Print this page
Published in News

Russians confirm hacking Intel’s ME

by on13 November 2017


Oh those Russians
 

The Russian outfit which claimed to hack Intel's secretive Management Engine has given some more details as to how it did it.

Positive Technologies put the fear of Putin into Intel in September when it claimed to know how to drill into technology buried deep in its chipsets. The announcement sent Google engineers to find a way to switch the code off.

Positive said that it found a way for “an attacker of the machine to run unsigned code in the Platform Controller Hub on any motherboard”.

For those who came in late, Intel's Management Engine sits inside the Platform Controller Hub, and acts as a computer within your computer. It runs its own OS, on its own CPU, and allows sysadmins to remotely control, configure and wipe machines over a network.

While it is good for managing large numbers of computers getting into and hijacking the Management Engine means you can take full control without the OS, hypervisor or antivirus ever spotting it.

Positive has confirmed that recent revisions of Intel's Management Engine (IME) feature Joint Test Action Group (JTAG) debugging ports that can be reached over USB. JTAG grants you pretty low level access to code running on a chip.

Security vulnerabilities can be found and potentially remotely exploited at a later date. An attacker can slip into the USB port and bork the engine.

A linked Russian blog https://habrahabr.ru/company/pt/blog/341946/ said that since Skylake, Intel's Platform Controller Hub, which manages external interfaces and communications, has offered USB access to the engine's JTAG interfaces. The new capability is  DCI, aka Direct Connect Interface.

Aside from any remote holes found in the engine's firmware code, any attack against IME needs physical access to a machine's USB ports which as we know is really difficult.

Last modified on 13 November 2017
Rate this item
(0 votes)