You people are nerds.... so I ask the following and hope the answer is in English.
Hypothetically, should one have found somewhere (like a really large business) where the Intel Management Engine was enabled on the majority of networked PCs and should someone have found the password was the default password.....
...how big of a security issue is this?
I'm not very well versed in security issues but i would assume it depends on how their firewall and network is setup, i.e does it accept anonymous incoming connections, is the IME port open to the outside world, could a payload (program) get onto their system, things like that.
It's significant but probably not as serious as it seems at first.Originally Posted by philehidiot
The Intel Management Engine provides the equivalent of physical access to each PC. It's highly unlikely that these are accessible from the internet, however having such a glaring security hole like this will make it much easier for someone once they manage to get in to the network from outside.
Baring in mind they are this rubbish at security in the first place, I suspect that getting in will not be that hard.
"In a perfect world... spammers would get caught, go to jail, and share a cell with many men who have enlarged their penises, taken Viagra and are looking for a new relationship."
It's a nightmare to disable IME, it can be done on older iterations of IME. On some of my older gold builds I dont install the driver as once it's installed it's never coming off. However, they've made it ever more integral so that trick no longer works. intel also made it difficult to update the firmware directly so older equipment suffers with all sorts of exploits. The BIOS/UEFI updates are supposed to handle this, but you're reliant on your PC/Mobo/Laptop manufacturer releasing such an update. If there are no more for your system its a problem for exploits.
Disabling AMT will not disable ME. Intel purposely make it difficult/impossible to disable.
If you have older equipment pre 2017 you can use this tool to see if any are vulnerable.
https://www.intel.com/content/www/us...-sa-00086.html
https://downloadcenter.intel.com/download/27150
I was going to write a long reply to that but I suspect I should hold back as this is hypothetical.
And doesn't exist.
And never will.
Because no organisation is this rubbish, right?
EDIT: The password being default... is that easy to solve centrally rather than visiting every PC?
You could sort of do it centrally, ironically by using IME to connect to all the PCs and change the password According to this you can create a profile then distribute it. I dont think its a sit back and relax method though.
https://software.intel.com/en-us/amt...lated-software
IME use is beyond my experience, from what I gather Intel provides the hardware, SDK & a handful of tools, beyond that its 3rd party madness.
https://software.intel.com/en-us/amt-sdk
Really, it sounds like something they should be doing as standard when they are configuring a new PC. Like setting a BIOS password... But to be honest that would just get in my way.
Hypothetically.
Within a large organisation the time added to configuring a PC is quite phenomenal when you have to go into the ME BIOS to add a password.... It adds another step an already ludicrously long task that we could do without. And whats stupid, once your CMOS is cleared you can effectively wipe the ME password, so it's not even that difficult to circumvent once someone has a hold of it or simply when the CMOS battery dies and no longer stores the CMOS password.
Hypotheticallyit certainly highlights how stupid Intels policies are on this. People have called for an option to disable it. They allow you to disable VT for example and usually is by default but not ME.
This demonstrates the lengths people are going to to disable it
Last edited by AGTDenton; 08-07-2019 at 12:18 AM.
Are you actually serious?
So if you "borrow" a laptop or PC, all you have to do is wipe CMOS and that resets the IME password? And this is a "feature" they want corporations to use routinely?
Hello, AMD. I hear you're not retards.
Within the BIOS is an option to clear ME settings. (whether this option is on all motherboards/laptops I couldn't say, and whether there is a second layer of security I couldn't say). A lot of laptops have a BIOS thats a bit thin on the ground for advanced options so the option may not exist at all on those.
Similarly on some motherboards there is a jumper to clear AMT. I doubt you would see that on Laptops due to space constraints, but wouldn't rule it out either. If you have the right access to Dell & HP they go into quite some detail on their Circuit Diagrams... so it wouldn't take a master to find out if there is a way to short something to clear the AMT.
Obviously all this would have to be quite a direct physical attack. But a laptop left on the bus, train etc.. or as you say borrowed could be handed back with an exploit.
Last edited by AGTDenton; 08-07-2019 at 11:07 PM.
I have found that the best kinds of attack are those which use the failings of humans rather than the failings of software. It's quite easy if you know what you're doing to liberate a laptop on a train, someone thinks they lost it, it gets handed in "modified" and the cheapo company thinks "we got away with that" and puts it straight back into service.
Pretty much all the best exploits are through social engineering or taking advantage of idiocy / greed.
I once saw a clip from a TV show where they just scattered USB sticks all over the car park outside an office. Each one had a trojan on and they just needed one employee to get curious and plug it in. Thought that was brilliant.
Yeah It's surprising how overlooked the human element is. Sadly these days the employee just has to pass it on to I.T. to blame, pure ignorence is bliss.
We should probably do a course one day in Security, it seems to be one of the last skilled IT jobs now that everything is moving to the cloud.
Perhaps Intel will hire us...
Hah I'll have to google that
Mr Robot series 1 episode 6, about 9 minutes in.
they're breaking into a prison for 'reasons'.
(recently watched it, remembered the scene)
theres also the 'here would you like a demo CD of my music, please listen' method in the show too.
AGTDenton (08-07-2019)
Bit of a pity, as those could be legit too. Though online promotion is probably more in nowadays, I do still see street performers hand out CDs now and then.. though I'd like to think that if they can perform well enough for me to be interested in their CDs, they are putting more effort into the music than cybercrime..
There are currently 1 users browsing this thread. (0 members and 1 guests)
Posting Permissions
LinkBack URL
About LinkBacks
Reply With Quote
