Alas, poor Intel. What a mess you’ve made.
On November 17, 2017 I wrote an article describing the work Positive Technologies had done in researching the Intel Management Engine and discovering the NSA’s HAP (High Assurance Program) boot mode. They found a bunch of flaws in the Intel architecture which has the industry buzzing. The fact is, any computer you purchased with an Intel processor, over the last few years, may be compromised.
Intel has two tools that may be useful to you in assessing your risk:
- (1) Intel AMT (Active Management Technology) Web vulnerability: This tool is an install-able program for Windows (Linux is available also) that will scan the Intel CPU in your box to see if it suffers from the AMT Hijacking bug. Intel AMT versions affected are: 6.x, 7.x, 8.x 9.x, 10.x, 11.0, 11.5, and 11.6.
This vulnerability (TCP/IP ports 16992 and 16993) was reported by the Israeli/Silicon Valley company, Embedi, back in May 2017. ZDNet did a writeup on this problem also.
The tool, “INTEL-SA-00075 Detection Tool” can be downloaded here: https://downloadcenter.intel.com/download/26755
- (2) Intel ME (Management Engine) vulnerability: This tool is useful to determine if your Intel CPU is subject to the basic vulnerabilities in the Management Engine. This affects AMT/ME versions: 8.x/9.x/10.x/11.0/11.5/11.6/11.7/11.10/11.20. This is a stand-alone (portable) tool for Windows.
US CERT reported this last week: echoing Intel’s Security Advisory
The tool, “Intel-SA-00086 Detection Tool” can be downloaded here: https://downloadcenter.intel.com/download/27150
What to do?
If the bug affects NSA’s HAP boot-loading functions, the NSA should show Positive Technologies some love and throw them a bone. For the rest of us that have affected machines, there are three outcomes:
- Live with it
- Patch it
- Forklift it
The Intel AMT/ME code is found in hardware chipsets, either the Southbridge chip or the PCH (Platform Controller Hub). If your machine is affected your best course of action is to contact the manufacturer of your PC to see if they have an update that can be applied.
To re-quote Ben Johnson of Obsidian Security: “Patching software is hard. Patching hardware is even harder“.