Intel chip vulnerability lets hackers easily hijack fleets of PCs
Intel chip vulnerability lets hackers easily hijack fleets of PCs
Posted: 08 May 2017
A vulnerability in Intel chips that went undiscovered for almost a decade allows hackers to remotely gain full control over affected Windows PCs without needing a password.
The "critical"-rated bug, disclosed by Intel last week, lies in a feature of Intel's Active Management Technology (more commonly known as just AMT), which allows IT administrators to remotely carry out maintenance and other tasks on entire fleets of computers as if they were there in person, like software updates and wiping hard drives.
Intel's advisory said that systems -- including desktops, laptops, and servers -- dating back as early as 2010 and 2011 and running firmware 6.0 and later are affected by the flaw.
But Embedi warned that any affected internet-facing device with open ports 16992 and 16993 are at risk. "Access to ports 16992/16993 are the only requirement to perform a successful attack," said the Embedi researchers.
Uh, their tools says based on the version of IME, my PC is not at risk. It also says the version of IME on my computer is "unknown". Apparently Intel says consumer PC aren't vulnerable (ME vs. AMT I reckon).
Computer Type: Laptop System Manufacturer/Model Number: Apple MacBook Pro 2020 (m1) 13" OS: MacOS Big Sur CPU: Apple m1 Monitor(s) Displays: 13" Screen Resolution: 2560x1600
Uh, their tools says based on the version of IME, my PC is not at risk. It also says the version of IME on my computer is "unknown". Apparently Intel says consumer PC aren't vulnerable (ME vs. AMT I reckon).
Yes most consumer PCs should not be vulnerable. Only desktop boards with Q chip set (for example: Q77, Q87, Q170 etc.) paired with certain i5 or i7 CPUs that support vPro, and some business grade laptops like thinkpads etc. (usually have vpro sticker) are vulnerable.
I have business grade ThinkPad that supports Intel AMT and is vulnerable also desktop with Q87 for now disabled AMT waiting for patches.
It absolutely affects end users. The scope is unknown.
Unfortunately, Intel's statement that 'Our Consumer Products Are Not Affected' has given a lot of people false confidence.
My system (b85 4790k) returns 'vulnerable'.
I know of at least two H87 owners getting the same results. H170 seems to have the same features.
Hilariously, there isn't a BIOS setting to disable it on my system. No update/patch from Gigabyte either.
What's worse, many people with problems around the launch of AU were told to install the Intel suite.
Shutting the port should be enough. Should be. But the story has already grown in disastrousness a couple of times! I worry that we'll see trojans emerge that open the port as a possible attack vector.
If you return positive, and are paranoid, the best technical advice I have heard is to not use the onboard LAN. The ME interface uses a layer 1-2 protocol to 'listen in' to traffic. It follows that it cannot listen in to another device (with a different MAC).
It absolutely affects end users. The scope is unknown.
Unfortunately, Intel's statement that 'Our Consumer Products Are Not Affected' has given a lot of people false confidence.
My system (b85 4790k) returns 'vulnerable'.
I know of at least two H87 owners getting the same results. H170 seems to have the same features.
Hilariously, there isn't a BIOS setting to disable it on my system. No update/patch from Gigabyte either.
What's worse, many people with problems around the launch of AU were told to install the Intel suite.
Shutting the port should be enough. Should be. But the story has already grown in disastrousness a couple of times! I worry that we'll see trojans emerge that open the port as a possible attack vector.
If you return positive, and are paranoid, the best technical advice I have heard is to not use the onboard LAN. The ME interface uses a layer 1-2 protocol to 'listen in' to traffic. It follows that it cannot listen in to another device (with a different MAC).
There must be something wrong with that tool because neither B85 nor H170 or H87 support iAMT (also even with supported chipset for example Q87 that particular cpu 4790k will not work - no support for vPro), they just don't have network KVM or other services (can you open webpage with pc stats when you type that pcs ip from network?) maybe there is some local exploit for some intel ME functionality but don't think there is any remote/network exploits.
It should be noted that if you are using any kind of physical firewall (Wireless router, cable modem with firewall, etc..) you won't be vulnerable. The machine has to be directly connected to the internet without a physical firewall (Software firwall probably won't work because the hardware itself is exposing the ports, before the OS is even running).
It should be noted that if you are using any kind of physical firewall (Wireless router, cable modem with firewall, etc..) you won't be vulnerable. The machine has to be directly connected to the internet without a physical firewall (Software firwall probably won't work because the hardware itself is exposing the ports, before the OS is even running).
Most consumer routers even cheap ISP provided routers usually have some sort of firewall. That's why this vulnerability isn't that scary for most consumers. Except if someone gains access to local network or even that pc then it may do some damage. But some business/pro users that use intel AMT for controlling remote server/PC/etc. via internet (if you have remote server or pc to administer and need to have low level remote access, because RDP will not work for accessing BIOS or if windows crashed) may have opened that network interface to internet, then it's bad.
Read more: Internet Explorer zero-day lets hackers steal files from Windows PCs | ZDNet
See also: MSIE XXE 0day
How to Turn On or Off Internet Explorer in Windows 10