What We Have Learned About Intel ME Security In Recent Years: 7 Facts About The Mysterious Subsystem

Image: Unsplash Intel ME has captured the attention of researchers during the last years. There is an air of mystery about the technology. Although it has access to virtually all the data on the computer, and hackers can get total control over the machine if they manage to compromise Intel ME, there are no official documents or guides regarding its use. That is why researchers … Continue reading What We Have Learned About Intel ME Security In Recent Years: 7 Facts About The Mysterious Subsystem

Intel ME Manufacturing Mode: obscured dangers and their relationship to Apple MacBook vulnerability CVE-2018-4251

The weakness of \”security through obscurity\” is so well known as to be obvious. Yet major hardware manufacturers, citing the need to protect intellectual property, often require a non-disclosure agreement (NDA) before allowing access to technical documentation. The situation has become even more difficult with the growing intricacy of chip designs and integration of proprietary firmware. Such obstacles make it nearly impossible for independent researchers … Continue reading Intel ME Manufacturing Mode: obscured dangers and their relationship to Apple MacBook vulnerability CVE-2018-4251

Positive Technologies researcher finds vulnerability enabling disclosure of Intel ME encryption keys

Image credit: Unsplash Intel has issued a patch in response to a serious vulnerability in Intel ME firmware discovered by Positive Technologies expert Dmitry Sklyarov. The vulnerability involved security mechanisms in the MFS file system, which Intel ME uses to store data. By exploiting this flaw, attackers could manipulate the state of MFS and extract important secrets. Intel ME (short for \”Management Engine\”) stores data … Continue reading Positive Technologies researcher finds vulnerability enabling disclosure of Intel ME encryption keys

Intel patches new ME vulnerabilities

In early July, Intel issued security advisories SA-00112 and SA-00118 regarding fixes for vulnerabilities in Intel Management Engine. Both advisories describe vulnerabilities with which an attacker could execute arbitrary code on the Minute IA PCH microcontroller. The vulnerabilities are similar to ones previously discovered by Positive Technologies security experts last November (SA-00086). But that was not the end of the story, as Intel has now … Continue reading Intel patches new ME vulnerabilities

Apple fixed firmware vulnerability found by Positive Technologies

The vulnerability allowed exploiting a critical flaw in Intel Management Engine and still can be present in equipment of vendors that use Intel processors. Apple released an update for macOS High Sierra 10.13.4, which fixes the firmware vulnerability CVE-2018-4251 found by Positive Technologies experts Maxim Goryachy and Mark Ermolov. For more details, see Apple Support. Maxim Goryachy notes: \”The vulnerability allows an attacker with administrator … Continue reading Apple fixed firmware vulnerability found by Positive Technologies

Apple fixes security hole in Intel ME discovered by Positive Technologies

Apple has released a security update for macOS High Sierra 10.13.2, macOS Sierra 10.12.6 and OS X El Capitan 10.11.6, that patches a vulnerability in Intel Management Engine found by Positive Technologies experts Mark Ermolov and Maxim Goryachy. Details are available in a security document on the Apple support website.Intel Management Engine is a microcontroller integrated into the Platform Controller Hub (PCH) with a set … Continue reading Apple fixes security hole in Intel ME discovered by Positive Technologies

How to Hack a Turned-off Computer, or Running Unsigned Code in Intel ME

At the recent Black Hat Europe conference, Positive Technologies researchers Mark Ermolov and Maxim Goryachy spoke about the vulnerability in Intel Management Engine 11, which opens up access to most of the data and processes on the computer. Such level of access also means that any attacker exploiting this vulnerability, once bypassed traditional software-based protection, will be able to conduct attacks even when the computer … Continue reading How to Hack a Turned-off Computer, or Running Unsigned Code in Intel ME

Recovering Huffman tables in Intel ME 11.x

Today Positive Technologies\’ expert Dmitry Sklyarov will explain how Intel ME 11.x stores its state on the flash and the other types of file systems that are supported by ME 11.x in London during his talk on Black Hat conference. Here is his articles about recovering Huffman tables in Intel ME 11.x Many Intel ME 11.x modules are stored in Flash memory in compressed form [1]. Two … Continue reading Recovering Huffman tables in Intel ME 11.x

Intel fixes vulnerability found by Positive Technologies researchers in Management Engine

Intel has issued a security advisory and released a patch for a vulnerability discovered in Intel ME by Positive Technologies researchers Mark Ermolov and Maxim Goryachy. Intel has also published a downloadable detection tool so that administrators of Windows and Linux systems can determine whether their hardware is at risk. Intel Management Engine is a proprietary dedicated microcontroller integrated into the Platform Controller Hub (PCH) … Continue reading Intel fixes vulnerability found by Positive Technologies researchers in Management Engine

Disabling Intel ME 11 via undocumented mode

Our team of Positive Technologies researchers has delved deep into the internal architecture of Intel Management Engine (ME) 11, revealing a mechanism that can disable Intel ME after hardware is initialized and the main processor starts. In this article, we describe how we discovered this undocumented mode and how it is connected with the U.S. government\’s High Assurance Platform (HAP) program. Disclaimer: The methods described … Continue reading Disabling Intel ME 11 via undocumented mode