The Intel Management Engine (ME): There’s a “separate chip that no one is allowed to audit or examine” in your Intel computer, “exposing every recent Intel system to the worst rootkits imaginable”, with “a TCP/IP server on your network interface” that can “bypass any firewall running on your system”

https://boingboing.net/2016/06/15/intel-x86-processors-ship-with.html

Recent Intel x86 processors implement a secret, powerful control mechanism that runs on a separate chip that no one is allowed to audit or examine. When these are eventually compromised, they'll expose all affected systems to nearly unkillable, undetectable rootkit attacks. …

The Intel Management Engine (ME) is a subsystem composed of a special 32-bit ARC microprocessor that's physically located inside the chipset. It is an extra general purpose computer running a firmware blob… …

On some chipsets, the firmware running on the ME implements a system called Intel's Active Management Technology (AMT). This is entirely transparent to the operating system, which means that this extra computer can do its job regardless of which operating system is installed and running on the main CPU. …

ME [is] a huge security loophole, and it has been called a very powerful rootkit mechanism. Once a system is compromised by a rootkit, attackers can gain administration access and undetectably attack the computer. …

There is no way for the x86 firmware or operating system to disable ME permanently. Intel keeps most details about ME absolutely secret. There is absolutely no way for the main CPU to tell if the ME on a system has been compromised, and no way to "heal" a compromised ME. There is also no way to know if malicious entities have been able to compromise ME and infect systems.

A large portion of ME's security model is "security through obscurity", a practice that many researchers view as the worst type of security. If ME's secrets are compromised (and they will eventually be compromised by either researchers or malicious entities), then the entire ME security model will crumble, exposing every recent Intel system to the worst rootkits imaginable.

Translate from russian to english https://xakep.ru/2011/12/26/58104/

https://www.crowdsupply.com/raptor-computing-systems/talos-secure-workstation

submitted by /u/IshidaT
[link] [comments]
Bitcoin