SHORT: This is my collection of links to articles about Intel CPU/chipset security holes.
For some longer time I’m interested in security holes/flaws in PC hardware as I find such things a real nightmare from software developer point of view. What good is a perfectly written software with a state of the art security if the hardware allows to bypass it?
Last years I’ve noticed that such a security flaw is continuously present in Intel CPUs in form of Intel ME and Intel AMT technology. Please let me know if similar findings exist for AMD CPUs.
Someone may say that security problems described in articles listed below are rather related to Intel chipsets than to Intel CPUs. However nowadays you can’t (even on a desktop computer) have an Intel CPU and a non-Intel chipset on your motherboeard (in old days it was possible: SiS chipsets, NVidia chipsets, etc.). So when choosing an Intel CPU you really choose an entire Intel platform (CPU, chipset, etc.) with all these problems. Thus this all begins with an Intel CPU – so is the title of this post.
Intel Management Engine (ME) / Intel Active Management Technology (AMT)
It looks like Intel ME/AMT is a hardware backdoor present in all Intel systems (CPU+chipset) since 2008 (introduction of Nehalem cores) or even earlier on systems with vPro technology. It’s a separate computer, able to execute arbirary code, able to control all buses in the “main” computer (the one user interacts with) and it’s working when there is a power supply connected (even when the “main” computer is turned off).
- Intel Management Engine (ME) – Libreboot FAQ
- A Quest To The Core. Thoughts on present and future attacks on system core technologies by Joanna Rutkowska – an overwhelming presentation of hardware holes (mainly in Intel chipsets and CPUs) and how thay can be exploited. (2009)
- Why Rosyna Can’t Take A Movie Screenshot – a nice article describing what this technology (Intel ME/AMT) can do. There is a lot of related links under the article. (2015)
- Intel x86 considered harmful – a paper by Joanna Rutkowska being a survey of the various problems and attacks presented against the x86 platform over the last 10 years. (2015)
- Intel x86s hide another CPU that can take over your machine (you can’t audit it), (2016)
- Intel AMT Vulnerability Shows Intel’s Management Engine Can Be Dangerous – Intel published a security advisory about a vulnerability in Intel ME/AMT. (2017)
- CVE-2017-5689 – “An authentication bypass vulnerability affecting just about every Intel server with AMT, ISM or Intel Small Business technology enabled, allowing unprivileged network attackers to gain system privileges (where AMT has been provisioned). This is notable because AMT provides the possibility to remotely control a computer even if when powered off. Packets sent to ports 16992 or 16993 are redirected through Intel’s Management Engine (a small, separate processor independent of the main CPU) and passed to AMT. Patch rollouts are expected to be slow, as while it is Intel’s responsibility to develop the patches (which it has done), it is not Intel’s responsibility to deliver them. That’s down to the device manufacturers and OEMs; and it is generally thought that not all will do so.” (2017)
- How to Hack a Turned-Off Computer, or Running Unsigned Code in Intel Management Engine – announcement of a presentation on the Black Hat Europe 2017 conference
Intel Processor Trace (PT)
Intel System Management Mode (SMM)
SMM was originally introduced by Intel so we can call it Intel technology. However it’s present in AMD CPUs as well.
This time Intel’s implementation of a particular x86 instruction was worse that the one found in AMD CPUs.