/?pid=19119

Updated:02:40 PM EDT Oct 27
this is ggmania.com subsite

NEWS
rss feed 
 
top 100
archive
ARTICLES
CD/DVD tools
Free Antivir
Security
Drivers
Utilities
FORUMS
LINKS


(C) 2006-2025 TechAmok Independent
All Rights Reserved.


 
 Experts can hack most CPUs since 2008 over USB - TechAmok

Experts can hack most CPUs since 2008 over USB - [security]
08:20 AM EST - Nov,11 2017 - post a comment

Positive Technologies, which in September said it has a way to drill into Intel's secretive Management Engine technology buried deep in its chipsets, has dropped more details on how it pulled off the infiltration. The biz has already promised to demonstrate a so-called God-mode hack this December, saying they've found a way for "an attacker of the machine to run unsigned code in the Platform Controller Hub on any motherboard."

For those who don't know, for various processor chipset lines, Intel's Management Engine sits inside the Platform Controller Hub, and acts as a computer within your computer. It runs its own OS, on its own CPU, and allows sysadmins to remotely control, configure and wipe machines over a network. This is useful when you're managing large numbers of computers, especially when an endpoint's main operating system breaks down and the thing won't even boot properly. Getting into and hijacking the Management Engine means you can take full control of a box, underneath and out of sight of whatever OS, hypervisor or antivirus is installed. This powerful God-mode technology is barely documented and supposedly locked down to prevent miscreants from hijacking and exploiting the engine to silently spy on users or steal corporate data. Positive says it's found a way to commandeer the Management Engine, which is bad news for organizations with the technology deployed.

For some details, we'll have to wait, but what's known now is bad enough: Positive has confirmed that recent revisions of Intel's Management Engine (IME) feature Joint Test Action Group (JTAG) debugging ports that can be reached over USB. JTAG grants you pretty low-level access to code running on a chip, and thus we can now delve into the firmware driving the Management Engine.

With knowledge of the firmware internals, security vulnerabilities can be found and potentially remotely exploited at a later date. Alternatively, an attacker can slip into the USB port and meddle the engine as required right there and then. There have been long-running fears IME is insecure, which is not great as it's built right into the chipset: it's a black box of exploitable bugs, as was confirmed in May when researchers noticed you could administer the Active Management Technology software suite running on the microcontroller with an empty credential string over a network.


Add your comment (free registrationrequired)

Short overview of recent news articles

Oct,27 2025 Malware of the Future: What an infected system looks like in 2025
Oct,27 2025 F1: Race Highlights | 2025 Mexico City Grand Prix
Oct,26 2025 F1: Qualifying Highlights | 2025 Mexico City Grand Prix
Oct,25 2025 New Big Windows 11 25H2 October Update - New Taskbar Battery Icons
Oct,25 2025 Apple Prepping 'Transfer to Android' Feature, Including 3rd-Party
Oct,24 2025 HW News - RIP Internet, RAM Prices Skyrocket from AI Demand, Intel
Oct,21 2025 Retro Gaming PC Upgrades go WRONG!
Oct,21 2025 How social media has ruined us - the more time you spend online, the
Oct,20 2025 FERRARI 12 CILINDRI // 340KMH REVIEW on AUTOBAHN
Oct,20 2025 ROG Xbox Ally X - a PC Gamer's Perspective
Oct,20 2025 Race Highlights | 2025 United States Grand Prix
Oct,18 2025 RedMagic Puts Liquid Cooling in its New Gaming Phone
Oct,18 2025 Russia Says U.S. Is Planning a $37 Trillion Crypto Reset
Oct,18 2025 Tor Browser says no to Firefox's AI features as it removes them
Oct,14 2025 NVIDIA GeForce 581.57 WHQL Driver
Oct,13 2025 Samsung One UI 8.5 vs iOS 26 - COMPARISON
Oct,12 2025 Google Turned Down by Supreme Court, Must Open up App Payments
Oct,10 2025 AMD releases new 25.10.1 preview graphics driver with Battlefield 6
Oct,10 2025 MERCY Official Trailer (2026) Chris Pratt
Oct,07 2025 Galaxy S26 Ultra - Samsung, Please Don't Copy This
Oct,06 2025 Canada's Las Vegas Sphere is here - and I game on it
Oct,06 2025 Predator: Badlands - Official Final Trailer (2025)
Oct,04 2025 Chasing a Gaming World Record
Oct,02 2025 Frankenstein - Official Trailer (2025) Guillermo del Toro, Oscar
Oct,02 2025 iPhone 17 Pro Max vs 16 Pro Max / Pixel 10 Pro XL / Galaxy S25 Ultra
Sep,30 2025 iOS 26.0.1 is Out! - What's New?
Sep,30 2025 NEW! 2026 Audi Q3 2.0 TFSI (265hp) vs. e-hybrid (272hp)| 0-100 km/h
Sep,29 2025 Samsung One UI 8.5 Hands on - I Was Wrong
Sep,28 2025 iPhone Air Teardown - What is 3D Printed Titanium?
Sep,28 2025 Nvidia Wouldn't Send Me This $30,000 GPU - H200 Holy $H!T
Sep,27 2025 The Astronaut - Official Trailer (2025) Kate Mara, Laurence
Sep,25 2025 iPhone 17 Durability Test -- What Scratches are Permanent?
Sep,23 2025 iPhone 17 Pro Max vs. Galaxy S25 Ultra Drop Test!
Sep,21 2025 Race Highlights: A Swing In The Drivers' Title Fight? | 2025
Sep,21 2025 BYD Yangwang U9 Hits 496.22 KM/H - EV Supercar Speed Record
Sep,21 2025 I'm FIRST to Unbox The World's Biggest TV
Sep,21 2025 Samsung Begins Rollout of Android 16 to Rest of Lineup
Sep,21 2025 iOS 26 Now Available, with Visual Intelligence
Sep,21 2025 Apple's iPhone 17 Series is Nearly Hack-Proof
Sep,21 2025 Qualifying Highlights - 2025 Azerbaijan Grand Prix
>> News Archive <<

TechAmok - Privacy Policy        loading time:0.01secs