On 12/11/2017 8:48 AM, InterN0T wrote: > Interesting, do you have a proof of concept supporting that desktop PCs > without remote administration such as AMT, can still be reached remotely via > Intel ME?
No, I don't nor do I assert that. To the best of my knowledge Intel has never commented one way or the other on whether or not the ME in consumer PCs is capable of accessing the internet (although the ME is on the same die as the ethernet silicon), whether the hardware is capable of remote access but the consumer ME firmware simply doesn't support it, etc. But see below, on recent consumer PCs your ME is completely hackable if the attacker has local access. Intel has recently revealed that the current ME firmware has bugs. See https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00086&languageid=en-fr . All but one of these bugs require local access to the PC; one can be accessed via AMT on enterprise PCs that support it. Not all of the bugs apply to consumer PCs. Unfortunately Intel doesn't issue ME firmware patches directly, you have to get them from your PC or mobo manufacturer as part of a BIOS update. Recently Positive Technologies announced that ever since Intel Skylake processors came out, Intel processors contain a special JTAG debug port that can be accessed via an USB port on your computer (https://www.ptsecurity.com/upload/corporate/ww-en/analytics/Where-theres-a-JTAG-theres-a-way.pdf ). They then exploited this to run unsigned code on the ME, in theory giving them complete access to your PC even if it is turned off. They presented the details last week at Black Hat Europe 2017 (https://www.blackhat.com/eu-17/briefings/schedule/index.html#how-to-hack-a-turned-off-computer-or-running-unsigned-code-in-intel-management-engine-8668 ) though I have seen anything from the talk yet. -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
