/?pid=19119

Updated:06:15 PM EST Feb 04
this is ggmania.com subsite

NEWS
rss feed 
 
top 100
archive
ARTICLES
CD/DVD tools
Free Antivir
Security
Drivers
Utilities
FORUMS
LINKS


(C) 2006-2025 TechAmok Independent
All Rights Reserved.


 
 Experts can hack most CPUs since 2008 over USB - TechAmok

Experts can hack most CPUs since 2008 over USB - [security]
08:20 AM EST - Nov,11 2017 - post a comment

Positive Technologies, which in September said it has a way to drill into Intel's secretive Management Engine technology buried deep in its chipsets, has dropped more details on how it pulled off the infiltration. The biz has already promised to demonstrate a so-called God-mode hack this December, saying they've found a way for "an attacker of the machine to run unsigned code in the Platform Controller Hub on any motherboard."

For those who don't know, for various processor chipset lines, Intel's Management Engine sits inside the Platform Controller Hub, and acts as a computer within your computer. It runs its own OS, on its own CPU, and allows sysadmins to remotely control, configure and wipe machines over a network. This is useful when you're managing large numbers of computers, especially when an endpoint's main operating system breaks down and the thing won't even boot properly. Getting into and hijacking the Management Engine means you can take full control of a box, underneath and out of sight of whatever OS, hypervisor or antivirus is installed. This powerful God-mode technology is barely documented and supposedly locked down to prevent miscreants from hijacking and exploiting the engine to silently spy on users or steal corporate data. Positive says it's found a way to commandeer the Management Engine, which is bad news for organizations with the technology deployed.

For some details, we'll have to wait, but what's known now is bad enough: Positive has confirmed that recent revisions of Intel's Management Engine (IME) feature Joint Test Action Group (JTAG) debugging ports that can be reached over USB. JTAG grants you pretty low-level access to code running on a chip, and thus we can now delve into the firmware driving the Management Engine.

With knowledge of the firmware internals, security vulnerabilities can be found and potentially remotely exploited at a later date. Alternatively, an attacker can slip into the USB port and meddle the engine as required right there and then. There have been long-running fears IME is insecure, which is not great as it's built right into the chipset: it's a black box of exploitable bugs, as was confirmed in May when researchers noticed you could administer the Active Management Technology software suite running on the microcontroller with an empty credential string over a network.


Add your comment (free registrationrequired)

Short overview of recent news articles

Feb,04 2026 AI-Powered Breach: Hacker Claims AWS Kingdom in Under 10 Minutes
Feb,04 2026 Microsoft Axes Standalone SharePoint and OneDrive Plans in Push to
Feb,04 2026 Nvidia's $100 billion OpenAI deal has seemingly vanished
Feb,04 2026 The Best 14" Gaming Laptops Right Now
Feb,04 2026 The Solution to the RAM Crisis is... DDR4???
Feb,03 2026 Google Meet can now join Microsoft Teams calls
Feb,03 2026 The Devil Wears Prada 2 - Official Trailer (2026) Meryl Streep, Anne
Feb,02 2026 *EPSTEIN HAD THE SEC SUE RIPPLE/XRP - HOLY SH*T | Gensler Worked For
Feb,02 2026 Mozilla Firefox is making it super easy to turn off its generative
Feb,01 2026 Windows 11 quietly gets a new security feature to protect system
Feb,01 2026 WARNING: TRUMP & RIPPLE/XRP SECRET AGREEMENT AT DAVOS
Feb,01 2026 China's new RAM company, CXMT, is selling RAM at $138
Feb,01 2026 Windows keeps a permanent record of every USB device you've ever
Feb,01 2026 Intel Is BACK - Panther Lake Changes Everything
Jan,31 2026 NVIDIA Releases GeForce Security Update Driver 582.28 for Legacy
Jan,31 2026 AMD 'Zen 6' CCD Packs 12 Cores, 48 MB L3 Cache
Jan,31 2026 Microsoft Set to Disable Legacy NTLM Authentication by Default in
Jan,30 2026 NVIDIA GeForce 591.86 WHQL Driver
Jan,30 2026 iOS 26.3-Important New iPhone Location Privacy Feature Coming Soon
Jan,29 2026 I Made the Ultimate Steam Machine Before Valve
Jan,29 2026 Wardriver - Official Trailer (2026) Dane DeHaan, Sasha Calle,
Jan,28 2026 Apple Intros Improved AirTag
Jan,28 2026 US Version of TikTok off to Bumpy Start; Competitors Surge
Jan,28 2026 Google Chrome no longer needs you, as Gemini takes the driving seat
Jan,27 2026 Premium Subscriptions Coming to Facebook, Instagram, WhatsApp
Jan,25 2026 Windows 11 Best For Gaming? Windows 11 25H2 vs. Windows 10
Jan,24 2026 Microsoft Says Uninstall This Windows Update Immediately (KB5077744
Jan,22 2026 Xbox Developer Direct Livestream 2026 | Fable, Forza Horizon 6,
Jan,22 2026 Iridium Begins Testing its own Satellite Service for Phones
Jan,22 2026 AMD Releases Adrenalin Edition 26.1.1 WHQL Drivers
Jan,18 2026 AI in 2050
Jan,17 2026 iOS 26.2 Fixes Major Security Flaws
Jan,17 2026 Google Links its AI to Your Gmail and Photos for "Personal
Jan,17 2026 Fastest Koenigsegg v Fastest Bugatti: DRAG RACE
Jan,17 2026 Creating a 48GB NVIDIA RTX 4090 GPU
Jan,14 2026 CES was frickin weird, guys
Jan,12 2026 Lee Cronin's The Mummy - Official Teaser Trailer (2026) Jack
Jan,12 2026 Ferrari SF90 XX v Xiaomi SU7 Ultra: DRAG RACE
Jan,10 2026 Welcome to the Wasteland - Fallout (American TV series) fan video
Jan,09 2026 GOOD LUCK, HAVE FUN, DON'T DIE Trailer 2 (2026) Sam Rockwell
>> News Archive <<

TechAmok - Privacy Policy        loading time:0.01secs