Slashdot is powered by your submissions, so send in your scoop

 



Forgot your password?
typodupeerror
×
Electronic Frontier Foundation Intel DRM Security Hardware

EFF Warns Most Of Intel's Chipsets Contain 'A Security Hazard' (eff.org) 158

The EFF is issuing a warning about the "tiny homunculus computer" in most of Intel's chipsets -- the largely-undocumented "Management Engine" which houses more than just the AMT module. An anonymous reader quotes their report: While AMT can be disabled, there is presently no way to disable or limit the Management Engine in general. Intel urgently needs to provide one....vulnerabilities in any of the other modules could be as bad, if not worse, for security. Some of the other modules include hardware-based authentication code and a system for location tracking and remote wiping of laptops for anti-theft purposes... It should be up to hardware owners to decide if this code will be installed in their computers or not. Perhaps most alarmingly, there is also reportedly a DRM module that is actively working against the user's interests, and should never be installed in a Management Engine by default...

While Intel may put a lot of effort into hunting for security bugs, vulnerabilities will inevitably exist, and having them lurking in a highly privileged, low-level component with no OS visibility or reliable logging is a nightmare for defensive cybersecurity. The design choice of putting a secretive, unmodifiable management chip in every computer was terrible, and leaving their customers exposed to these risks without an opt-out is an act of extreme irresponsibility... EFF believes that Intel needs to provide a minimum level of transparency and user control of the Management Engines inside our computers, in order to prevent this cybersecurity disaster from recurring. Unless that happens, we are concerned that it may not be appropriate to use Intel CPUs in many kinds of critical infrastructure systems.

TLDR: "We have reason to fear that the undocumented master controller inside our Intel chips could continue to be a source of serious vulnerabilities in personal computers, servers, and critical cybersecurity and physical infrastructure."
This discussion has been archived. No new comments can be posted.

EFF Warns Most Of Intel's Chipsets Contain 'A Security Hazard'

Comments Filter:
  • by shoor ( 33382 ) on Sunday May 14, 2017 @03:43PM (#54415359)

    I've read about security issues with Intel chips. Makes me think I should go with AMD. But then I wonder, since AMD has a smaller market share, maybe they just aren't scrutinized as much.

    Does anybody really know how 'safe' AMD chips are'? This is not a rhetorical question, and I'm not advocating or editorializing, just wondering.

    • by Anonymous Coward on Sunday May 14, 2017 @03:58PM (#54415413)

      AMD has a similar feature. the FSF warned about these backdoors in both
      Intel and AMD CPUs a while ago. I think the said the last processor made
      without this "backdoor" was an AMD processor made in 2011.

      • by Anonymous Coward

        Though both supposedly contain "backdoor" functionality you can't really say they're "that similar". The Intel ME is massive and almost redundant, a fully featured PC on a die -TM

        • by Anonymous Coward on Sunday May 14, 2017 @06:34PM (#54415873)

          AMD actually goes even further with TrustZone, literally implementing a full arm core on die.

          • And what instruction set do you believe the Intel ME runs? Hint: It's not x86.

          • IPMI and TrustZone are 2 entirely different concepts.

            IPMI is a separate full blown soc that run a micro server offereing a web interface for admins and a java-based VNC
            (AMD's equivalent of intel'sME/AMT)

            TrustZone is about having a separate core that handle a couple of security tasks that, by purpose, need to be shielded from CPU activity.
            namely handling private keys
            (it's cousin of Intel's Trusted Platform).

            IPMI is the scary one, because it has full access to tons of critical component (network, framebuffer,

        • by tibit ( 1762298 )

          Where on Earth do you think Intel's low-end embedded microcontroller offerings come from? It's just the "management" silicon sans the main CPU around it. Intel's Edison and Galileo are just management silicon monetized again.

      • IPMI ; Backdoor (Score:2, Interesting)

        by DrYak ( 748999 )

        AMD has a similar feature.

        On AMD, it's called IPMI.
        The difference is that IPMI is a vendor neutral industry standard (and could be found on chipset of any vendor),
        whereas Intel's ME is their own "NIH-Syndrom" spin of the same concept.

        The difference is that IPMI is considered a "special feature", and can only be found on specific server/workstation chipsets.
        The AMD 990FX doesn't feature this micro server.

        You need to order specific workstation motherboard from manufacturer such as SuperMicro.
        (You know, the manufacturer with such a fil

        • by Anonymous Coward

          A lot of what you have said is incorrect. In particular, conflating IPMI with ME and PSP, and your suggestion that ME is implemented in the chipset as opposed to the CPU - it is not. In ME 11 it's a separate x86 core, in prior versions it was one of several dedicated ARC derivative core. AMD uses a dedicated ARM core, right in their CPU, for PSP.

          IPMI offers similar client manageability to Intel's AMT (which is a component of ME), but they are unrelated technologies. Both function when the machine is turned

    • Re: (Score:2, Insightful)

      by Anonymous Coward

      AMD faces the exact same incentives Intel does to seize control of the hardware it sells.

      EFF speaks the truth, but most of its audience will not listen. Intel and their ilk will continue to get away with selling us disobedient hardware so long as Joe consumer doesn't normally feel much pain from this disobedience.

      • by fluffernutter ( 1411889 ) on Sunday May 14, 2017 @04:21PM (#54415485)
        As a member of the audience, if I am going to be buying a chipset then who do I buy it from if I want to talk with my wallet? Aren't Intel and AMD pretty much the only games in town?
        • by Anonymous Coward

          Yup. They are a cartel, at this point.

          Your only options are to use legislation to force them to do what you want, or to break them up and forcibly inject more competition.

          Neither is likely to happen any time soon.

        • Re: (Score:2, Informative)

          by Anonymous Coward

          Aren't Intel and AMD pretty much the only games in town?

          Among x86, yeah, pretty much. There used to be some others, like Cyrix and Transmeta, but I don't think they're around any more.

          Non-x86 might be the only practical escape at the moment, or much older x86 stuff. Which means open source software, and also, will preclude almost all PC based gaming. For basic web browsing, local email, and similar, I imagine you could do OK with an ARM based device.

          • Elbrus may be? https://www.extremetech.com/co... [extremetech.com]
        • by Anonymous Coward

          You are fuct bro! This is the FACT of ALL current closed source chip fabrication on closed source fabs.

          Vote with your wallet by supporting the next project that offers...
          1) open source chip design
          2) produced on open fabrication labs

          until then, you can expect nothing but fucting backdoors and shiiitt code in everything you buy.
          that is the very sad FACT of affairs today.

          #opensource
          #opendesigns
          #openfabs

          that is the ONLY solution.

        • As a member of the audience, if I am going to be buying a chipset then who do I buy it from if I want to talk with my wallet? Aren't Intel and AMD pretty much the only games in town?

          Go buy a motherboard with gamer-oriented AMD chipset.
          On AMD's side, IPMI (the industry equivalent of Intel's ME) is usually only available on chipset targeting the server/workstation market.

          (i.e.: you'll find IPMI on motherboard by SuperMicro. Not on those by ASUS/GigaByte/etc.)

          And the best move would be to start coordinating petitions to ask for the opensourcing of the small OS and server running on the chipset's embed core.

          (AMD is rather opensource firendly so they might step in and try help push forward

          • IPMI is usually only available on chipset targeting the server/workstation market.

            - Firstly IPMI is still just as separate on Intel server boards and forms an alternative.
            - Secondly IPMI style functionality is a small subset of what Intel's IME does.
            - Thirdly AMD's equivalent is the PSP, which just like IME is in every Intel chip, PSP is in every AMD chip.
            - Fourthly the Trust Zone functionality in AMD's PSP seems to go even a step ahead
            of Intel's IME based on marketing materials in terms of being not in the interests of the user. But I'm inclined to believe that this has more to do with

            • Secondly IPMI style functionality is a small subset of what Intel's IME does.

              It's still a small separate SoC, which runs its own small operating system, webserver and java-based VNC solution (which already implies TONS of access),
              and is connected and listening to the network constantly, even when the main CPU is completely shut down (or even unable to boot) (which was the entire purpose of this kind of system).

              In practice the code quality of the system running on this chip is still so awefull that, it's still vera pwnable.

              - Thirdly AMD's equivalent is the PSP, which just like IME is in every Intel chip, PSP is in every AMD chip.
              - Fourthly the Trust Zone functionality in AMD's PSP seems to go even a step ahead

              From what I've understood, all these various "Security Proces

              • mainly deal

                Yes PSP mainly deals with cryptography like IME mainly deals with power management of the CPU. What they actually do is quite secretive and open.

                Does the PSP have a network stack? Who knows. We do know I/O is mentioned in the marketing materials, we know it has direct memory access to all parts of the system, and we know that all we can do is *trust* AMD, just like all we can do is *trust* Intel that there's nothing nefarious going on.

                Frankly I don't care what the marketing says. The problem comes that ther

        • There's lots of other choices:
          https://www.quora.com/Are-ther... [quora.com]
      • Re: (Score:2, Insightful)

        by Anonymous Coward

        so i guess this is why neither amd nor intel license 3rd party chipsets anymore... this tech is currently not only reliant on the cpu, but also the motherboard's chipset... and if people *HAVE TO* use their chipsets to use their processors.. then they pretty much assure that everything new since a known date is going to have the feature set in hardware... and NOT EVERYTHING is controllable by a bios when management is configurable in it.

        i guess i'm gonna hang on to a few old via-based boards and old 370/462

    • Re: (Score:2, Insightful)

      by Anonymous Coward

      > Does anybody really know how 'safe' AMD chips are'?

      No, nobody knows. AMD engineers *think* they know, but that's what engineers always say while shipping bugged code. If (and it's a big if) there's a backdoor, say, by the Mossad, or the NSA, or the FSB, then you might think that THOSE guys know how 'safe' the chips are- but they don't either, and for the same reason (though if that is true, they would at least know in what exact measure the chips must be UNsafe).

      What AMD has is the Platform Security

  • by Anonymous Coward

    this black box has been around for years. probably a CIA backdoor with a gag order preventing them from documenting.

  • by Anonymous Coward

    It's a purposefully built backdoor for the authorities that you should not try to use as a mortal. Only NSA and GCHQ should know about it. Now get in this black truck with us, we got a couple of questions to ask you.

  • by Anonymous Coward

    Nobody wanted to believe it was bad or real. The few who agreed it existed and was probably an issue immediately countered with "well, they all have backdoors I'm sure..." -but is that true? Do AMD x86 chips have backdoor subsystems on par with Intel ME? Complete with compartmentalized always-on internet subsystem, access to everything even when the OS is offline and the machine is "off"? If we're going to say this is serious enough to avoid Intel chipsets can we be reasonably assured that the major al

    • If we're going to say this is serious enough to avoid Intel chipsets can we be reasonably assured that the major alternative isn't also as bad in that regard?

      Yes. Avoid Intel and choose something else.

      One should always avoid a product that is known to be dangerous for an alternative that could be dangerous, but may not be dangerous at all.

      Even if your new non-intel chip is Dangerous like Intel chips... at least you are sending a signal to all chip suppliers that making weak chips with backdoors will effect their sales, customers will pay more for security and that it will effect shareholders. And hopefully, the backdoors we don't know about will be removed due t

  • According to the article:

    Not every machine is susceptible to the attack. For it to work, AMT has to have been both enabled and provisioned... It can be provisioned by default if vendors used a feature called "Remote Configuration" with OEM Setup [intel.com]

    So, which computers have "Remote Configuration" with OEM Setup? These are the computers that are vulernable the moment you take them out of the box and plug them in.

    For example, are Lenovo ThinkCentres vulnerable out-of-the-box? I recently read a report of an indiv

  • by dweller_below ( 136040 ) on Sunday May 14, 2017 @04:19PM (#54415477)

    ".. presently no way to disable or limit the Management Engine in general.

    Now this is the feature that screams of interference by a spy agency. If this feature was for Management, then YOU COULD MANAGE IT!

    It would be turned off by default. You could turn it off. You could permanently disable it. I have been asking for these capabilities for years. I know I am not the only one. When I talk to other security folks and IT admins, the majority of them want to be able to manage and control the possibility of remote management.

    • by gtall ( 79522 )

      Yes, we know there's nothing of which the NSA isn't capable. They can even violate physical laws if they want.

    • by Kjella ( 173770 ) on Sunday May 14, 2017 @05:25PM (#54415659) Homepage

      Now this is the feature that screams of interference by a spy agency. If this feature was for Management, then YOU COULD MANAGE IT! It would be turned off by default. You could turn it off. You could permanently disable it. I have been asking for these capabilities for years. I know I am not the only one. When I talk to other security folks and IT admins, the majority of them want to be able to manage and control the possibility of remote management.

      This is the best info on what it is I found:

      "Built into many Intel-based platforms is a small, low power computer subsystem called the Intel Management Engine (Intel ME). This can perform various tasks while the system is booting, running or sleeping. It operates independently from the main CPU, BIOS & OS but can interact with them if needed. The ME is responsible for many parts of an Intel-based system. Such functionality extends, but it's not limited, to Platform Clocks Control (ICC), Thermal Monitoring, Fan Control, Power Management, Overclocking, Silicon Workaround (resolves silicon bugs which would have otherwise required a new cpu stepping), Identity Protection Technology, Rapid Start Technology, Smart Connect Technology, Sensor Hub Controller (ISHC), Active Management Technology (AMT), Small Business Advantage (SBA), Wireless Display, Protected Video/Audio Path etc. For certain advanced/corporate features (AMT, SBA etc) the ME uses an out-of-band (OOB) network interface to perform functions even when the system is powered down, the OS and/or hard drivers are non-functional etc. Thus it's essential for it to be operational in order for the platform to be working properly, no matter if the advanced/corporate features are available or not."

      Sure, the remote management bits can be disabled (and in many cases aren't even supported), but part of that sounds pretty impossible to disable. From what I gather AMD is using ARM's TrustZone to achieve pretty much the same things.

      • IME+AMT actually does offer features that are very valuable to Enterprise. You can manage computers Out-of-Band, i.e. even when they're "switched off" or the OS has shit the bed, you can connect remotely and alter BIOS settings, boot to different devices, etc. You can block a computer's network access (e.g. if a machine is infected) and fix the problem remotely without endangering your network. These are real use cases where AMT is genuinely valuable and it's hard to see how you could accomplish this stuff

      • by AmiMoJo ( 196126 )

        The mitigation for the current problem involves disabling the remote management. Then you are just left with a mostly dormant subsystem, but of course it still presents an attack surface.

        Disabling it completely is tricky. You can erase part of its ROM, leaving just the bootloader part required to start up the system.

        The Intel ME seems to be quite complex, with some kind of operating system and various services. One of the most useful is the ability to get a VNC connection to the machine right from power on,

    • It's not for you to manage your system, it's for the system to manage you.

    • Yet, if (you) were able to turn it on or off, then could hackers also do this?
  • by qeveren ( 318805 ) on Sunday May 14, 2017 @04:22PM (#54415487)

    See, I think this is the fundamental misapprehension, these days. :)

  • by Anonymous Coward

    This just reiterates the reason EOMA68 came about and why ThinkPenguin has funded its development for years. EOMA68 aims to reduce the cost of designing and manufacturing devices that are in the users control by modularizing critical components (CPU/RAM/etc). By taking these core components and putting them onto a card it reduces the cost of designing and manufacturing systems. By basing designs on open modular standards the user and community can retain control. And by basing on open modular standards anyo

    • by tomxor ( 2379126 )
      This is an interesting product but it uses ARM, that is not completely open. Yeah they supposedly dont have a management engine of any sort yet but it's still not "open" like they claim.
  • A remote--triggered anti-theft system automatically precludes a complete factory-reset, at least while it is on.

    After all, what good would a remote-trigger anti-theft system do if a theif could just "reset" a stolen laptop before selling it?

    In a perfect world, enabling anti-theft would "lock out" a factory-reset and disabling the anti-theft would require a key of some sort.

    The key here - pun intended - is that the user needs to be able to factory-reset an "unlocked" device and know with confidence - perhaps

    • Talking about factory reset is showing your age. These days it is all about continuous update. If the device stops working you buy another one.

      • by davidwr ( 791652 )

        Talking about factory reset is showing your age. These days it is all about continuous update. If the device stops working you buy another one.

        "If it breaks, trash it" is for cheap stuff or stuff already at end-of-life, not several-hundred-dollar+ computers with years of useful life in them.

  • If this vulnerability shut down all the hospitals in the UK, you'd see some action maybe. Without a crisis, you just have some snooty security gurus gnashing their teeth, which they do all the time, right?

    This is a big problem -- getting chip / system / OS designers to spend time and money to debug systems beyond what end users ignorantly are willing to pay for.

    • Re: (Score:2, Interesting)

      by Anonymous Coward

      If this vulnerability shut down all the hospitals in the UK, you'd see some action maybe. Without a crisis, you just have some snooty security gurus gnashing their teeth, which they do all the time, right?

      This is a big problem -- getting chip / system / OS designers to spend time and money to debug systems beyond what end users ignorantly are willing to pay for.

      The current UK NHS issue has nothing to do with CPU, but instead with unpatched XP based systems and SMB shares.

      And the NHS Trusts where provided funds a couple years ago to update/replace things... where did that money go? obviously not on IT as envisioned.

  • by Anonymous Coward

    Namely the vPro and selected Xeon chips that were marketed to business users at extra cost. You had to pay extra to get these features on the chip, so most chips sold to individual consumers didn't come with them.

    • I configured my laptop to have vPro disabled, so I know that means AMT was also disabled. Do you have a citation that says this ME is also part of vPro?
    • by rahvin112 ( 446269 ) on Monday May 15, 2017 @10:39AM (#54418893)

      Your are so wrong it's not even funny. The intel ME is included in every single Intel chip produced since 2008. If you own an Intel computer that you haven't had since before Obama was president your computer is vulnerable. Period. There is no doubt about this and it's fully acknowledged and published in all the releases from Intel about this vulnerability. It's remotely executable and the code to do so is live in the hacker community.

  • My TRON program should take of the Master Control Program, and shut that right down.

    • Ed Dillinger: "What's the project you're working on?"

      Alan Bradley: "Well, it's called TRON. It's a security program in itself, actually. It monitors all contacts between our systems and other systems. Finds anything going on that's not scheduled, it shuts it down."

      Ed Dillinger: "Part of the Master Control Program?"

      Alan Bradley: "No. No, it'll run independently... and watchdog the MCP as well."

      Ed Dillinger: Smiles badly - "Sounds good."
  • This thoroughly evil Intel backdoor is also a problem for low latency - every so often, the response latency just gets blown to hell and there is nothing that can be done about it, except switch to a different chip. It is high time Intel came clean about it. Just pure evil, nothing less. Can't say anything good about this, or about the idiot PHBs that came up with it.

No spitting on the Bus! Thank you, The Mgt.

Working...