Overclock.net banner

[techradar] - Did Intel leave a huge security hole in your brand new PC?

4K views 46 replies 31 participants last post by  jagdtigger 
#1 ·


Quote:
There's a huge and extremely worrying range of flaws in newer Intel processors which could allow hackers to take full control over the relevant machines - with millions of PCs potentially affected.

After a severe exploit was uncovered by Mark Ermolov and Maxim Goryachy, Moscow-based security experts who work for Positive Technologies Research, Intel has admitted that some 10 vulnerabilities exist in the Intel Management Engine, Trusted Execution Engine and Server Platform Services
........they affect all of Intel's Core series of processors from Skylake (6th-generation) onwards, including the firm's latest 8th-gen CPUs.
.
Source

Old thread on ocn about similar issue in the Intel Pentium back in 2006
 
See less See more
1
#3 ·
Honestly this is old news.The article doesnt give much information about the issue though either.
 
#4 ·
From Steve Gibson, yes it's a huge security hole. If you have a Skylake or newer CPU then anyone with PHYSICAL access to your computer can completely own it.

For the average person that's okay and probably won't affect you. But for someone like say, the CEO of a major company, or the president... if a spy could get access for only a few seconds to their computer, all they'd need to do is plug in a USB stick and bam, everything on the computer will be theirs to access.
 
#6 ·
Quote:
Originally Posted by Zen00 View Post

From Steve Gibson, yes it's a huge security hole. If you have a Skylake or newer CPU then anyone with PHYSICAL access to your computer can completely own it.

For the average person that's okay and probably won't affect you. But for someone like say, the CEO of a major company, or the president... if a spy could get access for only a few seconds to their computer, all they'd need to do is plug in a USB stick and bam, everything on the computer will be theirs to access.
The article talks about the it being used for remote admin. So is it possible to gain access from a remote location?

If someone could explain that would be nice. Be gentle, I'm a noob
tongue.gif
 
#8 ·
This is not a flaw. It is working as intended...for the government.
 
#10 ·
Quote:
Originally Posted by Particle View Post

Quote:
Originally Posted by Osirus23 View Post

Not unless Intel stuck something in my AMD CPU.
I can appreciate the sentiment, but do know that AMD has their own version of this crap. It doesn't go as far back in their product line, but it's the way of the future.
It's probably unlikely that AMD would code their own CPU management layer with exactly the same holes as Intel, though.
 
#12 ·
Quote:
Originally Posted by WannaBeOCer View Post

I patched mine last night. I suggest you guys do the same.

https://www.win-raid.com/t596f39-Intel-Management-Engine-Drivers-Firmware-amp-System-Tools.html

Detection tool:

https://downloadcenter.intel.com/download/27150
I get

Status: Detection Error: This system may be vulnerable.
Tool Stopped

I dont think it is im on the latest ME etc also MEFW

but does it do that to you too? I ran the SA-00086 console

it ran for like 2 seconds only hence '' tool stopped''

Edit : you need to run Intel-SA-00086-GHI in DiscoveryTool.GUI folder

''Based on the analysis performed by this tool: This system is not vulnerable. It has already been patched.''

Rep anyway for the useful info
thumb.gif
 
#13 ·
Quote:
Originally Posted by Namwons View Post

This is not a flaw. It is working as intended...for the government.
And the fix is just an obfuscation so current detection stops freaking out. I'd buy that.
 
#14 ·
#15 ·
Quote:
Originally Posted by JCPUser View Post

Thanks!

I looked at that link, but I have never patched CPU firmware before and am worried about bricking the mobo or something. Was it fairly easy to patch? Or are there things we need to watch out for?
*I am not responsible for bricked motherboards*

It is simple and only takes a few minutes but it could brick your motherboard if you don't read carefully.If you don't have a vulnerability don't risk it.

You have a 7 series board so you will need the Intel ME System Tools v8 r3 and consumer Intel ME 8 1.5MB Firmware v8.1.70.1590

Use the win64 FWUpdate tool in an escalated command prompt.

fwupdate -f v8.1.70.1590.bin
 
#16 ·
Quote:
Originally Posted by Quantum Reality View Post

It's probably unlikely that AMD would code their own CPU management layer with exactly the same holes as Intel, though.
The point was rather obviously that with a similar system in place, it too is subject to exploitation. It makes his boastful statement look silly since he's throwing rocks from a glass house.
 
#18 ·
Quote:
Originally Posted by WannaBeOCer View Post

Quote:
Originally Posted by JCPUser View Post

Thanks!

I looked at that link, but I have never patched CPU firmware before and am worried about bricking the mobo or something. Was it fairly easy to patch? Or are there things we need to watch out for?
*I am not responsible for bricked motherboards*

It is simple and only takes a few minutes but it could brick your motherboard if you don't read carefully.If you don't have a vulnerability don't risk it.

You have a 7 series board so you will need the Intel ME System Tools v8 r3 and consumer Intel ME 8 1.5MB Firmware v8.1.70.1590

Use the win64 FWUpdate tool in an escalated command prompt.

fwupdate -f v8.1.70.1590.bin
Thanks for the help. +Rep
 
#19 ·
Quote:
Originally Posted by Quantum Reality View Post

It's probably unlikely that AMD would code their own CPU management layer with exactly the same holes as Intel, though.
Of course it doesn't have the same holes - It has different ones!

No programmer is perfect. I wish the trend wasn't to embed these functions so deep into a system, but that's the trend. I've come to accept no device is ever truly secure.
 
#20 ·
Same old ME, it's been known a while Skylake+ is a backdoor heaven as it has a different ME than the older versions that can be disabled.
Same topic is on Reddit a couple days.

Just don't use Skylake or any SL based machines, KL, CL if you're worried about ME backdoors and someone else having more control over your machine than even you do.
 
#21 ·
It was done on purpose.
 
#22 ·
Quote:
Originally Posted by WannaBeOCer View Post

I patched mine last night. I suggest you guys do the same.

https://www.win-raid.com/t596f39-Intel-Management-Engine-Drivers-Firmware-amp-System-Tools.html

Detection tool:

https://downloadcenter.intel.com/download/27150
Hi,
can you please explain for the average joe like us exactly how you patch this? I would hate to brick my gaming taptop by trying something I shouldn't be trying...

there seems to be a 'driver' and a 'firmware' file to get. It's the firmware file that scares me.
 
#23 ·
Subscribed
 
#25 ·
broadwell not affected?

I know my cpu is not skylake but wanted to make sure
Quote:
Risk Assessment
Based on the analysis performed by this tool: This system is not vulnerable.

For more information refer to the SA-00086 Detection Tool Guide or the Intel security advisory Intel-SA-00086 at the following link: https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00086&languageid=en-fr

INTEL-SA-00086 Detection Tool
Application Version: 1.0.0.128
Scan date: 2017-11-22 5:28:38 PM

Host Computer Information
Name: DESKTOP-I3PFOII
Manufacturer: MSI
Model: MS-7888
Processor Name: Intel(R) Core(TM) i5-4690K CPU @ 3.50GHz
OS Version: Microsoft Windows 10 Pro

Intel(R) ME Information
Engine: Intel(R) Management Engine
Version: 9.1.37.1002
SVN: 0

Copyright(C) 2017, Intel Corporation, All rights reserved.
 
#26 ·
Anyone know the new revision number? and or the old that is vulnerable? I'm on X58 and was thinking about going to an 8700K system if Black Friday sales are sufficient enough that it can be called a deal. Usually mark ups are insane around now and then they sell items for MSRP on Black Friday and tell you "It's a deal!" lol smh
 
This is an older thread, you may not receive a response, and could be reviving an old thread. Please consider creating a new thread.
Top