Skip to comments.
Microsoft finds bug in Intel ME
fudzilla.com ^
| 09 June 2017
| Nick Farrell
Posted on 06/10/2017 10:26:29 AM PDT by Ernest_at_the_Beach
There is even malware exploiting it
Microsoft's security team has come across a malware family that uses Intel's Active Management Technology (AMT) Serial-over-LAN (SOL) interface as a file transfer tool.
Intel's AMT SOL is part of Intel's ME, a separate chip inside Intel CPUs that runs its own OS and stays on even when the main CPU is off. This makes it a rather good place for malware to hit.
Inside Intel's ME, AMT SOL opens a virtual network interface which works even when the PC is turned off. This virtual network interface runs inside ME, firewalls and security products installed on the main OS won't detected malware using AMT SOL to exfiltrate data.
Apparently the code was not penned by script kiddies. It has all the fingerprints of a nation state cyber-espionage unit codenamed PLATINUM. The group has been active since 2009, and has targeted countries around the South China Sea.
PLATINUM is by far one of the most sophisticated hacking groups ever discovered. Last year Microsoft said the group was installing malware by abusing hotpatching a mechanism that allows Microsoft to issue updates that tap into active processes and upgrade applications or the operating system without having to reboot the computer.
TOPICS: Business/Economy; Computers/Internet
KEYWORDS: amtsol; hitech; intel; intelcpu; intelme; malware
Navigation: use the links below to view more comments.
first 1-20, 21-36 next last
To: Ernest_at_the_Beach
Just like MS makes OSs that do 1000 times more than an OS should do, Intel is making chips that do more than a chip is supposed to do.
Why the hell is the CPU doing what this article describes in the first place?
2
posted on
06/10/2017 10:32:15 AM PDT
by
TheZMan
(I am a secessionist.)
To: ShadowAce
To: TheZMan; Ernest_at_the_Beach
Intel's AMT SOL is part of Intel's ME, a separate chip inside Intel CPUs that runs its own OS and stays on even when the main CPU is off. I swear they design these things with hacking in mind.
So, if you want to turn your computer off you have to unplug your computer.
4
posted on
06/10/2017 10:39:10 AM PDT
by
Pontiac
(The welfare state must fail because it is contrary to human nature and diminishes the human spirit.L)
To: Pontiac
And let all batteries/capacitors drain? :)
To: TheZMan
Gives a marketing advantage by allowing Corporations to manage remote devices (laptops, tablets) of their employees,.
To: Pontiac
Laptops and tablets have batteries, so disconnect them....?
To: Ernest_at_the_Beach
Next they will allege that they crawl into your mind and defeat air gapped computers too.
If this is true, why don’t WiFi hubs pick up the traffic?
8
posted on
06/10/2017 10:57:01 AM PDT
by
Steamburg
(Other people's money is the only language a politician respects; starve the bastards)
To: TheZMan
Clearing up one detail misuse in the article....it really is a circuit on the chip.
Charlie D at Semiaccurate haas had heavy discussions and disagrees with Intels claim on what the exposure is with this marketing addition,....
Intel says how is only on corporate chips,...Charlie is not so sure...
To: TheZMan
To: Pontiac
"So, if you want to turn your computer off you have to
unplug your computer." Well that's one way - turn the machine off and unplug
the power cord. Or maybe just unplug the internet connection.
The cpu is still on but nothing gets in or out.
I do that when necessary. To be really safe go the paranoid route and
also unplug the power too. It seems that's becoming necessary these days.
And also shut down WIFI if you have it.
11
posted on
06/10/2017 11:40:15 AM PDT
by
StormEye
To: SunkenCiv; NormsRevenge; Grampa Dave; SierraWasp; TigersEye; Oynx; Marine_Uncle; BenLurkin; ...
For those followmg George Webb and the Awan IT Pakistani spyring in the Congress with specially setup Blackberry devices and laptops for many Democratic Representatives ...maybe this is a piece of their setup.
Really have no idea,.
To: Ernest_at_the_Beach; null and void; KC_Lion; aragorn; EnigmaticAnomaly; TWhiteBear; ...
Microsoft finds bug in Intel ME
Check out article, # 11 , and other comments.
Thanks, Ernest_at_the_Beach.
13
posted on
06/10/2017 11:48:36 AM PDT
by
LucyT
To: StormEye
Don't forget Bluetooth connections.
To: Ernest_at_the_Beach
I’ve been SOL for so long I didn’t even know it was a problem! ;^)
15
posted on
06/10/2017 11:54:55 AM PDT
by
TigersEye
(When you have covfefe you don't need anything else.)
To: LucyT; All
To: Ernest_at_the_Beach
hotpatching a mechanism that allows Microsoft to issue updates that tap into active processes and upgrade applications or the operating system without having to reboot the computer.
= = =
I knew this guy (gone now, obit about 6 mo. old) who would get into running programs on our Univac, and modify them on the fly.
This was beyond the comprehension of the Univac reps.
But he did it. Used some program called ‘Flit’.
17
posted on
06/10/2017 12:16:19 PM PDT
by
Scrambler Bob
(Brought to you from Turtle Island, otherwise known as 'So-Called North America')
To: Pontiac
So, if you want to turn your computer off you have to unplug your computer. That's not possible with many laptops, as long as charge remains in the battery. But you can unplug it from the internet.
To: Ernest_at_the_Beach
I reckun the Pakis were subcontracted by the Muslim Brotherhood for missions such as this.. deep penetration.
19
posted on
06/10/2017 2:36:14 PM PDT
by
NormsRevenge
(Semper Fi - Monthly Donors Rock!!!)
To: Scrambler Bob
I knew this guy (gone now, obit about 6 mo. old) who would get into running programs on our Univac, and modify them on the fly.
This was beyond the comprehension of the Univac reps. But he did it. Used some program called Flit.
for the terminally young in the audience, 'Flit' was the brand name for DDD in the 40s and 50s aimed mainly at mosquitos, it killed most bugs (and claimed later to weaken bird eggshells and 'made' Rachel Carson's reputation.
20
posted on
06/10/2017 3:12:38 PM PDT
by
publius911
(Less Tweets More Golf! it works!!!)
Navigation: use the links below to view more comments.
first 1-20, 21-36 next last
Disclaimer:
Opinions posted on Free Republic are those of the individual
posters and do not necessarily represent the opinion of Free Republic or its
management. All materials posted herein are protected by copyright law and the
exemption for fair use of copyrighted works.
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson