Intel Management Engine successfully hacked via USB

well thats neat.

10 Likes

OMG this is not god…
Imagine the possibilities, this gives full acces to the machine without the OS knowing jack S-it about it.

Looks like my Westmere EP based machines arnt affected…

1 Like

So until now it was “only” LAN, now USB too? Sounds great.

Does it work like the LAN hack where you can disable the LAN port and be “safe”? How about secondary USB controllers on the board? Like the Aspeed controllers and such?

1 Like

Yay! Another way around BitLocker! last time it was Firewire, this time USB.

Well done intel, I am so glad you added this handy feature to make it easy for your engineers to debug the CPU. Security by obscurity, great mantra!

3 Likes

Well, maybe they’ll finally stop this secretive closed-source nonsense.

2 Likes

I had a feeling something like this was going to happen after seeing this earlier on reddit:

In the letter he mentions IME being based off MINIX, and hoping they didn’t use an old version, and that military grade security was never a goal for minix:

“I certainly hope Intel did thorough security hardening and testing before deploying the chip, since apparently an older version of MINIX was used. Older versions were primarily for education and newer ones were for high availability. Military-grade security was never a goal.”

2 Likes

Oh boy… Time to put locks on everything.

The power of firmware is higher, than even the power of Linux.

So is Minix, a Western miniature version of RedStar? :wink:

IBM, I think its IBM might be someone else though, is working on a completely new thing to get rid of the intel management engine. Its a linux kernel that runs with a small set of tools and its aim is to completely replace UEFI, the intel management engine, and speed up the boot process by like 350% or something ridiculous. It cuts out all the BS that you don’t need in UEFI, so things like networking, for example. You can of course still boot into a UEFI IF you needed to though. Its not meant for the mainstream though, as its aim is completely for servers. I’ll be excited to see that happen and throw out the MIT stuff, especially since the new MIT is based on an Edison chip or something like that and since its all x86 code now its easy to fuck with, like this.

Hope to see that replacement happen soon.

Google is developing NERF. An intro from Ronald Minnich, one of the former leads on coreboot:

Could be interesting.

2 Likes

Gooooooooooogle yeah. I’m excited about NERF TBH. I had a similar idea a long time ago but never really saw how it would actually work. I wanna see what happens with it. I’m really excited about it.

Plus: I wanna see POWER10 have a 4 second boot time XDDD

2 Likes

Seems Intel has patched some aspects here…

https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00086&languageid=en-fr

1 Like

Seems Gigabyte has posted a patch?

Wonder how they would get around it short of phyiscally disconnecting the USB ports from the chipset :confused: Unfortnuately the article doesn’t say anything about it. Maybe it’s a kernel patch to Minix?

Certainly interesting. Also, VoHiYo Eggroll Senpai, didnt know you prowl these parts of the interwebs.

hey man! and yeah, I’m a bit of a linux junky. I regular here, reddit, and youtube