Intel Backdoor Puts PCs At Risk



blokesbloke

Well-known member
Joined
Jan 13, 2011
Messages
22,697
Is there anything that can be done or is it just baked into the processor and that's that?
 

statsman

Well-known member
Joined
Feb 25, 2011
Messages
55,055
Is there anything that can be done or is it just baked into the processor and that's that?
What, no raised eyebrows for 'backdoor'? I'm shocked, really I am. ;)
 

jmcc

Well-known member
Joined
Jun 12, 2004
Messages
42,359
Is there anything that can be done or is it just baked into the processor and that's that?
It seems to affect business versions rather than retail. Intel did release a patch for it on April 25th according to the first article. Most of the responsible sellers/manufacturers will make patches available but the danger is that people could end up bricking their computers trying to apply them. It looks like one of those "it seemed like a good idea at the time" additions but the Snowden and CIA revelations have made everyone paranoid.

This is a a fairly important point in the article:
"Depending on whether you are a glass half empty or half full type, there is a bit of good news. This flaw is remotely exploitable only if you have AMT turned on, that is the ‘good’ news. The bad news is that if you don’t have it turned on or provisioned the vulnerability is still exploitable locally. "

It is not remotely exploitable unless that AMT feature is on but it can be hit locally. But if it is hit locally, then the attacker is already either on your local network or has physical access to the box and there are easier methods of getting data or planting malware on the box.

And now for the paranoid bit:

"If you aren’t the half full type, you might sum this up by saying there is no way to protect a manageable Intel based computer until this hole has been patched, it is that bad. Let me repeat, you can not protect a manageable PC or server with this flaw until there is a patch, period. This flaw is present in ME firmware from version 6.0-11.6, things before and after those numbers are not affected probably because they used the AMT engine with the non-ARC CPU cores in older iterations."

Basically, everyone is going to be waiting for that official patch but as usual, most people will not apply it or will be completely unaware of its existence.
 

blokesbloke

Well-known member
Joined
Jan 13, 2011
Messages
22,697
What, no raised eyebrows for 'backdoor'? I'm shocked, really I am. ;)
Oh my love it was the first thing I thought of, but I decided to take the higher road as it were.

Thanks for bringing me back down to the ditch with a bump!

Now we're both here do you fancy a quick fumble?
 

cozzy121

Well-known member
Joined
May 26, 2009
Messages
5,117
Seems that there is a backdoor on some Intel based PCs that makes them remotely vulnerable.

Remote security exploit in all 2008+ Intel platforms - SemiAccurate

https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00075&languageid=en-fr

This might not get covered by the "technology" churnalists in the Dublin media but it is a rather important story.
For the layman/woman/citizen of the earth, should we burn all machines with this Intel chip or just ignore it and hope trump blows us all to hell before hackers do?
 

jmcc

Well-known member
Joined
Jun 12, 2004
Messages
42,359
For the layman/woman/citizen of the earth, should we burn all machines with this Intel chip or just ignore it and hope trump blows us all to hell before hackers do?
Same as with Trump. Wait but pray. :) There are instructions on the Intel page for a program to check vulnerability and it also has instructions on how to use it but it is more of a business network user problem at the moment. It might be possible to target individual computers but weaponising this hack for this purpose might be a bit more complex than usual. Good quality name-brand boxes will have patches available from the manufacturers soon.

The best advice is in the first article:
"TLDR; Average computer user – If your system is 10 years old or newer it is likely exploitable, check for patches daily and install all patches immediately. If there is no patch, back up data and replace."

The Register has a good, and relatively straightforward, article on it:
https://www.theregister.co.uk/2017/05/01/intel_amt_me_vulnerability/

This is a bit more technical:
https://arstechnica.com/security/2017/05/intel-patches-remote-code-execution-bug-that-lurked-in-cpus-for-10-years/
 


New Threads

Popular Threads

Most Replies

Top