Switched On Scotland

Why IT is not secure for everyone.

Secure ME Security Evaluation of Intel’s Active Management Technology

The issues with IT for all O/S running today including Windows & Linux boxes. ● Linux no longer controls the x86 platform ● Between Linux and the hardware are at least 2 ½ kernels ● They are completely proprietary and ( perhaps not surprisingly ) exploit-friendly ● And the exploits can persist, i.e. be written to FLASH, and you can’t fix that

Beware RING -3 level intruders.

Freeing the ME is a challenge

Ring -3 OS: ME (Management Engine) ● Full Network manageability ● Regular Network manageability ● Manageability ● Small business technology ● Level III manageability ● IntelR Anti-Theft (AT) ● IntelR Capability Licensing Service (CLS) ● IntelR Power Sharing Technology (MPC) ● ICC Over Clocking ● Protected Audio Video Path (PAVP) ● IPV6 ● KVM Remote Control (KVM) ● Outbreak Containment Heuristic (OCH) ● Virtual LAN (VLAN) ● TLS ● Wireless LAN (WLAN)

NERF to the rescue

more on Google NERF

Google NERF looks interesting, they keep UEFI’s PI but replace the UEFI layers with Linux kernel, and the code is written in Go. Looks like they’re focusing on removing dynamic code in UEFI and SMM. Unclear about their position towards dynamic code in ACPI, as well as PCIe (eg, PCIleech-style attacks).