Intel releases firmware update for ME flaw

It’s only September and yet 2018 is well on its way to being remembered as the year of fixing flaws we didn’t realise were possible in hardware we’d never heard of. Continue reading Intel releases firmware update for ME flaw

Dangerous Intel Chip Flaw Patches Becoming Available

Some computer manufacturers have started releasing patches for eight serious vulnerabilities in Intel processors or they have outlined firmware update plans for vulnerable models. Acer, Dell, Fujitsu, Hewlett Packard Enterprise (HPE), Lenovo, Panasonic… Continue reading Dangerous Intel Chip Flaw Patches Becoming Available

Is Intel’s Management Engine Broken?

Betteridge’s Law of Headlines states, “Any headline that ends in a question mark can be answered by the word no.” This law remains unassailable. However, recent claims have called into question a black box hidden deep inside every Intel chipset produced in the last decade.

Yesterday, on the Semiaccurate blog, [Charlie Demerjian] announced a remote exploit for the Intel Management Engine (ME). This exploit covers every Intel platform with Active Management Technology (AMT) shipped since 2008. This is a small percentage of all systems running Intel chipsets, and even then the remote exploit will only work if AMT is enabled. …read more

Continue reading Is Intel’s Management Engine Broken?

Neutralizing Intel’s Management Engine

Five or so years ago, Intel rolled out something horrible. Intel’s Management Engine (ME) is a completely separate computing environment running on Intel chipsets that has access to everything. The ME has network access, access to the host operating system, memory, and cryptography engine. The ME can be used remotely even if the PC is powered off. If that sounds scary, it gets even worse: no one knows what the ME is doing, and we can’t even look at the code. When — not ‘if’ — the ME is finally cracked open, every computer running on a recent Intel chip …read more

Continue reading Neutralizing Intel’s Management Engine

New Part Day: A Truly Secure Workstation

There is a chain of trust in every modern computing device that starts with the code you write yourself, and extends backwards through whatever frameworks you’re using, whatever OS you’re using, whatever drivers you’re using, and ultimately whatever BIOS, UEFI, Secure Boot, or firmware you’re running. With an Intel processor, this chain of trust extends to the Intel Management Engine, a system running independent of the CPU that has access to the network, USB ports, and everything else in the computer.

Needless to say, this chain of trust is untenable. Any attempt to audit every line of code running in …read more

Continue reading New Part Day: A Truly Secure Workstation