Intel admits that ME exploitable

I’ll argue this is not off-topic - the hardware problem exists and while there is not a project to fix that, it sits as a problem that needs a solution. :imp:

Intel ME is the OS that is inside the Intel chips - so, not the one most users choose… and yes, it comes with a webserver because why not!

Fortunately, this is being made visible and challenged but perhaps should not even be legal for the risks relative to privacy; security; and freedom from exploitation.

Intel admits that ME exploitable with 8 CVEs, telling their customers to contact motherboard manufacturers.

earlier was:
How to remote hijack computers using Intel’s insecure chips: Just use an empty login string

Almost as bad as OSX having root login with empty passwords… because it was “useful”?

I wonder AMD would have a quick win, if they declared some route to open sourcing their hardware… I wonder too that other interests are too invested in pwning.every.damn.thing™

4 Likes

My dream set-up is a RISC-V (or some other open architecture chipset) powered computer with a secure Linux distro built solely for SAFE usage (like a freedom-respecting analogue to google’s ChromeOS)

Maybe one day :wink:

2 Likes

A few other pointers:

  • Dell, Other Vendors Start Shipping Laptops With Intel ME Firmware Disabled

  • Chaos Communication Congress (34C3)

    • date - December 27th to 30th, 2017
    • location - Leipziger Exhibition Grounds, Leipzig, Germany
    • title - Inside Intel Management Engine
    • speakers - Maxim Goryachy, Mark Ermolov
    • abstract - Positive Technologies researchers Maxim Goryachy and Mark Ermolov have discovered a vulnerability that allows running unsigned code. The vulnerability can be used to activate JTAG debugging for the Intel Management Engine processor core. When combined with DCI, this allows debugging ME via USB.

And if you dare to look at it:

3 Likes

True but it isn’t a project either. It is clearly a #cybersecurity issue more than a “Related project” Even a project to fix it is not a project related to SAFE.

I’ll move it there and you can PM the @moderators if you think otherwise.

3 Likes

According to the vulnerability risk assessment detection tool, both my systems are not vulnerable

i5-2500 and i7-6900K are not vulnerable.