Money quote, though this may be slightly old news and this is just a summary of known information:
One of the most common questions regards
the possibility of remote exploitation.
We think that remote exploitation is possible
if the following conditions are true:
1. The target platform has AMT activated.
2. The attacker knows the AMT administrator
password or can use a vulnerability to
bypass authorization.
3. The BIOS is not password-protected (or
the attacker knows the password).
4. The BIOS can be configured to open up
write access to the ME region.
If all these conditions are met, there is no
reason why an attacker would not be able to
obtain access to the ME region remotely.
Also note that during startup, the ROM does
not check the version of firmware, leaving the
possibility that an attacker targeting an
up-to-date system could maliciously downgrade
ME to a vulnerable version.
That list of conditions does not seem incredibly unusual to me. Consumer hardware should have AMT disabled and be safe, but on business machines the highest bar is an AMT vuln, and given the huge size and apparently terrible code quality of the AMT I expect to be seeing auth bypasses for it on a regular basis.
Could you elaborate on why you think its apparent that AMT has 'terrible code quality'? Specifically, versus other high profile products that continue to have multiple security bugs being introduced every release cycle - Windows, iOS, Android, Linux, etc.
I can give you an example of why I think the code quality is questionable:
At my work we use AMT for legitimate purposes: remote administration and support (we have offices in different cities). A big problem for us is that the AMT crashes by itself and the computer needs to be power-cycled for the AMT to work again. Sometimes the web-interface don't answer, sometimes the passwords doesn't match anymore. I think there is a process that is writing where it shouldn't, because it works again after the computer is power-cycled by removing the power-cord.
I now have a script that checks every registered computer twice a day , to see if it is still possible to login to the AMT, and if not, it sends an email to a person at the local office requesting them to restart the computers that fails.
When it works it is a great tool, allowing us to fix computers and give support without the need to travel to each city.
It's sad hearing that it hasn't changed much in over a decade — back when I was primarily doing sysadmin work, of the various manufacturers, only Sun's ILOM (on the V20z/V40z Opteron servers) seemed to reflect the existence of a QA department.
IBM, Dell, HP, etc. all had problems like you described where the management processor would hang after receiving unexpected traffic (e.g. nmap scans), too many simultaneous logins, etc. and, naturally, nobody had thought to implement a watchdog timer to reboot if it became unresponsive even if they had the same functionality available for the actual server.
Thanks for that ! I'm looking to implement AMT (or something like it) at our office. I'm a developer but as the defacto sysadmin I was looking into how stable the AMT platform is. I occaisionally have to re-image machines, and I figured I could just ask people to plug it into a network jack and let me remotely take care of it.
That's really pathetic that a "consumer ready" embedded piece of software whose whole job is remote-management... needs to be remotely managed because it crashes all the time.
It has a classic C buffer overflow - there's a read where the amount read can exceed the buffer size. This is a consequence of C's biggest design flaw - the language doesn't know the size of arrays. That's the root cause of most buffer overflow vulnerabilities.
It also means that Intel didn't do much code review. There are automated tools which recognize that specific class of bug.
I'd wager that only a minority of projects use linters, static analysers, etc in continuous integration. I'd also wager that only a minority treat warnings as errors.
This is true but experience shows us that optional safe practices don't seem to be enough. A safe by default language looks like it makes the most sense in practice.
Every description I've heard of it has language like this:
AMT is a large module with a huge number of
different network protocols of various levels
integrated into it. This module contains a great
deal of legacy code but can only be found in
business systems.
In absolute terms it's probably not as bad as a desktop operating system, which is laboring under sisyphean compatibility constraints on top of huge attention from researchers and a nearly totally intractable threat model. Relatively speaking, though, those same things must be taken into account - their attack surfaces are thousands of times bigger and they attract thousands of times more attention. Seeing about as many critical vulns in the AMT as in, say, the entire Linux kernel... yeah, I'd call that "awful code quality".
Plus there's the fact that the original vulnerability was literally "you can get in by sending an empty password". A culture that lets a bug like that through cannot be conducive to good code.
>Seeing about as many critical vulns in the AMT as in, say, the entire Linux kernel... yeah, I'd call that "awful code quality".
But that is not the case. Linux has had 400+ security bugs this year (as you point out, in part due to its greater attack surface) versus the 2 from AMT. I'm trying to reconcile this idea that "ME = BAD" in a practical way by comparing it to software that's in mass use and already being exploited. The tech press over time has needlessly over-hyped such security issues making it harder to put things in perspective. So far, I'm not seeing anything special about ME that would also not apply to many many other products.
>Plus there's the fact that the original vulnerability was literally "you can get in by sending an empty password". A culture that lets a bug like that through cannot be conducive to good code.
I don't see the tech press not recommended OSX anymore !
Filter Linux's list to "scores > 8" to take the sampling bias into account - the only way to observe an AMT vulnerability in the first place is to gain remote super-root on a widely-deployed core system that may be a PITA to patch. That takes linux down to 27 for 2017. Of those, only about ten are for the kernel itself rather than for binary drivers for nvidia, broadcom, qualcomm, or htc hardware. About half of the total are marked "android"; given that my understanding is that the android kernel has significant changes I wouldn't be surprised if those are android-only exploits. The intersection leaves a grand total of 6 vulnerabilities that are in the actual linux kernel and comparable in severity to the two AMT compromises we've seen.
> I don't see the tech press not recommended OSX anymore !
I certainly don't rec apple. Never have, though previously for non-security reasons, and unless they do a lot of changing, never will.
Sure but as a user of Linux, I don't particularly care why the bugs are present in Linux. My view is if you ship it, you should own it. Assigning blame to Nvidia or whoever can go both ways. They might point the blame back at the interfaces inside Linux for being unclear or less than adequately documented, or whatever. Or they might blame some other aspect. Nobody knows unless you're the person who actually wrote the code or has intimate knowledge specific to the bug. In any case, my point wasn't to compare Linux vs AMT. I'm considering deploying ME/AMT to manage systems inside our office. After all this news having come out, I'm waiting till the dust settles. I have to unfortunately wade through a lot of hype to get to the meat of the issue. So far I haven't seen anything that would dissuade me from deploying ME internally.
The problem is the location of the vulnerablities: on the CPU itself.
Get pwned in linux? Nuke and pave can usually solve it. The exceptions being BIOSes and hdds/usbs with vulnerable firmwares which can be exploited to restore the malware. However in that case an actor has to target your hardware combination specifically, and there are a plethora of different hdd/usb manufacturers.
Get pwned in ME? No longer your hardware. On top of that it applies to all Intel CPUs, and potentially remotely to Intel AMT CPUs.
Sure, but I see no reason not to be able to just re-flash the ME firmware in that case. I guess as an embedded developer, maybe I'm just seeing things from a different POV than most people here.
Well, the easy way to flash the firmware goes through the ME, so that's about as good at removing infected ME firmware as Windows Update is at removing viruses. The other way... I mean, you could simultaneously bring down every computer your company and its employees own, airgap them all, open the cases, expose the SPI headers, flash the firmware, bring them all back online, and hope you don't have to do it again tomorrow because someone didn't get the memo and was working from home that day. And that nobody did anything Bad while they owned your entire corp net. You could do that. I wish you the best of luck.
I dont understand. Why is reinstalling an OS a solution to a rooted OS but re-flashing ME/AMT isn't? You patch the OS bug that lead to it being exploited, and you patch the ME bug that lead to it being expoloited. I'm assuming a scenario where Intel (and/or BIOS/UEFI/MB vendors) behaves like a sane OS vendor and releases regular updates/fixes. Anyway, we're really geting far off topic. I guess I'm replying too :)
Anyway, we're really geting far off topic. I guess I'm replying too :)
Heh, I'm here to have interesting conversation, not necessarily on-topic conversation. :P
Why is reinstalling an OS a solution to a rooted OS
but re-flashing ME/AMT isn't?
The issue is that it looks to me like there's no equivalent to "reinstalling the OS", since the non-SPI route for flashing the ME is an ME function. That's why I used windows update as an example - flashing new ME code is less "boot from install media and reinstall" and more "sudo dpkg -i new-kernel.deb" or "run windows update". And if the ME is compromised - dpkg/winup in this analogy - it could easily propagate itself to the new firmware. Since at least some of the vulnerabilities are in bootloader code that's stored in ROM, it may be flat-out impossible to prevent the ME from compromising the new image if it's running while you're flashing - IOW, time to crack the case and find the SPI headers.
Also, really, reinstalling the OS is a solution to a rooted OS only almost all of the time - a truly determined infection can lodge endospores in places like GPUs and hard drive controllers. They just don't do that kind of thing because the spectacular range of PC hardware makes that capability cost-ineffective. If they can find something like that for the ME, or if they don't even have to because they control the only way to update firmware and it's the same on every intel system, that's a much higher-value target.
Yeah, this is the kind of info I'm trying to figure out. The ME update mechanism seems to not be so cut and dry. The three regions RGN/EXTR/UPD can be updated seperately. It seems like ME updates could be delievered either as a full OEM bios update, or a by an Intel supplied UPD-only update. Also, The update seems to be a simple direct flash via the SPI controller. Not sure if any running ME processes can interfere with that. Happy to go through any links you have..
Now that I think about it, I'm not sure that the exact route matters. The ME can read and write its own firmware storage; that's a necessary capability for writing new firmware with the MEI. So if a compromised ME gets a chance to execute code after new firmware has been flashed, it can read out that new firmware and reinfect it. And that means that even direct flash via SPI won't work unless you can take the ME offline, flash the firmware, and then restart the motherboard without ever giving the compromised firmware a chance to do anything. Which I'm not sure is... entirely possible? I can see setups where it's impossible to be able to get access to firmware storage with the ME offline. This is getting way into the details of how these motherboards are wired up.
> So if a compromised ME gets a chance to execute code after new firmware has been flashed, it can read out that new firmware and reinfect it.
Yeah, or it could just fake the flash operation. Much easier than re-infecting a potentially unknown firmware. Lots of oppurtinities here.
>And that means that even direct flash via SPI won't work unless you can take the ME offline, flash the firmware, and then restart the motherboard without ever giving the compromised firmware a chance to do anything. Which I'm not sure is... entirely possible
It looks like the ME processor can execute instructions from the firmware/spi region, its own memory, or from a reserved region in RAM. During the SPI flash, if the ME CPU is not offline, then it has the potential to accidentaly execute instructions out of the firmware region being flashed to and cause havoc. This may necessiciate that the ME MCU enter some kind of idle state during flashing, and then be rebooted. Although, as an aside, maybe the flashing works by copying to an unused region and then fliping a 'new firmware at location X' bit and rebooting the ME CPU which will then do the actual flashing. I haven't found any details yet, but I haven't looked that hard either.
You can normalize against anything. Can we normalize Linux against the fact that millions of people potentially could have reviewed the source code, and prevented the bugs? You can bias things with proper justification any which way. At some point, we just have to accept an imperfect method :)
> Specifically, versus other high profile products that continue to have multiple security bugs being introduced every release cycle - Windows, iOS, Android, Linux, etc.
This is not the correct comparison. AMT has terrible code quality compared to the gateware/microcode of your average x86_64 CPU.
That ME/AMT is as insecure as some consumer OSes is no excuse, especially given it's certainly quite possible to install an OS on your x86 machine that is far more secure than your average consumer OS (or than the code AMT runs, which apparently falls to 1990s-vintage buffer overflows).
I think comparing the code quality of the AMT to that of another OS is a fair comparison, given that the current-gen AMT is running a modified version of MINIX[1].
I would presume that in large corporations where AMT isn't actively used for configuration management, corporate IT will almost always have disabled AMT in the BIOS. Am I wrong about this?
Some IT shops aren't very on top of BIOS configs. They should be, but just because they should be doesn't mean it matches reality. It doesn't occur to everyone to go into BIOS for any reason other than boot problems, let alone to audit for reducing attack surface area. I can see that falling through the cracks in policy and practice.
IME and based on what I've read, it's usually not possible to disable AMT; that option is not always present. However, I don't have great data to base that on; do others have a different experience.
