[Cryptography] Intel Management Engine pwnd

grarpamp grarpamp at gmail.com
Wed Nov 29 01:19:04 EST 2017

On Tue, Nov 28, 2017 at 8:57 PM, James A. Donald <jamesd at echeque.com> wrote:
> unexpected operating system.

The OS has nothing to do with it, other than the proprietary closed source
blob called Windows that is sold with Intel / Windows tools to manage
other remote Intel AMT/ME instances (ie: in the enterprise and
by attackers).

> Listening on a port is not a chip level function.

No. It can be a chip level function. Exactly the same as some
magic WOL wake on LAN, LOM lights out management,
remote KVM key vid mouse, etc all are. Such chips functions
just eat the packets from the physical interface before they get
to the OS, before the OS sends RST, etc.
Further, since nobody has any actual proof or independant
certification process as to what exactly is truly inside the chips
and devices they're buying, one should not be so hesitant to assume
that the damn things are faultless or innocent. Especially given history.
Readers of the Intel docs will also note that AMT/ME only did
works with certain series of their ethernet controller hardware,
at least near while ago labeled with, if recalled correct, an 'L'.
Because those are the ones doing the snooping and feeding
into the southbridge for processing by AMT/ME firmware therein.

#OpenFabs #OpenHW #OpenSW

Why are so few demanding this basic requirement of trust?
Probably for the same reason they refuse to acknowledge cryptocurrency.
They're stupid. And pwnd.

More information about the cryptography mailing list