The V and Intel Management Engine


#1

So I just saw an article that reports that every Intel chip from Skylake forward is susceptible to being compromised through the Intel Management Engine.
The IME is a component of the CPU that can act independent of the operating system - the article describes it as “a CPU on top of the CPU”. The documented compromise was by USB. And apparently the IME can only be deactivated by a firmware update.

The Next Web: Researchers find almost EVERY computer with an Intel Skylake and above CPU can be owned via USB.

Now, I’m trying to make sense of this as a relatively non-techy person and I would appreciate the input of more knowledgeable tech gurus in the community. My questions are:

  1. In practical terms, how do you assess the implication of risk to our shiny new V’s? Is this a significant concern?
  2. Where would I get a firmware update to disable IME? Would that come from Intel or from Eve? Is it something that already exists or would it need to be created?

#2

If you continues to read some other articles in the great internets, you would’ve understood that

  1. You can’t get rid of it without introducing other problems (for example your computer rebooting every 30 minutes, or even better not starting at all)

  2. There are people (for example the google singularity) who are working in getting rid of this (along with uefi and some other possibly unsecure parts from the boot process), but it’s enormously difficult because the world is as it is today and companies don’t like change

  3. We are already being watched (Person of interest anyone?) and others know more about us and what we do before we think about it. It’s the price we pay for having things simpler and free. (a price i pay without much problems)

  4. You (as a random guy on the internets) (yes, that includes me as well) are giving this waaaaaaay too much thught. If something bad would happen, CIA? FBI? Area 69? <- they would care about this more than us with our petty problems such as family cat photos and the video of that one time in Thailand with that girl. :^)

This is my feeling about the Intel issue.


#3

I wouldn’t say it’s very significant. There are many threats that give the attacker a chance to take full control of your computer, keyloggers, etc… This is just another one of them. In my understanding, it can see what you’re doing right now while it’s running, but not anything else if it’s encrypted. And that’s why we have antivirus software that prevents you from getting those viruses in the first place, and even if you do get one, prevents it from running.

Trust me, you can’t fix every possible security flaw, because as soon as you fix one, someone finds another one. So your best chance is to get a good antivirus and update it often. And of course, don’t use weird USB sticks you found laying on the ground :wink:


#4

Take a look over at https://puri.sm for security related products and IME related articles.


#5

USB as the method of attack makes it pretty irrelevant imo.
Anywhere where confidential data is stored should already prevent/disable USB access.

“Should” being the operative word, there…


#6

As to my understanding, the attacker needs physical access to your device first before they can abuse it. That factor alone dramatically reduces the probability of your particular device getting attacked.

Even one step after that, if they want to steal your data, how are they going to do it? Copy it over the internet? You need WiFi driver for that with all the dependancies. Copy it to a physical hard drive? How are they going to retreive the hard drive from you?

Of course, this is a real issue and shouldnt be dismissed, but for most people, this is nothing to worry about, FOR NOW.

Its cool though, MINIX OS that is used there, is now probably the most popular OS in the world.


#7

Why tf does it have a full networking stack???


#8

I’ve been reading the links suggested here (thanks for the replies and suggested reading!) and some others. Full network stack and a web server built in besides its USB capabilities. That’s concerning. Seems to me that while the only successful reported attack right now is via USB, the possibility for network based exploration could exist.

I’m curious about this. Are you talking about Windows’ bit locker or is there something else that would be useful?


#9

Well, basically it would be anything that encrypts the wjole hard drive, including Bitlocker. As long as it’s encrypted and not loaded into RAM, it should be safe.


#10

Something that can constantly read my RAM will get loads of info though :sweat_smile:

Does anyone know the exact things Intel Management Engine has access to? I just read one article, which said basically everything and that sounds like quite a bunch.


#11

Even if it does, the next question is how are they going to retrieve the data from you? Copying data from your computer to your computer isn’t exactly harmful


#12

Since it has full network access, it can send whatever to wherever… Or copy to the same USB stick it came from.


#13

#14

New vulnerability, nothing we users can do about.
Team (@iKirin) , we all know you guys are busy with the online shop and second batch, but please find some time to have a patch ready once the HEBs get them :slight_smile:

(please don’t blast the team with tags)


#15

Didn’t see that there is a fix yet available for this.


#16

Note, not all Intel systems are affected. Here is an example output of one of my HP servers featuring a Xeon processor;


INTEL-SA-00086 Detection Tool
Copyright© 2017, Intel Corporation, All rights reserved

Application Version: 1.0.0.128
Scan date: 2017-11-22 05:53:22 GMT

*** Host Computer Information ***
Name: devel
Manufacturer: HP
Model: ProLiant DL360 Gen9

*** Intel® ME Information ***
Engine: Intel® Server Platform Services
Version: 3.0.6.267 (Operational) 3.0.6.267 (Recovery)

*** Risk Assessment ***
Based on the analysis performed by this tool: This system is not vulnerable.

So it’s possible that there is no need for a patch for V at all.


#17

Well , we users can look if the CPU we have is affected: https://downloadcenter.intel.com/es/download/27150


#18

Is this not the same vulnerability as discussed in this thread?


#19

Yes, it is as it seems. That’s why people didn’t really like the IME :joy:


#20

Did not realize it’s the same one. Forgive me.