TR Forums

I don't see this mentioned anywhere else on TR and it seems very much worth mentioning.

https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00075&languageid=en-fr
https://mjg59.dreamwidth.org/48429.html

Relatively few systems are affected, but this looks like a Really Big Deal for those that are.

It looks like someone found the hole, and it's big enough to fly an airliner through:

https://www.tenable.com/blog/rediscovering-the-intel-amt-vulnerability
https://news.ycombinator.com/item?id=14274802

This totally inspires confidence in the rest of that codebase.

Eeek! That's some serious "amateur night" coding there. This is why code should be reviewed... especially code that affects security.

Remember folks, if you have an Intel computer with a PCH and without a FSB, all of the always-on hardware is on your machine. The AMT is only the handy web-interface for sysadmins to user-configure the hardware, and presumably there are undocumented backdoor ways Intel has left to access the hardware without it. Security through obscurity.

AMD has followed suit with a similar system in Jaguar and Ryzen, perhaps due to governmental pressure?

synthtel2 wrote:

It looks like someone found the hole, and it's big enough to fly an airliner through:

https://www.tenable.com/blog/rediscovering-the-intel-amt-vulnerability
https://news.ycombinator.com/item?id=14274802

This totally inspires confidence in the rest of that codebase.

Oh dear god.

Ran across this entertaining article on it but do keep in mind that it's from Charlie.

Apparently he's been aware of this vulnerability since 2012 and has been publishing articles and nagging Intel execs since then without result.

As it's now present in even some 10 year old Core 2 systems, what are the odds that every OEM and motherboard manufacturer will suddenly decide to go back and update BIOSes that haven't been updated in more than eight years?

bfg-9000 wrote:

As it's now present in even some 10 year old Core 2 systems, what are the odds that every OEM and motherboard manufacturer will suddenly decide to go back and update BIOSes that haven't been updated in more than eight years?

I suspect the big ones will, for their enterprise gear. Older desktops and systems from smaller OEMs are probably SOL.

And even cutting through Charlie's usual hyperbole, this is an epic fail from Intel (on multiple levels).

Just waiting for WikiLeaks to give us actual details... so sad.

blahsaysblah wrote:

Just waiting for WikiLeaks to give us actual details... so sad.

This does not feel like an NSA back door; it's too simple and obvious, and it boggles the mind that it has gone undetected this long. This is "C programming 101" level stupid, and has the stench of "coded by an inexperienced developer and never reviewed by anyone with a clue" to it.

Intel should be ashamed. It is precisely in situations like this -- where one f**kup can give an attacker the keys to the kingdom -- where careful vetting of all code in the authentication path is vital.

just brew it! wrote:

blahsaysblah wrote:

Just waiting for WikiLeaks to give us actual details... so sad.

This does not feel like an NSA back door; it's too simple and obvious, and it boggles the mind that it has gone undetected this long. This is "C programming 101" level stupid, and has the stench of "coded by an inexperienced developer and never reviewed by anyone with a clue" to it.

Intel should be ashamed. It is precisely in situations like this -- where one f**kup can give an attacker the keys to the kingdom -- where careful vetting of all code in the authentication path is vital.

This would be something NSA would have known about on day one. Who wouldn't check the backdoor for vulnerabilities, if not for exploitation, but rather protection of their own resources.

Sorry after RSA/NIST, not sure how to explain, but you know how with Android, you're the product, not the consumer, our perception of who/what NSA is for is just wrong, I think.

NSA only likes it when they alone have the key to the backdoor. This is more like a lock that opens if you insert a blank, uncut key into it. If NSA knew, I'm pretty sure they would've reported this to Intel themselves since it is trivially exploitable by anyone, including hostile foreign powers.

just brew it! wrote:

NSA only likes it when they alone have the key to the backdoor. This is more like a lock that opens if you insert a blank, uncut key into it. If NSA knew, I'm pretty sure they would've reported this to Intel themselves since it is trivially exploitable by anyone, including hostile foreign powers.

Not true. Weaknesses in SS7 and cellphone networks can be actively exploited by anyone and is common knowledge. I remember, it was common knowledge that WPA could be broken real time with a cheap commodity laptop of the time.

Sting Rays can only be used by good guys?

Article, just last week about German banking customers getting accounts drained because the attackers used SS7 weakness to get the victims 2nd factor token text messages routed to them. Not related to sting ray, just weakness in telephone networks.

BGP...?

Security through obscurity is a like the number one mantra of national security. What's the number one rule? Don't talk about security.