News:

Forum recently upgraded to 2.1.4. Please report any problems.

Main Menu

Intel Management Engine security vulnerability back door

Started by zero, December 11, 2017, 06:09:05 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions

zero

December 11, 2017, 06:09:05 PM Last Edit: December 11, 2017, 06:22:13 PM by zero
This weekend I was searching for a BIOS update for my home computer with Intel DQ57TM mobo.  This led me to the Intel web site and discovered a security bulletin regarding the Intel Management Engine released May of this year.  Basically, it's the mother of all back doors, the sort of stuff that only movies dreamed of, complete remote access to every aspect of your computer, built right into the hardware. It basically reaffirmed for every security conscious IT pro that the name Intel is more than just a coincidence.  It's what they gather and help others gather from us every single day, a secret little inside joke played on us all.  And P.S.: It's been in place since 2010.  This rabbit hole is very, very deep.

In May, under intense pressure, Intel finally admitted to it and released a firmware update that is supposed to close their back doors.  We are asked to believe their benevolence with this update and trust that it really does what they claim it will.  Sure gives me a warm fuzzy.  How about you?

On some machines the Intel ME is a firmware update, independent of the BIOS.  They call it an "OS Independent" update, despite the fact that it will only run from a winblows booted environment.  I have yet to get it to install on my home Linux machine even though booted from multiple flavors of WinPE on boot disk.  Forum threads are filled with complaints from Linux users blasting Intel for their obvious indifference toward the open source community and unwillingness to publish an update tool for Linux.  They do publish a Linux vulnerability detection tool which I used to confirm the security flaw.  But when it comes to actually patching it, seems I'm SOL.  Still searching for a workaround.

On other machines like my work E5440 laptop and many Optiplex models, the Intel ME is integrated with the BIOS.  I ran the SA-00086 vulnerability detection tool published by Intel and it reported my computer is already patched.  I'm not sure I believe it since the Intel web site indicates a BIOS update with the patch for the E5440 is not due from Dell until 1/2/2018!  Translation: "Yeah, we know. We'll get around to it, when we're damn good and ready."

Regardless, I strongly encourage everyone to run this detection tool on their computer, especially on servers.

Bottom line:  I think Intel SUCKS!  I think they're in bed with the Deep State.  I think they cannot be trusted.  I think I will start migrating all of my personal computers to AMD based processors!
Print
Go Up Pages1
User actions