Super big good news for Hackers, Intel's 8 bugs inside CPU!

[motormafia]

Unless you use AMD or extremely old Intel, you are fucked!


http://www.zdnet.com/article/intel-...among-100s-just-named-by-acer-dell-hp-lenovo/

Intel ME bug storm: Is your machine among 100s just named by Acer, Dell, HP, Lenovo?
Hardware vendors race to identify and provide updates for dangerous Intel flaws.


By Liam Tung | November 23, 2017 -- 11:47 GMT (19:47 GMT+08:00) | Topic: Security

• 0
• 
  
• 
  
• 
  
• 
  

Video: AMD vs Intel - Are you in the market for a new desktop processor?

Big-brand PC and server manufacturers have listed models affected by flaws in hidden firmware on the microprocessor inside several Intel CPUs.

US-CERT has told all users and admins to review Intel's disclosure on Monday regarding several CPU families that were affected by eight security flaws related to its Management Engine, Server Platform Services, and Trusted Execution Engine. The flaws affect millions of PCs, laptops, servers, and IoT platforms.

Tech Pro Research

• IT leader’s guide to the threat of fileless malware
• Network security policy
• Lunch and learn: BYOD rules and responsibilities
• Guidelines for building security policies
• Security awareness and training policy

Intel audited ME and other firmware after third-party researchers identified flaws in it earlier this year, which will be the subject of a talk at Black Hat in December. The researchers were exploring techniques to disable ME, which isn't normally feasible.

ME supports Intel's Active Management Technology (AMT), a powerful tool that allows admins to remotely manage devices used in business and education, even when the device is not booted. Several of the newly disclosed flaws affect AMT in the ME firmware.


The flaws are potentially very dangerous if an attacker successfully exploited them because they would allow the attacker to run malware that's invisible to the operating system.

Security firm Rapid7 notes that remote attackers could access some AMT components if remote management ports are left open, which may allow them to combine older flaws with the new flaws.

It advises checking Intel's AMT Manageability Ports reference page and scanning the corporate network for open Intel ME/AMT remote management ports and segmenting any open ones with an internal VPN using multi-factor authentication.


Shortly after the May 1 disclosure of an Intel AMT/ME flaw, Rapid7's Heisenberg Cloud detected a significant spike in scans for the ports used within the context of AMT remote management. It has not seen a similar spike following this week's disclosure.

Intel has released a detection tool to help Linux and Windows users identify if their machine is vulnerable. The company also has a page that provides links to support pages from each vendor as they confirm vulnerable machines.

So far there are advisories from Acer, Dell, Fujitsu, HPE Servers, Lenovo, and Panasonic, but there should be many more to come.

Lenovo will or is aiming to provide firmware updates for 138 models affected by the Intel flaws this Friday. However, it doesn't have a date for many of the affected machines.

Due to the nature of the flaws, Dell also is recommending owners of affected computers and servers ensure the hardware is "physically secured where possible" and that only authorized personnel have hands-on access.

Dell's client hardware advisory lists numerous Alienware, Inspiron, Latitude and Precision models affected. It plans to roll out updates through December and January, but lists many models as affected with updates to be determined. Dell has already released updates for 15 PowerEdge servers.

Acer has published a long list of affected models, including devices in its Aspire and TravelMate Spin range. It has yet to determine dates that firmware updates will be released.

Fujitsu is currently preparing support pages for products sold in different regions.

HPE has also provided updates for several affected ProLiant systems.

Lenovo aims to update firmware this week for 138 models, including the new IdeaPad 720S, affected by the Intel flaws.

Image: Lenovo
Previous and related coverage
Intel: We've found severe bugs in secretive Management Engine, affecting millions

An attacker can use Intel's flaws to run malware that's invisible to the operating system.

Researchers say Intel's Management Engine feature can be switched off

Updated: Researchers have shown how Intel's all-powerful Management Engine in its CPUs could be disabled.

Desktop migration checklist [Tech Pro Research]

This update to our Desktop Migration Checklist provides a simple, systematic way to ensure that no important applications, files, or settings are overlooked when you roll out a new user computer.

 

[motormafia]

http://www.zdnet.com/article/intel-...cretive-management-engine-affecting-millions/

• Security
• Cloud
• Storage
• CXO
• Hardware
• Microsoft
• Innovation
• Newsletters
• All Writers

Intel: We've found severe bugs in secretive Management Engine, affecting millions
An attacker can use Intel's flaws to run malware that's invisible to the operating system.


By Liam Tung | November 21, 2017 -- 12:06 GMT (20:06 GMT+08:00) | Topic: Security

• 0
• 
  
• 
  
• 
  
• 
  

Video: Intel's self-learning AI chip aimed at autonomous machines

Thanks to an investigation by third-party researchers into Intel's hidden firmware in certain chips, Intel decided to audit its firmware and on Monday confirmed it had found eight severe bugs that affect millions of computers and servers.

The flaws affect Management Engine (ME), Trusted Execution Engine (TXE), and Server Platform Services (SPS).

Tech Pro Research

• IT leader’s guide to the threat of fileless malware
• Network security policy
• Lunch and learn: BYOD rules and responsibilities
• Guidelines for building security policies
• Security awareness and training policy

Intel discovered the bugs after Maxim Goryachy and Mark Ermolov from security firm Positive Technologies found a critical vulnerability in the ME firmware that Intel now says would allow an attacker with local access to execute arbitrary code.

The researchers in August published details about a secret avenue that the US government can use to disable ME, which is not available to the public.


Intel ME has been a source of concern for security-minded users, in part because only Intel can inspect the firmware, yet many researchers suspected the powerful subsystem had bugs that were ripe for abuse by attackers.

Goryachy and Ermolov will present their research on an ME flaw at Blackhat in December, detailing how an attacker can run unsigned code in the microprocessor and remain invisible to the main CPU and any anti-malware software.

ME runs on its own microprocessor and, as a Google engineer recently revealed, a modified version of the MINIX operating system.


Google was so afraid of UEFI and Intel ME that it created NERF, or the Non-Extensible Reduced Firmware, which it uses to manage Chromebooks. NERF runs on a Linux kernel rather than MINIX and removes ME's web server and IP stack, key EUFI drivers, and neuters the ability for ME and EUFI to self-reflash the firmware.

The ME engine supports Intel's Active Management Technology (AMT), which allows admins to remotely manage and fix devices.

A flaw discovered this May in AMT, which affected chips from 2008, highlighted another problem: patching it required an ME firmware update on machines that hardware vendors had stopped supporting. Only enterprise machines with vPro were affected, but the bug prompted EFF's demands for Intel to provide a way to disable ME.

Similarly, patching machines will depend on OEMs pushing Intel's fixes to devices. So far, Intel only lists Lenovo as having fixes available.

To help users address the current batch of bugs, Intel has released a detection tool for Windows and Linux systems, which displays a risk assessment of the system. Intel says the bugs may affect PCs, servers, and IoT platforms.

The bugs affect systems using Intel's 6th, 7th, and 8th Generation Core CPUs, a range of Xeon processors, as well the Apollo Lab Atom E3900 series, Apollo Lake Pentium, and Celeron N and J series chips.

Intel says the flaws would allow an attacker to "Impersonate the ME/SPS/TXE, thereby impacting local security feature attestation validity".

The attacker could also load and execute arbitrary code that would be invisible to the user and operating system.

The highest severity issue was the flaw discovered by Goryachy and Ermolov, which concerned multiple buffer overflows in the ME's kernel. Intel's audit found several other high-severity buffer overflows in AMT in the ME firmware, TXE, and SPS.

One of the flaws it found would allow a remote attacker to execute arbitrary code if they had Admin access.

The bugs affect systems using Intel's 6th, 7th, and 8th Generation Core CPUs, and a range of Xeon Celeron processors, among others.

Image: Intel
Previous and related coverage
Researchers say Intel's Management Engine feature can be switched off

Updated: Researchers have shown how Intel's all-powerful Management Engine in its CPUs could be disabled.

MINIX: Intel's hidden in-chip operating system

Buried deep inside your computer's Intel chip is the MINIX operating system and a software stack, which includes networking and a web server. It's slow, hard to get at, and insecure as insecure can be.

Shore up your defenses: Budget extra for an IT audit in 2018 [Tech Pro Research]

With the odds of a data breach on the rise, companies should consider increasing their IT audit budget for 2018. Auditors can spot and help remedy security holes that may have been overlooked.

 

[motormafia]

https://www.theregister.co.uk/2017/11/20/intel_flags_firmware_flaws/



Security

Intel finds critical holes in secret Management Engine hidden in tons of desktop, server chipsets
Bugs can be exploited to extract info, potentially insert rootkits
By Thomas Claburn in San Francisco 20 Nov 2017 at 23:53
93 SHARE ▼

Intel today admitted its Management Engine (ME), Server Platform Services (SPS), and Trusted Execution Engine (TXE) are vulnerable to multiple worrying security flaws, based on the findings of external security experts.

The firmware-level bugs allow logged-in administrators, and malicious or hijacked high-privilege processes, to run code beneath the operating system to spy on or meddle with the computer completely out of sight of other users and admins. The holes can also be exploited by network administrators, or people masquerading as admins, to remotely infect machines with spyware and invisible rootkits, potentially.

Meanwhile, logged-in users, or malicious or commandeered applications, can leverage the security weaknesses to extract confidential and protected information from the computer's memory, potentially giving miscreants sensitive data – such as passwords or cryptographic keys – to kick off other attacks. This is especially bad news on servers and other shared machines.

In short, a huge amount of Intel silicon is secretly running code that is buggy and exploitable by attackers and malware to fully and silently compromise computers. The processor chipsets affected by the flaws are as follows:

• 6th, 7th and 8th Generation Intel Core processors
• Intel Xeon E3-1200 v5 and v6 processors
• Intel Xeon Scalable processors
• Intel Xeon W processors
• Intel Atom C3000 processors
• Apollo Lake Intel Atom E3900 series
• Apollo Lake Intel Pentiums
• Celeron N and J series processors

Intel's Management Engine, at the heart of today's disclosures, is a computer within your computer. It is Chipzilla's much maligned coprocessor at the center of its vPro suite of features, and it is present in various chip families. It has been assailed as a "backdoor" – a term Intel emphatically rejects – and it is a mechanism targeted by researchers at UK-based Positive Technologies, who are set to reveal in detail new ways to exploit the ME next month.

The Management Engine is a barely documented black box. It has its own CPU and its own operating system – recently, an x86 Quark core and MINIX – that has complete control over the machine, and it functions below and out of sight of the installed operating system and any hypervisors or antivirus tools present.

It is designed to allow network administrators to remotely or locally log into a server or workstation, and fix up any errors, reinstall the OS, take over the desktop, and so on, which is handy if the box is so messed up it can't even boot properly.

The ME runs closed-source remote-administration software to do this, and this code contains bugs – like all programs – except these bugs allow hackers to wield incredible power over a machine. The ME can be potentially abused to install rootkits and other forms of spyware that silently snoop on users, steal information, or tamper with files.

SPS is based on ME, and allows you to remotely configure Intel-powered servers over the network. TXE is Intel's hardware authenticity technology. Previously, the AMT suite of tools, again running on ME, could be bypassed with an empty credential string.

Today, Intel has gone public with more issues in its firmware. It revealed it "has identified several security vulnerabilities that could potentially place impacted platforms at risk" following an audit of its internal source code:

In response to issues identified by external researchers, Intel has performed an in-depth comprehensive security review of our Intel Management Engine (ME), Intel Server Platform Services (SPS), and Intel Trusted Execution Engine (TXE) with the objective of enhancing firmware resilience.

The flaws, according to Intel, could allow an attacker to impersonate the ME, SPS or TXE mechanisms, thereby invalidating local security features; "load and execute arbitrary code outside the visibility of the user and operating system"; and crash affected systems. The severity of the vulnerabilities is mitigated by the fact that most of them require local access, either as an administrator or less privileged user; the rest require you to access the management features as an authenticated sysadmin.

Intel ME controller chip has secret kill switch
READ MORE
But as Google security researcher Matthew Garrett pointed out in the past hour or so, the aforementioned AMT flaw, if not patched, could allow remote exploitation.

In other words, if a server or other system with the AMT hole hasn't been updated to kill off that vulnerabilities, these newly disclosed holes will allow anyone on the network to potentially log in and execute malicious code within the powerful ME coprocessor.

"The ME compromise presumably gives you everything the AMT compromise gives you, plus more," said Garrett via Twitter. "If you compromise the ME kernel, you compromise everything on the ME. That includes AMT, but it also includes PTT."

He explained, "PTT is Intel's 'Run a TPM in software on the ME' feature. If you're using PTT and someone compromises your ME, the TPM is no longer trustworthy. That probably means your Bitlocker keys are compromised, but it also means all your remote attestation credentials are toast."

Garrett said if an exploit allows unsigned data to be installed and interpreted by the ME, an attacker could effectively trigger the reinfection of malware after every ME reboot. Were that to happen, the only way to fix things would be to reflash the hardware by hand. At that point, he said, it would probably be cheaper just to get new hardware.

Thanks, Intel. pic.twitter.com/w16IyKuCtu

— The Register (@TheRegister) November 20, 2017
Intel said systems using ME Firmware versions 11.0, 11.5, 11.6, 11.7, 11.10, and 11.20, SPS Firmware version 4.0, and TXE version 3.0 are affected. The cited CVE-assigned bugs are as follows:

• Intel Manageability Engine Firmware 11.0.x.x/11.5.x.x/11.6.x.x/11.7.x.x/11.10.x.x/11.20.x.x
  • CVE-2017-5705: "Multiple buffer overflows in kernel in Intel Manageability Engine Firmware 11.0/11.5/11.6/11.7/11.10/11.20 allow attacker with local access to the system to execute arbitrary code." Logged-in superusers, or high-privilege programs, can execute code within the hidden Management Engine, below the OS and any other software.
  • CVE-2017-5708: "Multiple privilege escalations in kernel in Intel Manageability Engine Firmware 11.0/11.5/11.6/11.7/11.10/11.20 allow unauthorized process to access privileged content via unspecified vector." Logged-in users or running apps can slurp confidential information out of memory. This is very bad news on a shared system.
  • CVE-2017-5711: "Multiple buffer overflows in Active Management Technology (AMT) in Intel Manageability Engine Firmware 8.x/9.x/10.x/11.0/11.5/11.6/11.7/11.10/11.20 allow attacker with local access to the system to execute arbitrary code with AMT execution privilege." Logged-in superusers, or high-privilege programs, can execute code within the AMT suite, below the OS and any other software.
  • CVE-2017-5712: "Buffer overflow in Active Management Technology (AMT) in Intel Manageability Engine Firmware 8.x/9.x/10.x/11.0/11.5/11.6/11.7/11.10/11.20 allows attacker with remote Admin access to the system to execute arbitrary code with AMT execution privilege." People with network access to a machine, and can log in as an admin, can execute code within the AMT suite.
• Intel Manageability Engine Firmware 8.x/9.x/10.x
  • CVE-2017-5711: "Multiple buffer overflows in Active Management Technology (AMT) in Intel Manageability Engine Firmware 8.x/9.x/10.x/11.0/11.5/11.6/11.7/11.10/11.20 allow attacker with local access to the system to execute arbitrary code with AMT execution privilege." Logged-in superusers, or high-privilege programs, can execute code within the AMT suite, below the OS and any other software.
  • CVE-2017-5712: "Buffer overflow in Active Management Technology (AMT) in Intel Manageability Engine Firmware 8.x/9.x/10.x/11.0/11.5/11.6/11.7/11.10/11.20 allows attacker with remote Admin access to the system to execute arbitrary code with AMT execution privilege." People with network access to a machine, and can log in as an admin, can execute code within the AMT suite.
• Server Platform Service 4.0.x.x
  • CVE-2017-5706: "Multiple buffer overflows in kernel in Intel Server Platform Services Firmware 4.0 allow attacker with local access to the system to execute arbitrary code." Logged-in superusers, or high-privilege programs, can execute code within the hidden Management Engine, below the OS and any other software.
  • CVE-2017-5709: "Multiple privilege escalations in kernel in Intel Server Platform Services Firmware 4.0 allows unauthorized process to access privileged content via unspecified vector." Logged-in users or running apps can slurp confidential information out of memory. This is very bad news on a shared system.
• Intel Trusted Execution Engine 3.0.x.x
  • CVE-2017-5707: "Multiple buffer overflows in kernel in Intel Trusted Execution Engine Firmware 3.0 allow attacker with local access to the system to execute arbitrary code." Logged-in superusers, or high-privilege programs, can execute code within the hidden Management Engine, below the OS and any other software.
  • CVE-2017-5710: "Multiple privilege escalations in kernel in Intel Trusted Execution Engine Firmware 3.0 allows unauthorized process to access privileged content via unspecified vector." Logged-in users or running apps can slurp confidential information out of memory. This is very bad news on a shared system.

Chipzilla thanked Mark Ermolov and Maxim Goryachy at Positive for discovering and bringing to its attention the flaw CVE-2017-5705, which sparked the aforementioned review of its source code for vulnerabilities.

Intel advises Microsoft and Linux users to download and run the Intel-SA-00086 detection tool to determine whether their systems are vulnerable to the above bugs. If you are at risk, you must obtain and install firmware updates from your computer's manufacturer, if and when they become available. The new code was developed by Intel, but it needs to be cryptographically signed by individual hardware vendors in order for it to be accepted and installed by the engine.

Lenovo was quick off the mark with patches for its gear ready to download.

We'll give you a roundup of fixes as soon as we can. It's not thought Apple x86 machines are affected as they do not ship with Intel's ME, as far as we can tell.

Today's news will no doubt fuel demands for Intel to ship components free of its Management Engine – or provide a way to fully disable it – so people can use their PCs without worrying about security bugs on mysterious secluded coprocessors. ®

Tips and corrections
93 Comments

• MORE
• Intel
• Security
• Hardware

 

[motormafia]

https://tw.news.yahoo.com/intel-韌體漏洞問題-引發近年最大資安危機-021900650.html

Intel 韌體漏洞問題 ，引發近年最大資安危機

電腦王阿達
38 人追蹤
2017年11月27日 上午10:19
我們常聽說某某系統出現漏洞與安全性問題，但其實處理器韌體或是驅動程式這種人類撰寫的軟體程式其實也是有機會出現安全性漏洞的。最近 Intel 就發現一個大包，近年出售的處理器中，因為韌體方面有安全性問題，因此會影響到安裝這些處理器的電腦上。而這個問題影響有多大呢？對一般的玩家而言，最有關連的就是第6、7、8世代 Core 處理器，以及 Xeon E3 V5 與 V6 處理器，相信市面上大部分的新電腦應該都因為 Intel 韌體漏洞問題 中獎了，除非這下用的是 AMD 處理器：

檢視相片
Intel 韌體漏洞問題 ，引發近年最大資安危機

這個問題並不是 CPU 本身有什麼缺陷，因為問題是出在處理器韌體上，也就師一些人重灌時常常看到的 Intel ME、Intel SPS 跟 Intel TXT 這些東西。確切的說，這些韌體在正式進入系統前，會執行一個叫做管理引擎（即 Intel ME，Intel Management Engine）的玩意，這個玩意內部有個迷你系統 Minix，這個系統能夠保證系統開機期間的安全，但糟糕的是，這個管理引擎卻出現了漏洞，以至於惡意程式可能透過這個漏洞在系統開機時攻擊到系統，致使系統故障：

檢視相片
Intel 韌體漏洞問題 ，引發近年最大資安危機
更嚴重的是，Minix 系統位在開機之前，權限也比作業系統高，所以作業系統無法控制 Minix ，但 Minix 掌控了軟硬體兩方面的資訊，權限更高。這個部分可以說是電腦中真正的核心，就算裝了防毒軟體，這個位置一被攻破，電腦控制權就整個換手。
過去曾有許多安全專家質疑 Intel 的 Minix 並不安全，但 Intel 在事件被報導出來後才出面回應。至於官方的回應內容，不外乎是開發了新版本的更新來消除問題，但在官方聲明中，目前僅有 Dell 與 Lenovo 會有軟體更新解決問題，至於其他公司目前正在陸陸續續推出 BIOS 與軟體的更新。可以說這次事件緊急，不是每一家公司都同時在更新這些有問題的韌體，但這次事件之大，除了研發團隊比較弱的公司以外，相信應該沒有主機板公司或電腦公司會錯過這次的更新，但主動告知使用者要更新的公司可能並不多：

檢視相片
Intel 韌體漏洞問題 ，引發近年最大資安危機
加上有些 IoT 裝置使用的是 Intel 的 Atom 晶片，這些晶片也因為這次的韌體問題受到影響，但 IoT 裝置欠缺線上更新的機制，也不太可能自行更新，這些都會成為潛在的安全問題。
Intel 認為，這個漏洞可以讓攻擊者執行未經授權的程式，讓系統故障，或是被偽裝成系統安全功能而矇混過去。不過，駭客在多數情況下仍然需要在電腦旁邊，才能利用這個漏洞攻擊，因為 Minix 權限雖大，卻並未連網。
目前這個漏洞的影響範圍相當大，除了消費級處理器，對於工作站、伺服器處理器也有一定程度的影響，因此不只是消費級產品，就連商用主機、伺服器都必須在第一時間內更新韌體，才能減少風險，避免不必要的資安問題。
消息來源


★想看LIVE直播明星名嘴、超夯高清動漫、影劇影音、電競直播，就上Yahoo TV！一起看、一起聊

 

[motormafia]

The BIGGEST Security / Hack Back-Door Crisis in recent years!

 

[motormafia]

So the secret is Intel is running Minix - a miniature Linux as CPU management layer inside itself. This is regardless weather you use iOS or Linux or MicroSHIT.

http://www.zdnet.com/article/minix-intels-hidden-in-chip-operating-system/

• Edition:

Search

• Security
• Cloud
• Storage
• CXO
• Hardware
• Microsoft
• Innovation
• Newsletters
• All Writers

MINIX: Intel's hidden in-chip operating system
Buried deep inside your computer's Intel chip is the MINIX operating system and a software stack, which includes networking and a web server. It's slow, hard to get at, and insecure as insecure can be.


By Steven J. Vaughan-Nichols for Linux and Open Source | November 7, 2017 -- 02:25 GMT (10:25 GMT+08:00) | Topic: Enterprise Software

• 0
• 
  
• 
  
• 
  
• 
  

Intel Core i9: It's not whether you need 12 cores, but whether you'll pay for them

The processor market is heating up once again, with AMD and Intel back to having "core and speed" wars. But if the latest leak is accurate, Intel's next-generation silicon is likely to be out of most people's budget.

Read More

Maybe you're not paranoid. Maybe they are out to get you. Ronald Minnich, a Google software engineer, who discovered a hidden MINIX operating system inside "kind of a billion machines" using Intel processors, might agree with this.

Why? Let's start with what. Matthew Garrett, the well-known Linux and security developer who works for Google, explained recently that, "Intel chipsets for some years have included a Management Engine [ME], a small microprocessor that runs independently of the main CPU and operating system. Various pieces of software run on the ME, ranging from code to handle media DRM to an implementation of a TPM. AMT [Active Management Technology] is another piece of software running on the ME."

In May, we found out that AMT had a major security flaw, which had been in there for nine -- count 'em -- nine years.

"Fixing this requires a system firmware update in order to provide new ME firmware (including an updated copy of the AMT code)," Garrett wrote. "Many of the affected machines are no longer receiving firmware updates from their manufacturers, and so will probably never get a fix," he said. "Anyone who ever enables AMT on one of these devices will be vulnerable."

Quick! How many of you patched your PC or server's chip firmware? Right. Darn few of you. That's bad. It's not every processor, but if you or your hardware vendor has "explicitly enabled AMT", your machine is still vulnerable to attack.


The Electronic Frontier Foundation (EFF) has called for Intel to provide a way for users to disable ME. Russian researchers have found a way to disable ME after the hardware has initialized, and the main processor has started. That doesn't really help much. ME is already running by then.

But Minnich found that what's going on within the chip is even more troubling. At a presentation at Embedded Linux Conference Europe, he reported that systems using Intel chips that have AMT, are running MINIX.

If you learned about operating systems in the late '80s and early '90s, you knew MINIX as Andrew S Tanenbaum's educational Unix-like operating system. It was used to teach operating system principles. Today, it's best known as the OS that inspired Linus Torvalds to create Linux.


So, what's it doing in Intel chips? A lot. These processors are running a closed-source variation of the open-source MINIX 3. We don't know exactly what version or how it's been modified since we don't have the source code. We do know that with it there:

• Neither Linux nor any other operating system have final control of the x86 platform
• Between the operating system and the hardware are at least 2 ½ OS kernels (MINIX and UEFI)
• These are proprietary and (perhaps not surprisingly) exploit-friendly
• And the exploits can persist, i.e. be written to FLASH, and you can't fix that

In addition, thanks to Minnich and his fellow researchers' work, MINIX is running on three separate x86 cores on modern chips. There, it's running:

• TCP/IP networking stacks (4 and 6)
• File systems
• Drivers (disk, net, USB, mouse)
• Web servers

MINIX also has access to your passwords. It can also reimage your computer's firmware even if it's powered off. Let me repeat that. If your computer is "off" but still plugged in, MINIX can still potentially change your computer's fundamental settings.

And, for even more fun, it "can implement self-modifying code that can persist across power cycles". So, if an exploit happens here, even if you unplug your server in one last desperate attempt to save it, the attack will still be there waiting for you when you plug it back in.

How? MINIX can do all this because it runs at a fundamentally lower level.

x86-based computers run their software at different privilege levels or "rings". Your programs run at ring three, and they have the least access to the hardware. The lower the number your program runs at, the more access they have to the hardware. Rings two and one don't tend to be used. Operating systems run on ring zero. Bare-metal hypervisors, such as Xen, run on ring -1. Unified Extensible Firmware Interface (UEFI) runs on ring -2. MINIX? It runs on ring -3.

You can't see it. You can't control it. It's just humming away there, running your computer. The result, according to Minnich is "there are big giant holes that people can drive exploits through." He continued, "Are you scared yet? If you're not scared yet, maybe I didn't explain it very well, because I sure am scared."

What's the solution? Well, it's not "Switch to AMD chips". Once, AMD chips didn't have this kind of mystery code hidden inside it, but even the latest Ryzen processors are not totally open. They include the AMD platform security process and that's also a mysterious black box.

What Minnich would like to see happen is for Intel to dump its MINIX code and use an open-source Linux-based firmware. This would be much more secure. The current software is only secured by "security by obscurity".

Changing to Linux would also enable servers to boot much faster. According to Minnich, booting an Open Compute Project (OCP) Server takes eight minutes thanks to MINIX's primitive drivers. With Linux it would take less than 17 seconds to get to a shell prompt. That's a speedup of 32 times.

There's no reason not to make this improvement. Minnich noted, "There are probably 30 million-plus Chromebooks out there and when your Chromebook gets a new BIOS, a new Linux image is flashed to firmware and I haven't heard of any problems."

Specifically, Minnich proposes that Intel, and AMD for that matter:

• Make firmware less capable of doing harm
• Make its actions more visible
• Remove as many runtime components as possible
• In particular, take away its web server and IP stack
• Remove the UEFI IP stack and other drivers
• Remove ME/UEFI self-reflash capability
• Let Linux manage flash updates

Over this, the new Linux firmware would have a userspace written in Go. Users would work with this Linux shell using familiar commands. This would give them a clear view of what was happening with the CPU and other system components.

At the same time, since UEFI is so easy to hack, he wants the "UEFI ROM reduced to its most basic parts".

Will this work? It's still early days, Minnich warned, and you may turn "your laptop into a brick". But both for security and performance, it needs doing.

It's neat that an obscure Unix like MINIX, thanks to Intel putting it on multiple cores in its chips, may be the world's most widely used operating system. But it's no way to run modern servers and PCs.

Related Stories:

• Researchers say Intel's Management Engine feature can be switched off
• Intel chip vulnerability lets hackers easily hijack fleets of PCs
• Intel AMT vulnerability hits business chips from 2008 onwards

 

[dr.wailing]

Unless you use AMD or extremely old Intel, you are fucked!

1. The affected Intel CPUs are of the 6th, 7th and 8th generations.

2. Not true that AMD CPUs do not have bugs. Like Intel ME (Management Engine), AMD has implemented its own version. It's just that AMD's bugs have yet to be discovered.

 

[swine_flu_H1H1]

1. The affected Intel CPUs are of the 6th, 7th and 8th generations.

2. Not true that AMD CPUs do not have bugs. Like Intel ME (Management Engine), AMD has implemented its own version. It's just that AMD's bugs have yet to be discovered.

Most of the new models affected

 

[dr.wailing]

Most of the new models affected

ALL 8th generation Intel CPUs are affected, NOT "most".