Updated:04:54 PM EST Dec 13


this is ggmania.com subsite Experts can hack most CPUs since 2008 over USB - TechAmok

TOP STORIES

HEADLINES

3 Awesome Life Hacks
Emily Ratajkowski's Body Perfection
GeForce RTX 2080 Ti Now De-listed on NVIDIA's Online Store
Researchers Discover Seven New Meltdown and Spectre Attacks
This Guy Seems To Have Broken The Matrix
How A Hacker Obtained Motorola Source Code with a Few Phone Calls
Eiza Gonzalez Is An Amazing Talent!
Apple Quotes Teen $1,200 For MacBook Repair
Galina Dub's Booty Is Incredible
Western Digital's new 15TB hard drive is the biggest one ever made
What Is The Strongest Material In The Universe?
See the World Through the Eyes of a Tesla
Presumably Preteen Gorilla Loves To Annoy His Dad
Why is the 9900K so hot?
Maria Doroshina - Fit Russian Blonde Beauty
Google Debuts New Chrome OS Pixel Slate
Super Micro mobos used by Apple, Amazon contained Chinese spy chips
Alexis Ren does a split jump on set for SI Swimsuit 2018

Apple to Invest $1B In Austin and Hire Thousands Around the US
Opera Browser for Android Adds Crypto Wallet and Web 3
Russian State TV Mistakes Man in a Suit for a Robot
AMD Adrenalin 2019 Edition 18.12.2 Drivers
NVIDIA Releases GeForce 417.35 WHQL Drivers
Google Trends Releases the Biggest Search Topics of 2018
Microsoft Revamping Its IntelliMouse With Improved Sensor
Astronauts are Inspecting the ISS's Air Leak Right Now
Samsung's Galaxy A8s is the first phone with a hole
Fortnite Streamer Reportedly Arrested after Beating Wife on Stream
Microsoft Claims the iPad "Isn't a Real Computer"
Marvel Studios' Avengers - Official Trailer
Scientists Develop 10-Minute Universal Cancer Test
Ashtanga Yoga - core strength for back bends
Wasp and cockroach filmed in fierce battle leaving one HEADLESS
Beautiful Taekwondo Girls
JPL Uploads The Sound of Wind on Mars
The Mortal Kombat 11 Official Announce Trailer

Experts can hack most CPUs since 2008 over USB - [security]
08:20 AM EST - Nov,11 2017 - post a comment

Positive Technologies, which in September said it has a way to drill into Intel's secretive Management Engine technology buried deep in its chipsets, has dropped more details on how it pulled off the infiltration. The biz has already promised to demonstrate a so-called God-mode hack this December, saying they've found a way for "an attacker of the machine to run unsigned code in the Platform Controller Hub on any motherboard."

For those who don't know, for various processor chipset lines, Intel's Management Engine sits inside the Platform Controller Hub, and acts as a computer within your computer. It runs its own OS, on its own CPU, and allows sysadmins to remotely control, configure and wipe machines over a network. This is useful when you're managing large numbers of computers, especially when an endpoint's main operating system breaks down and the thing won't even boot properly. Getting into and hijacking the Management Engine means you can take full control of a box, underneath and out of sight of whatever OS, hypervisor or antivirus is installed. This powerful God-mode technology is barely documented and supposedly locked down to prevent miscreants from hijacking and exploiting the engine to silently spy on users or steal corporate data. Positive says it's found a way to commandeer the Management Engine, which is bad news for organizations with the technology deployed.

For some details, we'll have to wait, but what's known now is bad enough: Positive has confirmed that recent revisions of Intel's Management Engine (IME) feature Joint Test Action Group (JTAG) debugging ports that can be reached over USB. JTAG grants you pretty low-level access to code running on a chip, and thus we can now delve into the firmware driving the Management Engine.

With knowledge of the firmware internals, security vulnerabilities can be found and potentially remotely exploited at a later date. Alternatively, an attacker can slip into the USB port and meddle the engine as required right there and then. There have been long-running fears IME is insecure, which is not great as it's built right into the chipset: it's a black box of exploitable bugs, as was confirmed in May when researchers noticed you could administer the Active Management Technology software suite running on the microcontroller with an empty credential string over a network.


Add your comment (free registrationrequired)

Short overview of recent news articles

Dec,13 2018 Apple to Invest $1B In Austin and Hire Thousands Around the US
Dec,13 2018 Opera Browser for Android Adds Crypto Wallet and Web 3
Dec,13 2018 Russian State TV Mistakes Man in a Suit for a Robot
Dec,13 2018 AMD Adrenalin 2019 Edition 18.12.2 Drivers
Dec,12 2018 NVIDIA Releases GeForce 417.35 WHQL Drivers
Dec,12 2018 Google Trends Releases the Biggest Search Topics of 2018
Dec,12 2018 Microsoft Revamping Its IntelliMouse With Improved Sensor
Dec,11 2018 Astronauts are Inspecting the ISS's Air Leak Right Now
Dec,10 2018 Samsung's Galaxy A8s is the first phone with a hole
Dec,10 2018 Fortnite Streamer Reportedly Arrested after Beating Wife on Stream
Dec,10 2018 Microsoft Claims the iPad "Isn't a Real Computer"
Dec,09 2018 Marvel Studios' Avengers - Official Trailer
Dec,09 2018 Scientists Develop 10-Minute Universal Cancer Test
Dec,09 2018 Ashtanga Yoga - core strength for back bends
Dec,09 2018 Wasp and cockroach filmed in fierce battle leaving one HEADLESS
Dec,08 2018 Beautiful Taekwondo Girls
Dec,07 2018 JPL Uploads The Sound of Wind on Mars
Dec,07 2018 The Mortal Kombat 11 Official Announce Trailer
>> News Archive <<

TechAmok - Privacy Policy        loading time:0.01secs