Forums : Operativni sistemi

 Comment
Remote execution rupetina u Intel ME-u
ali_deda_i_40_ajduka
(udaren u glavu)
2017-05-05 07:28 PM
Remote execution rupetina u Intel ME-u
https://www.theregister.co.uk/2017/05/01/intel_amt_me_vulnerability/
Red alert! Intel patches remote execution hole that's been hidden in biz, server chips since 2008

For the past nine years, millions of Intel workstation and server chips have harbored a security flaw that can be potentially exploited to remotely control and infect systems with spyware.

Specifically, the bug is in Intel's Active Management Technology (AMT), Standard Manageability (ISM) and Small Business Technology (SBT) firmware versions 6 to 11.6. According to Chipzilla, the security hole allows „an unprivileged attacker to gain control of the manageability features provided by these products.”
Uzevsi u obzir kompleksnost cele stvari i nerafinisan pristup hardveru koji ME koprocesor ima, bilo je samo pitanje vremena kada će ovo da se desi.

Suska se da je ovaj problem bio poznat >godinama< - pitanje je šta je Intel nateralo da se patchuju sad, moje mišljenje je da će uskoro neko da leak-uje da neko, možda neka troslovna agencija, koristi ovaj vuln i sada kada vuln dodje u ruke običnih kriminalaca stvari postaju prilično gadne.

Za neupucene, Intel Management Engine je poseban procesor koji trci svoj RTOS i ima vrlo sirok pristup hardveru: može da cita memoriju, prica sa Intel mreznim adapterima, analizira pakete, patchuje sistem, pali i gasi sistem itd... ne treba mu čak ni da racunar bude ukljucen, dovoljno je samo da maticna ploca pod naponom. Intel valja dodatne „enterprise” tehnologije bazirane na ME-u: AMT (Active Management Technology) koji omogućava remote „bare metal” administraciju masina čak i kada je OS ili boot disk onesposobljen. AMT je ukljucen samo u skupljim Intel procesorima, ali svi danas imaju ME.

A, da, još od pre nekoliko verzija procesora ME je obavezan, tj. Intel je u ME spustio i neke funkcije održavanja procesora tako da je prakticno nemoguće kompletno otarasiti se ME-a osim u specijalnim slučajevima gde je moguće korumpirati deo ME firmware-a bez da sistem detektuje to i ugasi racunar posle 30 minuta, ali i tad se ME CPU bootuje i trci bar minimalni deo funkcija.

Dobra vest je da su samo „enterprise” verzije (sa ukljucenom AMT tehnologijom) ranjive od spolja. Masine sa „samo” ME-om su ranjive unutar lokalnog LAN-a (ako je masina prikacena preko Intel adaptera).

Fizicka izolacija kriticnih masina od Interneta i fizicka sigurnost objekata gde su serveri je jedino rešenje protiv ovakvih gluposti.
ali_deda_i_40_ajduka
(udaren u glavu)
2017-05-11 03:07 PM
https://www.theregister.co.uk/2017/05/05/intel_amt_remote_exploit/
Citat:

How to remote hijack computers using Intel's insecure chips: Just use an empty login string

Code dive You can remotely commandeer and control computers that use vulnerable Intel chipsets by sending them empty authentication strings.

You read that right. When you're expected to send a password hash, you send zero bytes. Nothing. Nada. And you'll be rewarded with powerful low-level access to a vulnerable box's hardware from across the network – or across the internet if the management interface faces the public web.

I... sampionski kod:

Citat:

If you poke around inside Intel's firmware, you'll find this gem that lies at the heart of the matter – machine code that decompiles into C that looks pretty much like this:

Code:

if(strncmp(computed_response, user_response, response_length))
deny_access();

Jeza..

Vise detalja:
https://www.embedi.com/files/white-papers/Silent-Bob-is-Silent.pdf
Sunce-ti-kalajisano
2018-09-14 11:15 AM
Ti si zaista neupućen
 Comment Remember this topic!

Looking for Chakra Necklaces and Bracelets?
.