Someone obtained a fully functional JTAG for Intel CSME via USB DCI

[William Gaatjes]

Most older CPUs are really under powered for any reasonable work load these days. I am not sure if these kind of (ME) vulnerability can cause problems behind a firewall (primarily with NAT protection). What about a work place environment when there are 100+ PCs running 24x7?

Of course that will not work.I mentioned it would be slow.
But if you want to make your isolated home web pc safe for whatever reason... It is a means to an end.

 

[coercitiv]

My MSI Z170I board finally got patched.

 

[moinmoin]

In related news, who are we kidding, of course AMD has bugs in its ME counterpart as well (includes some technical details that are nice to know).

 

[DrMrLordX]

It's good that someone finally dug into the PSP and got hard data on how to exploit it. Looks like AMD will fix that pretty quickly though.

 

[coercitiv]

And another one... just use the admin default credentials.

Researcher finds another security flaw in Intel management firmware

Today, researchers at F-Secure have revealed another weakness in Intel's management firmware that could allow an attacker with brief physical access to PCs to gain persistent remote access to the system, thanks to weak security in Intel's Active Management Technology (AMT) firmware—remote "out of band" device management technology installed on 100 million systems over the last decade, according to Intel.

But the latest vulnerability—discovered in July of 2017 by F-Secure security consultant Harry Sintonen and revealed by the company today in a blog post—is more of a feature than a bug. Notebook and desktop PCs with Intel AMT can be compromised in moments by someone with physical access to the computer—even bypassing BIOS passwords, Trusted Platform Module personal identification numbers, and Bitlocker disk encryption passwords—by rebooting the computer, entering its BIOS boot menu, and selecting configuration for Intel’s Management Engine BIOS Extension (MEBx).

If MEBx hasn't been configured by the user or by their organization's IT department, the attacker can log into the configuration settings using Intel's default password of "admin.” The attacker can then change the password, enable remote access, and set the firmware to not give the computer's user an "opt-in" message at boot time. "Now the attacker can gain access to the system remotely," F-Secure's release noted, "as long as they’re able to insert themselves onto the same network segment with the victim (enabling wireless access requires a few extra steps)."

 

[dark zero]

The "secret 3G radio" smells like BS... seriously, where the heck would they hide the antenna for this secret modem?

Anyway, this is great news. Hopefully they can find a way to permanently disable this backdoor.

Indeed... That "secret" 3G radio for me is BS too... But how about a 2G one? Is way easier to hid a 2G chip than a 3G one.

 

[Qwertilot]

Hang on, they did what? Ok, so its down to OEM's & friends too, but isn't this just obviously insane?

 

[godihatework]

And another one... just use the admin default credentials.

Researcher finds another security flaw in Intel management firmware

So if someone gains physical control of your device and you haven't changed default passwords they can bypass security?

Color me shocked.

 

[DrMrLordX]

So if someone gains physical control of your device and you haven't changed default passwords they can bypass security?

Color me shocked.

How many people even know how to configure their MEBx password?

 

[moinmoin]

How many people even know how to configure their MEBx password?

Surely all the wrong ones.

 

[DrMrLordX]

Surely all the wrong ones.

Heh. Well allegedly all you have to do is press Ctrl-P during boot, but I haven't heard of anyone who has been able to replicate even that element of the attack on their own machine.

If I had an Intel machine around here with MEBx options in the BIOS/UEFI I would try it. But I don't.

 

[coercitiv]

An update from Intel concerning the latest security issue

We appreciate the security research community calling attention to the fact that some system manufacturers have not configured their systems to protect Intel Management Engine BIOS Extension (MEBx). We issued guidance on best configuration practices in 2015 and updated it in November 2017, and we strongly urge OEMs to configure their systems to maximize security. Intel has no higher priority than our customers’ security, and we will continue to regularly update our guidance to system manufacturers to make sure they have the best information on how to secure their data.

source