LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Security (https://www.linuxquestions.org/questions/linux-security-4/)
-   -   Obscure network hardware, driver and kernel modification as a countermeasure to Intel's Management Engine (https://www.linuxquestions.org/questions/linux-security-4/obscure-network-hardware-driver-and-kernel-modification-as-a-countermeasure-to-intels-management-engine-4175621384/)

Ulysses_ 01-10-2018 07:21 PM
Obscure network hardware, driver and kernel modification as a countermeasure to Intel's Management Engine
 
Intel's Management Engine is a hardware feature of Intel CPU's that can do this:

"...the ME platform will access any portion of the memory without the parent x86 CPU's knowledge and also set up a TCP/IP server on the network interface. Zammit argues that this server can send and receive traffic regardless of whether the OS is running a firewall or not."

http://news.softpedia.com/news/intel...e-505347.shtml

It uses code obfuscation inside the chip so this is security by obscurity. How about countering this with some security by obscurity of our own such as a non-standard network interface card that cannot be used without its obscure driver? Plus a tiny modification to the card's driver module, plus a tiny modification to the linux kernel source code so it accesses nic modules slightly differently, just enough to break anything standard that the Intel Management Engine attempts to do with the network card?

Emerson 01-11-2018 01:51 PM
IME does not use user installed OS/kernel nor its network stack/drivers. Only an external firewall can stop it communicating.

Ulysses_ 01-11-2018 03:27 PM
How does it know which i/o port to write to without knowing what the driver does?

sundialsvcs 01-12-2018 08:36 AM
Quote:
Originally Posted by Emerson (Post 5805216)
IME does not use user installed OS/kernel nor its network stack/drivers. Only an external firewall can stop it communicating.
Actually, I think that it is impossible for the CPU to send a network-packet out, without having access to the network interface card (NIC). Perhaps there is hidden onboard software on the chip that assumes that it knows how to reach the NIC, on a particular type of motherboard.

So, why aren't there already laws on the books that would entitle every owner of such a chip to sue Intel, and win? How long is it going to be before someone realizes that the "personal" security of a particular computer, multiplied by millions of computers many of which are now in shirt-pockets, is "a National Security issue?" :tisk:

Emerson 01-12-2018 02:04 PM
There is not only hidden software, there is a hidden CPU running MINIX. This CPU cannot be controlled by customer - the lawful owner of given hardware.

MINIX - the most popular OS thanks to Intel.

Ulysses_ 01-12-2018 02:33 PM
Is there something one can do to make that CPU send some data through an nic, as a demo?

Emerson 01-12-2018 03:19 PM
No, if you read the article it is operating on ring level -3, completely out of reach. Even an external firewall may not block it if it goes out to port 80 for instance, for a firewall it would be impossible to determine if this connection is or is not initiated by user.

Ulysses_ 01-12-2018 03:34 PM
How might Zammit have discovered that ME can set up a TCP/IP server on the network interface?


All times are GMT -5. The time now is 03:31 PM.