Ever since early 2000s, Intel has been including a tiny little microcontroller inside their CPUs. This microcontroller is connected to everything, and can transfer data between your hard drive and your network adapter. It’s always on, even when the rest of your computer is shutdown, and by using the right software, anyone can wake it up over a network connection. This spy chips were included in the silicon at the behest of the NSA. In short, this can be exploited to spy on anyone using an Intel CPU and it is called Intel Management Engine
This year, researchers Mark Ermolov and Maxim Goryachy presented an exploit at BlackHat Europe allowing for arbitrary code execution on the Intel ME platform. But this attack requires physical access to the machine and is a local attack. But this is an opening for an array of attack vectors given enough time and resources. This exploit forces more security on Intel chips and specially in their Management Engine.
Intel's Management Engine is partly a collection of tools, software and hardware conveniently hidden inside latest of the Intel CPUs. These chips and software ever since their inception in early 2000s as TPMs (Trusted Platform Modules). These chips are formed into a root of 'trust' on a Computer. If a TPM can be trusted, the entire computer can be trusted. Incrementally came AMT (Active Management Technology), a collection of embedded processors for Ethernet which were introduced to allow easy provisioning of laptops in a corporate environment. Later more hardware added to the CPU which later became the IME (Intel Management Engine) a system that is connected to every device in a computer. IME is connected to the network interface and its connected storage. The scary part is Intel ME is always on even when the computer is off. So in theory, Even if someone type on a keyboard of a computer that is shutdown, the Intel ME can send those key presses to practically anywhere.
Intel has released a set of tools for Specific Hardware manufacturers to check whether a paticular model is affected by this vulnerability. It is highly adviced that everyone use this tool to check for their product and make sure they are not vulnerable.
In this digital era it is always required to keep an eye on both software and hardware security vulnerabilities as almost everything we do nowadays involves a software and hardware.
ආර්ඩුයිනෝ පෝටෙන්ටා එච් 7 (Portenta H7). Read More
Developing Java Applications with Unicode Data. Read More
Spring Security OAuth2 Multi Tenant Aware Token Store. Read More