In fact, as early as two weeks ago, the two researchers received their thanks from Intel for finding loopholes in the system responsibly and in the meantime Chipzilla released 10 vulnerabilities Notices, warning related vulnerabilities may affect the management engine, servo platform services and trusted execution engine running.
Located in the platform control center, the Intel Management Engine is a coprocessor that powers the enterprise vPro management functions through a series of chipsets integrated with a dedicated MINIX3 operating system (a Unix-like operating system) Run at a level below the main operating system kernel.
The Intel Management Engine is designed to monitor the user's computer and is the gateway to most of the processing and data in the main CPU, which is very useful for enterprise system administrators to manage PC clusters, but for those The hacker, the engine is equally attractive.
This flaw in Intel may allow hackers to run arbitrary code on the affected hardware that is not compatible with the user or main operating system. Due to this attack, Chipzilla implemented a 'shutdown switch' to match US National Security Agency designated IT security standard HAP.
But earlier this year the switch was discovered, and Ermolov and Goryachy said it did not actually protect against three of the 10 disclosed vulnerabilities: CVE-2017-5705, CVE-2017-5706 , And CVE-2017-5707 They also said they found a stack buffer overflow that could be exploited locally, allowing unsigned code to be executed on any device with an Intel Management Engine - even if the device is in Off state, or in a state of being protected by security software. In addition, Ermolov and Goryachy also produce a generic technique that bypasses stack canaries (a value written to memory) to catch overflow by detecting changes Can allow them to use the return-oriented programming (ROP) to run the executable code.
Although these vulnerabilities require local access to the affected machine or accessing machine credentials through a remote IT management system to compromise the system, Intel's AMT vulnerability was disclosed only in May this year Local access will have an impact, but finally confirmed that the vulnerability may also lead to remote attacks.
Ermolov and Goryachy, in a previous emailed statement to The Register, said:
'Given the mass infiltration of Intel chips, the potential size of the attacks is very large, including laptops and enterprise IT infrastructures, all of which are very fragile.'
'The problem is hard to solve - it requires manufacturers to upgrade the firmware, and hackers are harder to find when exploiting these vulnerabilities.'
Dino Dai Zovi, co-founder and chief technology officer at Capsule8, a security company, said in an e-mail addressed to The Register that the most disturbing aspect of Ermolov and Goryachy's findings was that the vulnerability could be hacked Easy to use, do not even need to open the computer chassis of the target system. "Dino Dai Zovi said:
That's not a big hurdle for hackers who want physical access to the device, even if some laptops have tamper-resistant switches that hackers can easily bypass. "
Leifengnet learned that while Ermolov and Goryachy both released patches for vulnerabilities related to CVE-2017-5705, CVE-2017-5706 and CVE-2017-5707, the possibility of being totally unnoticed by hackers can not be ruled out Because an attacker can overwrite the management engine region firmware and then rewrite the program on the new version.
Dai Zovi said:
Writing an older version of the management engine firmware usually requires writing directly to a flash memory chip or using fragile BIOS protection, all depending on the vendor specific configuration.
The U.S. government has also expressed its concern over the Intel Management Engine vulnerability and has submitted the issue to the authorities. Hardware maker Dell, Purism and System76 have now stopped supplying devices equipped with the Intel Management Engine.
Dai Zovi pointed out that in addition to these hardware vendors trying to solve the problem, some security technology community is also trying to develop some open source code projects to solve the problem of trust in the Intel management engine, such as me_cleaner and Heads.
Asked whether Intel plans to change the way its management engine works or if it does not have a management engine chip, a spokesman for the company suggested consulting the hardware vendor about the problem, the spokesman said:
The management engine provides some of the key features that users are most concerned about, such as secure boot, dual authentication, system recovery, and enterprise device management.
'System owners with special requirements should contact the device manufacturer to inquire about the request, but it is bound to affect the functionality offered by most mainstream products if the management engine chip is removed, so Intel does not support this configuration.'
Lei Feng network translation from theregister