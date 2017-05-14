EFF Warns Most Of Intel's Chipsets Contain 'A Security Hazard' (eff.org) 105
The EFF is issuing a warning about the "tiny homunculus computer" in most of Intel's chipsets -- the largely-undocumented "Management Engine" which houses more than just the AMT module. An anonymous reader quotes their report: While AMT can be disabled, there is presently no way to disable or limit the Management Engine in general. Intel urgently needs to provide one....vulnerabilities in any of the other modules could be as bad, if not worse, for security. Some of the other modules include hardware-based authentication code and a system for location tracking and remote wiping of laptops for anti-theft purposes... It should be up to hardware owners to decide if this code will be installed in their computers or not. Perhaps most alarmingly, there is also reportedly a DRM module that is actively working against the user's interests, and should never be installed in a Management Engine by default...
While Intel may put a lot of effort into hunting for security bugs, vulnerabilities will inevitably exist, and having them lurking in a highly privileged, low-level component with no OS visibility or reliable logging is a nightmare for defensive cybersecurity. The design choice of putting a secretive, unmodifiable management chip in every computer was terrible, and leaving their customers exposed to these risks without an opt-out is an act of extreme irresponsibility... EFF believes that Intel needs to provide a minimum level of transparency and user control of the Management Engines inside our computers, in order to prevent this cybersecurity disaster from recurring. Unless that happens, we are concerned that it may not be appropriate to use Intel CPUs in many kinds of critical infrastructure systems.
TLDR: "We have reason to fear that the undocumented master controller inside our Intel chips could continue to be a source of serious vulnerabilities in personal computers, servers, and critical cybersecurity and physical infrastructure."
While Intel may put a lot of effort into hunting for security bugs, vulnerabilities will inevitably exist, and having them lurking in a highly privileged, low-level component with no OS visibility or reliable logging is a nightmare for defensive cybersecurity. The design choice of putting a secretive, unmodifiable management chip in every computer was terrible, and leaving their customers exposed to these risks without an opt-out is an act of extreme irresponsibility... EFF believes that Intel needs to provide a minimum level of transparency and user control of the Management Engines inside our computers, in order to prevent this cybersecurity disaster from recurring. Unless that happens, we are concerned that it may not be appropriate to use Intel CPUs in many kinds of critical infrastructure systems.
TLDR: "We have reason to fear that the undocumented master controller inside our Intel chips could continue to be a source of serious vulnerabilities in personal computers, servers, and critical cybersecurity and physical infrastructure."
Are AMD chips scrutinized as well? (Score:2)
I've read about security issues with Intel chips. Makes me think I should go with AMD. But then I wonder, since AMD has a smaller market share, maybe they just aren't scrutinized as much.
Does anybody really know how 'safe' AMD chips are'? This is not a rhetorical question, and I'm not advocating or editorializing, just wondering.
Re: (Score:2, Informative)
AMD has a similar feature. the FSF warned about these backdoors in both
Intel and AMD CPUs a while ago. I think the said the last processor made
without this "backdoor" was an AMD processor made in 2011.
Re: (Score:1)
Though both supposedly contain "backdoor" functionality you can't really say they're "that similar". The Intel ME is massive and almost redundant, a fully featured PC on a die -TM
Re:Are AMD chips scrutinized as well? (Score:5, Informative)
AMD actually goes even further with TrustZone, literally implementing a full arm core on die.
Re: (Score:2)
And what instruction set do you believe the Intel ME runs? Hint: It's not x86.
Re: (Score:2)
Used to be Atom. I through I heard they went to ARM in recent models but not sure.
Re: (Score:2, Insightful)
AMD faces the exact same incentives Intel does to seize control of the hardware it sells.
EFF speaks the truth, but most of its audience will not listen. Intel and their ilk will continue to get away with selling us disobedient hardware so long as Joe consumer doesn't normally feel much pain from this disobedience.
Re:Are AMD chips scrutinized as well? (Score:5, Insightful)
Re: (Score:2)
if I am going to be buying a chipset then who do I buy it from if I want to talk with my wallet? Aren't Intel and AMD pretty much the only games in town?
Regrettably the alternative is quite expensive. IBM's Power8 [informationweek.com] chip is the open-source hardware alternative.
The Talos [raptorengineering.com] would be an example of a libre computer using this hardware.
Re: (Score:2, Informative)
Aren't Intel and AMD pretty much the only games in town?
Among x86, yeah, pretty much. There used to be some others, like Cyrix and Transmeta, but I don't think they're around any more.
Non-x86 might be the only practical escape at the moment, or much older x86 stuff. Which means open source software, and also, will preclude almost all PC based gaming. For basic web browsing, local email, and similar, I imagine you could do OK with an ARM based device.
Re: (Score:2)
Re: (Score:2)
Re: (Score:3)
Re: (Score:2, Insightful)
so i guess this is why neither amd nor intel license 3rd party chipsets anymore... this tech is currently not only reliant on the cpu, but also the motherboard's chipset... and if people *HAVE TO* use their chipsets to use their processors.. then they pretty much assure that everything new since a known date is going to have the feature set in hardware... and NOT EVERYTHING is controllable by a bios when management is configurable in it.
i guess i'm gonna hang on to a few old via-based boards and old 370/462
Re: (Score:2)
The general gist is that users should be able to choose whether this shit is enabled or not. They did pay for the chip after all.
Re: (Score:2)
The general gist is that users should be able to choose whether this shit is enabled or not. They did pay for the chip after all.
Oh really?
Just because you paid for a car from Ford or Toyota doesn't mean you get to decide what shit is enabled in the ECU or CAN.
And that's just scratching the surface with a car analogy. The general gist is there's a shitload of electronic devices you pay for and don't get to choose how it behaves.
Re: (Score:1)
That doesn't mean it should be that way.
Your statement and GPs are not even slightly contradictory.
I believe the EFF thinks people should be able to do so with a car too (right to repair).
Re: (Score:2)
The BMCs used for IPMI have far less ability to spy on the running system than the ME does. The older BMCs only had a serial connection that the OS could choose to ignore. Newer ones can see the console (which a server can ignore) and a virtual drive (which the OS can ignore). They can be entirely disabled (including removing it from the board if you're paranoid) or restricted to a management network (physically separate or vlan, your choice).
In contrast, the ME cannot be removed without bricking the system
Re: (Score:2)
Most of those are not plain CPUs, but SoCs (system-on-a-chip) with their own additions, some much worse.
Re: (Score:2, Insightful)
> Does anybody really know how 'safe' AMD chips are'?
No, nobody knows. AMD engineers *think* they know, but that's what engineers always say while shipping bugged code. If (and it's a big if) there's a backdoor, say, by the Mossad, or the NSA, or the FSB, then you might think that THOSE guys know how 'safe' the chips are- but they don't either, and for the same reason (though if that is true, they would at least know in what exact measure the chips must be UNsafe).
What AMD has is the Platform Security
should be old news (Score:1)
this black box has been around for years. probably a CIA backdoor with a gag order preventing them from documenting.
It's not "a security hazard"... (Score:1)
It's a purposefully built backdoor for the authorities that you should not try to use as a mortal. Only NSA and GCHQ should know about it. Now get in this black truck with us, we got a couple of questions to ask you.
I posted links to this stuff 2 years + ago (Score:1)
Nobody wanted to believe it was bad or real. The few who agreed it existed and was probably an issue immediately countered with "well, they all have backdoors I'm sure..." -but is that true? Do AMD x86 chips have backdoor subsystems on par with Intel ME? Complete with compartmentalized always-on internet subsystem, access to everything even when the OS is offline and the machine is "off"? If we're going to say this is serious enough to avoid Intel chipsets can we be reasonably assured that the major al
Re: (Score:3)
If you don't want a backdoor in your processor, you'll need to use an ancient processor.
But fortuitiously, for the 95% of us who aren't ardent gamers, aren't bitcoin miners, and aren't wrangling huge data bases, ancient processors should be more than adequate. A 386SX16 might be a bit lightweight for playing cat videos. But a 15 year old VIA C5 will do a surprising amount of the things people actually want to do about as well as more modern CPUs.
Re: (Score:2)
Recently I've got the feeling that most of my computers' CPUs are woefully underpowered all the sudden, thanks to H.265/HEVC videos.
Re: (Score:2)
If you don't want a backdoor in your processor, you'll need to use an ancient processor.
But fortuitiously, for the 95% of us who aren't ardent gamers, aren't bitcoin miners, and aren't wrangling huge data bases, ancient processors should be more than adequate. A 386SX16 might be a bit lightweight for playing cat videos. But a 15 year old VIA C5 will do a surprising amount of the things people actually want to do about as well as more modern CPUs.
What are you smoking? A 15 year old VIA C5 would barely run java with decent performance. Load any web page today and there are over 25 java scripts being run in the background. The only thing that saved java was the increase in CPU power. Core 2 CPUs from 2006/2007 (about 10 years ago) would be the bare minimum.
Re: (Score:2, Funny)
Time to fire up my Raspberry Pi.
Not a bad idea. I'd use mine, except I seem to have mislaid it. It's not very big you know. Maybe I'll epoxy the next one to a rock or something.
Re: (Score:2)
Mount it to the wall with a couple sheetrock screws.
Which Computers Are Vulnerable Out-Of-The-Box? (Score:1)
According to the article:
So, which computers have "Remote Configuration" with OEM Setup? These are the computers that are vulernable the moment you take them out of the box and plug them in.
For example, are Lenovo ThinkCentres vulnerable out-of-the-box? I recently read a report of an indiv
Feature that screams NSA tampering.. (Score:5, Interesting)
".. presently no way to disable or limit the Management Engine in general.
Now this is the feature that screams of interference by a spy agency. If this feature was for Management, then YOU COULD MANAGE IT!
It would be turned off by default. You could turn it off. You could permanently disable it. I have been asking for these capabilities for years. I know I am not the only one. When I talk to other security folks and IT admins, the majority of them want to be able to manage and control the possibility of remote management.
Re: (Score:1)
It's certainly possible. If NSA or anyone at Intel did this on purpose, there will be hell to pay.
I by 'hell' you of course mean that pretty much no repercussion is going to happen to any of the responsible parties.
BTW. What chipset/bios goes into government purchased hardware? Intel is a pretty standard stipulation for government contracted IT equipment purchases. In what manner exactly does Intel polish this turd before they deliver on government contracts.
Dont tell me the government buys equipment with this vulnerability pre-installed. Its almost like they are asking to be pwned. . If so I think the
Re: (Score:3)
Funny you mention this, because someone at Intel let slip that there is a special ME firmware installed on computers sold to certain government entities...
Re: (Score:2)
May be just a rumor, I've heard of it more than once recently. Here's one instance:
https://hackaday.com/2016/11/2... [hackaday.com]
Re:Feature that screams NSA tampering.. (Score:5, Insightful)
Ha! The NSA is directly responsible for weaponizing and attempting to bury a security flaw that just caused a massive worldwide crisis this weekend and there appears to be no hell to pay for that. I'm pretty sure it's been established that they'll not be held accountable for anything they do.
Re: (Score:3)
Yes, we know there's nothing of which the NSA isn't capable. They can even violate physical laws if they want.
Re:Feature that screams NSA tampering.. (Score:5, Informative)
Now this is the feature that screams of interference by a spy agency. If this feature was for Management, then YOU COULD MANAGE IT! It would be turned off by default. You could turn it off. You could permanently disable it. I have been asking for these capabilities for years. I know I am not the only one. When I talk to other security folks and IT admins, the majority of them want to be able to manage and control the possibility of remote management.
This is the best info on what it is I found:
"Built into many Intel-based platforms is a small, low power computer subsystem called the Intel Management Engine (Intel ME). This can perform various tasks while the system is booting, running or sleeping. It operates independently from the main CPU, BIOS & OS but can interact with them if needed. The ME is responsible for many parts of an Intel-based system. Such functionality extends, but it's not limited, to Platform Clocks Control (ICC), Thermal Monitoring, Fan Control, Power Management, Overclocking, Silicon Workaround (resolves silicon bugs which would have otherwise required a new cpu stepping), Identity Protection Technology, Rapid Start Technology, Smart Connect Technology, Sensor Hub Controller (ISHC), Active Management Technology (AMT), Small Business Advantage (SBA), Wireless Display, Protected Video/Audio Path etc. For certain advanced/corporate features (AMT, SBA etc) the ME uses an out-of-band (OOB) network interface to perform functions even when the system is powered down, the OS and/or hard drivers are non-functional etc. Thus it's essential for it to be operational in order for the platform to be working properly, no matter if the advanced/corporate features are available or not."
Sure, the remote management bits can be disabled (and in many cases aren't even supported), but part of that sounds pretty impossible to disable. From what I gather AMD is using ARM's TrustZone to achieve pretty much the same things.
Re: (Score:2)
It's not for you to manage your system, it's for the system to manage you.
"...inside our Intel chips..." (Score:3)
See, I think this is the fundamental misapprehension, these days.
:)
A solution to AMD & Intel has been brewing: EO (Score:1)
This just reiterates the reason EOMA68 came about and why ThinkPenguin has funded its development for years. EOMA68 aims to reduce the cost of designing and manufacturing devices that are in the users control by modularizing critical components (CPU/RAM/etc). By taking these core components and putting them onto a card it reduces the cost of designing and manufacturing systems. By basing designs on open modular standards the user and community can retain control. And by basing on open modular standards anyo
Factory reset vs anti-theft, pick one (Score:2)
A remote--triggered anti-theft system automatically precludes a complete factory-reset, at least while it is on.
After all, what good would a remote-trigger anti-theft system do if a theif could just "reset" a stolen laptop before selling it?
In a perfect world, enabling anti-theft would "lock out" a factory-reset and disabling the anti-theft would require a key of some sort.
The key here - pun intended - is that the user needs to be able to factory-reset an "unlocked" device and know with confidence - perhaps
Re: (Score:2)
Talking about factory reset is showing your age. These days it is all about continuous update. If the device stops working you buy another one.
Re: (Score:1)
Talking about factory reset is showing your age. These days it is all about continuous update. If the device stops working you buy another one.
"If it breaks, trash it" is for cheap stuff or stuff already at end-of-life, not several-hundred-dollar+ computers with years of useful life in them.
How many hospitals have been pwned? (Score:2)
If this vulnerability shut down all the hospitals in the UK, you'd see some action maybe. Without a crisis, you just have some snooty security gurus gnashing their teeth, which they do all the time, right?
This is a big problem -- getting chip / system / OS designers to spend time and money to debug systems beyond what end users ignorantly are willing to pay for.
Re: (Score:2, Interesting)
If this vulnerability shut down all the hospitals in the UK, you'd see some action maybe. Without a crisis, you just have some snooty security gurus gnashing their teeth, which they do all the time, right?
This is a big problem -- getting chip / system / OS designers to spend time and money to debug systems beyond what end users ignorantly are willing to pay for.
The current UK NHS issue has nothing to do with CPU, but instead with unpatched XP based systems and SMB shares.
And the NHS Trusts where provided funds a couple years ago to update/replace things... where did that money go? obviously not on IT as envisioned.
Only Some Intel Chips Included ME and AMT (Score:1)
Namely the vPro and selected Xeon chips that were marketed to business users at extra cost. You had to pay extra to get these features on the chip, so most chips sold to individual consumers didn't come with them.
Re: (Score:1)
Re: (Score:2)
If its a feature, why you can't disable or see how it works?
Alan Says.... (Score:2)
My TRON program should take of the Master Control Program, and shut that right down.
Re: (Score:2)
Alan Bradley: "Well, it's called TRON. It's a security program in itself, actually. It monitors all contacts between our systems and other systems. Finds anything going on that's not scheduled, it shuts it down."
Ed Dillinger: "Part of the Master Control Program?"
Alan Bradley: "No. No, it'll run independently... and watchdog the MCP as well."
Ed Dillinger: Smiles badly - "Sounds good."
Re: (Score:2)
yum install nsa-backdoor gchq-backdoor
Get with the times, neckbeard!
Re: (Score:2)
outdated, now it's:
yum install nsa-backdoor gchq-backdoor
Get with the times, neckbeard!
+1 Unintentionally Funny, given that yum has been deprecated in favor of dnf in newer distros.
Re: (Score:2)
Re: Establish a router based port filter: Why? (Score:1)