Once a user has access to intel ME internals, they should be able to modify Intel ME's settings, disable remote access / back door features like IDE-redirect, and disable the ability to re-flash or do anything malicious. All of these options are available to ME admins. Once its done, its done. Nothing can get back in there without hard-flashing the chip. This could be turned into an automated patch that permanently closes all known vectors of attack built into AMT/ME. This would only work on computers with firmware with known vectors of exploitation. A trust-worthy source only needs to release an opensource fix...

Intel ME Metasploit database: https://rapid7.com/db/search?utf8=%E2%9C%93&q=amt&t=a

Now you, too, can disable Intel ME 'backdoor' thanks to the NSA

Comes with the caveat it may destroy your computer.

If you make a proper backup of the original firmware you're good to go. ME has been hacked already; once you're in you should be able to turn off all the nasties;

i'm sure it was thanks to the nsa it was created to begin with

as BAD as the choices made by intel
ME dose do a NEEDED function ( implemented very badly - well there is no good way for that and was a very very bad idea to start with)

scrapping all intel chips with it is really the only option

So it allows out of band offline remote access, wow man, excellent idea. I can see how that would prove useful to the ~0.000001% of users who actually use it. As for the ~99.99999 of Intel users who don't, Intel has of the time of this post yet to give their users the tools necessary to disable it. Making it a "mandatory" component was the most reckless and stupid idea in the history of computing. It is the single greatest computer security threat in existence. Researchers have claimed Stuxnet, which was designed to target the centrifuges in Iran's nuclear program were found in the Siemens SCADA controllers at the Fukushima Nuclear power planet. These are used to maintain the cooling systems, the same systems that malfunctioned prior to the meltdown. "scrapping all intel chips with it is really the only option". What the fukushima do you think? Are Nuclear plant operators going to sit around waiting for Intel to release the next firmware patch? Exploits and patches go on ad infinitum; The only way to ensure total safety is disabling Intel ME permanently. Intel really fucked up here, intentionally.

Yomiuri Shimbun
yomiuri.co.jp
The Yomiuri Shimbun is a Japanese newspaper published in Tokyo, Osaka, Fukuoka, and other major Japanese cities. It is part of the Yomiuri Group, Japan's largest media conglomerate. It is one of the five national newspapers in Japan; the other four are the Asahi Shimbun, the Mainichi Shimbun, Nihon Keizai Shimbun, and the Sankei Shimbun. The headquarters is in Otemachi, Chiyoda, Tokyo.

Yomiuri Shimbun

Stuxnet, a computer virus designed to attack servers isolated from the Internet, such as at power plants, has been confirmed on 63 personal computers in Japan since July, according to major security firm Symantec Corp. (this was reported shortly after the Fukushima incident)

The virus does not cause any damage online, but once it enters an industrial system, it can send a certain program out of control.

Symantec says the virus reaches the servers via USB memory sticks, and warns against the careless use of such devices.

Systems at power plants, gas stations and water facilities are not connected to the Internet to protect them from cyber-attacks.

A Symantec engineer who has analyzed the virus said it was made using advanced technology, and it is highly likely a well-funded organization, not an individual, produced it. (US-Israeli intelligence) The virus has spread throughout the globe via the Internet.

After Stuxnet finds its way onto an ordinary computer via the Internet, it hides there, waiting for a USB memory stick to be connected to the computer, when it transfers itself to the memory stick. When the USB device is then connected to a computer linked to an isolated server, it can enter the system and take control of it.

As computers that harbor Stuxnet do not operate strangely, the virus can be transferred to a memory stick inadvertently.

According to the security company, the virus is designed to target a German-made program often used in systems managing water, gas and oil pipelines. The program is used at public utilities around the world, including in Japan.

The virus could cause such systems to act erratically, and it could take months to restore them to normal.

The 63 infected computers found in Japan were likely infected sometime after June.

According to the company, about 60 percent of the computers that have been infected with the virus were discovered in Iran. Since September, about 30,000 computers there have been found to be infected with the virus. The country’s Industry and Mines Ministry has called the virus an electronic act of war.

Some computers at the Iranian Bushehr nuclear power plant, which is scheduled to begin operation in October, have been infected with the virus.

A supervisor at the plant said the virus has not damaged the facility’s main computer system and would not affect its planned opening.

In Japan, no public utilities have been affected by the virus. Nevertheless, the Cabinet Office’s National Information Security Center has urged electric power companies to exercise extreme care when using USB devices, and to scan any programs that may have been tampered with.

Source: http://www.yomiuri.co.jp/dy/national/T101004003493.htm

Archived: https://web.archive.org/web/20101008...1004003493.htm