nag the folks at Panasuckit to release a update for the CF-31 Mk3 that removes vPro.

GIVE ME THE FUCKING SOURCE FOR THIS

Checked!
Trips demand spurce!

Nice, Panasonic actually updated the CF-31 Mk3's vPro firmware to fix this exploit.

You fuckers are always going on about this. Intel AMT/ME only works over ethernet. If you are connected to the internet over wlan, AMT/ME don't work. So either unplug you ethernet or lube your anus and bend over.

No, it can also utilize wifi and 3g modems.
There might be a hidden reason why a lot of modern laptops have whitelists for these devices.

I got the impression that for most (non-server) chips the attacker first needs to exploit the OS.
Anyway in your scenario you'd have to go with serial port comms or something else that's no longer standard on modern systems. Like add an actual serial I/O card, not just the USB stuff. You can even program your PPP driver to work in non-standard way (and your uplink as well), just in case.

Do you know this? If so, how do you know that?

My motion computing tablet has AMT on it. If I disable AMT, it adds like 30-60 seconds to the boot time. I mean, this is before POST. Flat nothing for 30 seconds, then the POST screen appears.

What the fuck. Is this Intel punishing me for disabling AMT?

How did you neuter the management engine?

I'm using an X200 and X200 Tablet with Libreboot installed. Part of the setup clears the ME blob from flash, and also sets some values there to disable it. Sadly you need a hardmod to do it because that region is write protected, and the method for toggling it from the computer isn't known. I'll just hope there's not more to it than that, but no computer is really safe until the open hardware revolution.

Barring that a few later CPUs have another method, you can also not use Intel although AMD, and non-x86 platforms all have their own issues.

hardenedlinux.github.io/firmware/2016/11/17/neutralize_ME_firmware_on_sandybridge_and_ivybridge.html

It's not a punishment, it's a side effect. Your POST is designed to expect AMT. The timeout for waiting for AMT is about 30 seconds. If you had access to your CPU's microcode, you could change that behaviour.

Every Intel chip after 32-bit was a mistake. Last decent machine I had was IBM Thinkpad with Pentium-M and plain old BIOS.

Source request has been made on >>>/rec/
I'm not sure why none of you faggots have done this already.
It may take some days.

that pic was made by amd fanboys but ok

spoiler your cp images please

Every PC was a mistake.

...

Nice.

Every intel chip was a mistake, they were always trash.