black hat 2017: Running Unsigned Code in Intel Management Engine (vulnerability)

LASER_oneXM

LASER_oneXM

Level 37
Thread author
Verified
Top Poster
Well-known
Feb 4, 2016
2,520
here is the entire article:

How to Hack a Turned-Off Computer, or Running Unsigned Code in Intel Management Engine

Intel Management Engine is a proprietary technology that consists of a microcontroller integrated into the Platform Controller Hub (PCH) microchip with a set of built-in peripherals. The PCH carries almost all communication between the processor and external devices; therefore Intel ME has access to almost all data on the computer, and the ability to execute third-party code allows compromising the platform completely. Researchers have been long interested in such "God mode" capabilities, but recently we have seen a surge of interest in Intel ME. One of the reasons is the transition of this subsystem to a new hardware (x86) and software (modified MINIX as an operating system) architecture. The x86 platform allows researchers to bring to bear all the power of binary code analysis tools.

Unfortunately, this changing did not go without errors. In a subsystem change that will be detailed in the talk of Intel ME version 11+, a vulnerability was found. It allows an attacker of the machine to run unsigned code in PCH on any motherboard via Skylake+. The main system can remain functional, so the user may not even suspect that his or her computer now has malware resistant to reinstalling of the OS and updating BIOS. Running your own code on ME gives unlimited possibilities for researchers, because it allows exploring the system in dynamics.

In our presentation, we will tell how we detected and exploited the vulnerability, and bypassed built-in protection mechanisms.
Click to expand...


__EDIT___
here is another article about this bug. It has been published on a big german computer forum/portal:
Intel-Chipsätze: Sicherheitslücke erlaubt beliebige Code-Ausführung
 
Last edited:
  • Like
Reactions: Daljeet, In2an3_PpG, frogboy and 8 others
Solarquest

Solarquest

Moderator
Verified
Staff Member
Malware Hunter
Well-known
Jul 22, 2014
2,525
Very bad vulnerability.... apparently no defence from it, if you get infected and somehow you find it out (how?), you can just throw the MB in the trash...bad, bad news...
 
Last edited:
  • Like
Reactions: Daljeet, In2an3_PpG, frogboy and 6 others
LASER_oneXM

LASER_oneXM

Level 37
Thread author
Verified
Top Poster
Well-known
Feb 4, 2016
2,520
^^^^ here is another article in a big german online magazine for IT about this bug.

Minix: Fehler in Intel ME ermöglicht Codeausführung - Golem.de


a quote from this article:
Die Schwachstelle soll alle Prozessoren der Skylake- und Kaby-Lake-Reihe betreffen und wird über den Platform Controller Hub (PCH) getriggert.
Click to expand...

Translation:
Code: 
All Skylake and Kaby-lake CPUs are affected by this voulnerability..... ..... .....



another quote from the article:
Virenscanner und andere gängige Sicherheitstools sind derzeit nicht in der Lage, einen entsprechenden Angriff abzuwehren oder zu erkennen.
Click to expand...

Translation:
Code: 
AV software and other popular security tools are currently not able to block
or detect this kind of attack
 
  • Like
Reactions: tonibalas, Daljeet, frogboy and 1 other person
gorblimey

gorblimey

Level 2
Verified
Aug 30, 2017
99
tonibalas said:
Help me out a little.
This is a problem for Skylake or any Intel cpu?
Click to expand...

We-e-e-ell, I run a Gigabyte GA-H61M-USB3-B3 Rev2 with a Sandy Bridge i5 2400... It appears I don't have the IME, but if I want it I can download it from Drivers Search: GA-H61M-USB3-B3 but I must also upgrade from W7x64 to W8.1. Well, the upgrade will never happen :mad:. So it seems I'm safe :) And vPro is also not for me :p

But seriously, those with older boards might want to take a good long dekko at their BIOS.
 
  • Like
Reactions: tonibalas
You must log in or register to reply here.

Similar threads

CyberTech
    • Like
    • +Reputation
Security News LogoFAIL bugs in UEFI code allow planting bootkits via images
Replies
2
Views
1,854
Security News
Andy Ful
Andy Ful
CyberTech
    • Like
Security News Intel Sued Over ‘Downfall’ CPU Vulnerability
Replies
0
Views
1,287
Security News
CyberTech
CyberTech
silversurfer
    • Like
    • +Reputation
    • Applause
Intel and Lenovo Develop Future of PCs in Shanghai
Replies
1
Views
560
News Archive
ForgottenSeer 97327
F

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top