Security holes in Intel CPUs

SHORT: This is my collection of links to articles about Intel CPU/chipset security holes.

For some longer time I’m interested in security holes/flaws in PC hardware as I find such things a real nightmare from software developer point of view. What good is a perfectly written software with a state of the art security if the hardware allows to bypass it?

Last years I’ve noticed that such a security flaw is continuously present in Intel CPUs in form of Intel ME and Intel AMT technology. Please let me know if similar findings exist for AMD CPUs.

Someone may say that security problems described in articles listed below are rather related to Intel chipsets than to Intel CPUs. However nowadays you can’t (even on a desktop computer) have an Intel CPU and a non-Intel chipset on your motherboeard (in old days it was possible: SiS chipsets, NVidia chipsets, etc.). So when choosing an Intel CPU you really choose an entire Intel platform (CPU, chipset, etc.) with all these problems. Thus this all begins with an Intel CPU – so is the title of this post.

Intel Management Engine (ME) / Intel Active Management Technology (AMT)

It looks like Intel ME/AMT is a hardware backdoor present in all Intel systems (CPU+chipset) since 2008 (introduction of Nehalem cores) or even earlier on systems with vPro technology. It’s a separate computer, able to execute arbirary code, able to control all buses in the “main” computer (the one user interacts with) and it’s working when there is a power supply connected (even when the “main” computer is turned off).

  1. Intel Management Engine (ME) – Libreboot FAQ
  2. A Quest To The Core. Thoughts on present and future attacks on system core technologies by Joanna Rutkowska – an overwhelming presentation of hardware holes (mainly in Intel chipsets and CPUs) and how thay can be exploited. (2009)
  3. Why Rosyna Can’t Take A Movie Screenshot – a nice article describing what this technology (Intel ME/AMT) can do. There is a lot of related links under the article. (2015)
  4. Intel x86 considered harmful – a paper by Joanna Rutkowska being a survey of the various problems and attacks presented against the x86 platform over the last 10 years. (2015)
  5. Intel x86s hide another CPU that can take over your machine (you can’t audit it), (2016)
  6. Intel AMT Vulnerability Shows Intel’s Management Engine Can Be Dangerous – Intel published a security advisory about a vulnerability in Intel ME/AMT. (2017)
  7. CVE-2017-5689“An authentication bypass vulnerability affecting just about every Intel server with AMT, ISM or Intel Small Business technology enabled, allowing unprivileged network attackers to gain system privileges (where AMT has been provisioned). This is notable because AMT provides the possibility to remotely control a computer even if when powered off. Packets sent to ports 16992 or 16993 are redirected through Intel’s Management Engine (a small, separate processor independent of the main CPU) and passed to AMT. Patch rollouts are expected to be slow, as while it is Intel’s responsibility to develop the patches (which it has done), it is not Intel’s responsibility to deliver them. That’s down to the device manufacturers and OEMs; and it is generally thought that not all will do so.” (2017)
  8. How to Hack a Turned-Off Computer, or Running Unsigned Code in Intel Management Engine – announcement of a presentation on the Black Hat Europe 2017 conference

Intel Processor Trace (PT)

  1. CyberArk: Windows 10 Vulnerable To Rootkits Via Intel’s Processor Trace Functionality, (2017)

Intel System Management Mode (SMM)

SMM was originally introduced by Intel so we can call it Intel technology. However it’s present in AMD CPUs as well.

  1. Most Intel x86 Chips Have a Security Flaw, (2015)
  2. SMM problems – summary on Wikipedia

Intel SYSRET

This time Intel’s implementation of a particular x86 instruction was worse that the one found in AMD CPUs.

  1. The Intel SYSRET privilege escalation, (2012)
Advertisements

About krzysztoftomaszewski

I've got M.Sc. in software engineering. I graduated in 2005 at Institute of Computer Science, Warsaw University of Technology, Faculty of Electronics and Information Technology. I'm working on computer software design and engineering continuously since 2004.
This entry was posted in BIOS, hardware, security. Bookmark the permalink.

2 Responses to Security holes in Intel CPUs

  1. ddz says:

    +1 quite interesting

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s