Microsoft finds bug in Intel ME

There is even malware exploiting it

Microsoft's security team has come across a malware family that uses Intel's Active Management Technology (AMT) Serial-over-LAN (SOL) interface as a file transfer tool.

Intel's AMT SOL is part of Intel's ME, a separate chip inside Intel CPUs that runs its own OS and stays on even when the main CPU is off. This makes it a rather good place for malware to hit.

Inside Intel's ME, AMT SOL opens a virtual network interface which works even when the PC is turned off. This virtual network interface runs inside ME, firewalls and security products installed on the main OS won't detected malware using AMT SOL to exfiltrate data.

Apparently the code was not penned by script kiddies. It has all the fingerprints of a nation state cyber-espionage unit codenamed PLATINUM. The group has been active since 2009, and has targeted countries around the South China Sea.

PLATINUM is by far one of the most sophisticated hacking groups ever discovered. Last year Microsoft said the group was installing malware by abusing hotpatching — a mechanism that allows Microsoft to issue updates that tap into active processes and upgrade applications or the operating system without having to reboot the computer.

Just like MS makes OSs that do 1000 times more than an OS should do, Intel is making chips that do more than a chip is supposed to do.

Why the hell is the CPU doing what this article describes in the first place?

Intel's AMT SOL is part of Intel's ME, a separate chip inside Intel CPUs that runs its own OS and stays on even when the main CPU is off.

I swear they design these things with hacking in mind.

So, if you want to turn your computer off you have to unplug your computer.

Clearing up one detail misuse in the article....it really is a circuit on the chip.

Charlie D at Semiaccurate haas had heavy discussions and disagrees with Intels claim on what the exposure is with this marketing addition,....

Intel says how is only on corporate chips,...Charlie is not so sure...

"So, if you want to turn your computer off you have to
unplug your computer."

Well that's one way - turn the machine off and unplug
the power cord. Or maybe just unplug the internet connection.
The cpu is still on but nothing gets in or out.
I do that when necessary. To be really safe go the paranoid route and
also unplug the power too. It seems that's becoming necessary these days.
And also shut down WIFI if you have it.

For those followmg George Webb and the Awan IT Pakistani spyring in the Congress with specially setup Blackberry devices and laptops for many Democratic Representatives ...maybe this is a piece of their setup.

Really have no idea,.

Microsoft finds bug in Intel ME

Check out article, # 11 , and other comments.

Thanks, Ernest_at_the_Beach.

hotpatching — a mechanism that allows Microsoft to issue updates that tap into active processes and upgrade applications or the operating system without having to reboot the computer.
= = =

I knew this guy (gone now, obit about 6 mo. old) who would get into running programs on our Univac, and modify them on the fly.

This was beyond the comprehension of the Univac reps.

But he did it. Used some program called ‘Flit’.

I knew this guy (gone now, obit about 6 mo. old) who would get into running programs on our Univac, and modify them on the fly.
This was beyond the comprehension of the Univac reps.

But he did it. Used some program called ‘Flit’.

for the terminally young in the audience, 'Flit' was the brand name for DDD in the 40s and 50s aimed mainly at mosquitos, it killed most bugs (and claimed later to weaken bird eggshells and 'made' Rachel Carson's reputation.

Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.