# Intel platforms from 2008 onwards have a remotely exploitable security hole



## gofer_touch (May 2, 2017)

Happy patching!

Intel Active Management Technology, Intel Small Business Technology, and Intel Standard Manageability Escalation of Privilege

https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00075&languageid=en-fr

Every Intel platform with AMT, ISM, and SBT from Nehalem in 2008 to Kaby Lake in 2017 has a remotely exploitable security hole in the ME (Management Engine)

https://www.reddit.com/r/linux/comments/68ma1a/every_intel_platform_with_amt_ism_and_sbt_from/

Intel platforms from 2008 onwards have a remotely exploitable security hole 
https://news.ycombinator.com/item?id=14237266


----------



## SirDice (May 2, 2017)

Intel's getting the short end of the stick lately. Their screw up with the C2000 Atom CPUs, then their Puma6 chipset, now this. What the heck are they doing?


----------



## Phishfry (May 2, 2017)

So between Aspeed AST2400 BMC and EFI we still have many more disclosures coming.
The whole ship is rotten and every server in the rack is affected.
Long live coreboot.


----------



## Phishfry (May 2, 2017)

Good article from the past.
http://hackaday.com/2016/01/22/the-trouble-with-intels-management-engine/
Making up new verbs "UnGoogleable".

https://libreboot.org/faq.html#amd
Arm onboard.


----------



## ronaldlees (May 3, 2017)

Phishfry said:


> So between Aspeed AST2400 BMC and EFI we still have many more disclosures coming.
> The whole ship is rotten and every server in the rack is affected.
> Long live coreboot.



Ha!  The whole FLEET is rotten.

Can't wait to get my hands on a shiny new RISC-V machine! At least then I'll know what's inside if the sticker says "xxxxx inside" (or so the theory goes).


----------



## tingo (May 4, 2017)

Yes, this is the way with anything: anything that has a "black box" component inside (in other words a box that you, the customer, don't have source code / blueprints for) and you can not know if there are backdoors ore other problems ahead, you can only hope.


----------



## Carpetsmoker (May 5, 2017)

Perhaps the worst part is that Intel has known this for about five years but did nothing.

It looks like AMD is starting to offer competitive chips again, and not a moment too soon. Two manufacturers to choose from is still not a real free market, but it's a lot better than just one manufacturer to "choose" from.


----------



## ronaldlees (May 5, 2017)

Carpetsmoker said:


> Perhaps the worst part is that Intel has known this for about five years but did nothing.
> 
> It looks like AMD is starting to offer competitive chips again, and not a moment too soon. Two manufacturers to choose from is still not a real free market, but it's a lot better than just one manufacturer to "choose" from.



I think there may be too few eyes examining a lot of very terse code in some of the proprietary stuff.  Some companies allocate development resources up to the point that "it works".  In academia, OTOH, the resources are allocated to allow pontification  of every little nuance, ad nauseum.  Sometimes, they never get past the "pondering and pontificating" part of the subject.  But ...

I like the RISC-V project.  It has a better chance than previous efforts.  They're handling the pontification portion of the project real well, and thanks to the instruction set and other internals that are no longer being controlled by NDAs and other encumberances, the various uni's can actually collaborate on this.  So MIT and Princeton have been working on parts related to the massive parallelism that the eco-system is  being tuned to use (some tests designed around 1000+ cores), while Berkeley and various alumni are spearheading the effort. There are spin-offs already that have actually made stuff.  They say the synergy between the unis is like it's never been before, in terms of cooperation.  So, something may result from the effort.  There are plenty of eyes on it, and I'm certainly going to keep an eye on it myself ...


----------



## gofer_touch (May 7, 2017)

Apparently it gets worse:

https://arstechnica.com/security/20...-in-intel-chips-is-worse-than-anyone-thought/

This may also be of interest for those looking for alternatives to this madness:

https://www.coreboot.org/Board_freedom_levels


----------



## Carpetsmoker (May 15, 2017)

gofer_touch said:


> This may also be of interest for those looking for alternatives to this madness:
> 
> https://www.coreboot.org/Board_freedom_levels



I don't really see any alternatives there other than just a few (very) old server boards?


----------

