back to article Intel ME controller chip has secret kill switch

Security researchers at London-based Positive Technologies have identified an undocumented configuration setting that disables Intel Management Engine 11, a CPU control mechanism that has been described as a security risk. Intel's ME consists of a microcontroller that works with the Platform Controller Hub chip, in conjunction …

Silver badge

The mind absolutely boggles.

Do TheIdiotsInCharge not get it? Security by obscurity has never worked.

With the sheer number of people looking at these things, you can't keep anything baked into widely available hardware secret anymore. It just can't be done. Why do they keep trying?

How does that old saw go ... "One sign of insanity is doing the same thing over and over again, each time expecting a different result" ... By this metric, either the chip manufacturers or their government handlers are clinically insane. Or both. I'm not sure which option worries me more.

52
0
Silver badge

Re: The mind absolutely boggles.

It kinda cuts both ways.

Intel build in a ME, don't properly tell anyone about it or what it can do, cock it up badly, and we're all left with machines we're wondering whether we can trust or not. And unbeknownst to us (until now), to placate some TLA there's a way of turning it off.

On the other hand there's a bunch TLAs somewhere who have presumably set this mysterious bit in some config file who are perhaps more vulnerable than they anticipated. It turns out that a simple config change can turn the whole damned thing back on again. So they're asking themselves, did our techs really get the config right, and is the config still right?

I don't think Intel have done anyone at all any favours whatsoever.

47
0
Bronze badge
Headmaster

Re: The mind absolutely boggles.

Why do they keep trying?

They are not very smart, and, even while funded by enough black-budget money to run several EU states with, the instigators still have to do Internal Procurement!

The Smart, Defense-y, Thing to do would be to have special bug-free silicon made all for themselves - of course this means that someone has to sign for a minimum order of at least one wafer at the time ... AKA - a lot of CPU's. Probably it was "cheaper" relative to procurement limits and such to go COTS and let everyone have the "Secret Bit"?

9
2
Silver badge

Re: The mind absolutely boggles.

The minimum order size is one hell of a lot more than one wafer. The mask set for a modern CPU is probably $50 million, so that "one wafer" order that netted you say 500 chips at Intel's current sizes would mean they cost $100K each just for the mask set. Costs even more than that to design the thing (especially if it is from scratch) and verify it, port the toolchain, and so forth.

Its not practical for even the NSA to design their own chips. Yes, they have unlimited funds, but not unlimited manpower and time.

16
0
Silver badge
Paris Hilton

Re: The mind absolutely boggles.

How does that old saw go ... "One sign of insanity is doing the same thing over and over again, each time expecting a different result"

I said this to my wife yesterday whilst we were in the garden enjoying the Sun. She was trying to stand up a water bottle on sloping ground and it kept falling over (6 or 7 times). After uttering the above phrase she just looks at me and says 'it only has to work once'. At which point the bottle remained upright after being placed down.

I had to concede that she was right and that I was speechless.

34
0
Thumb Up

Re: The mind absolutely boggles.

'it only has to work once'

...I like that, it reflects the mindset of a spook agency trying to keep a lid on its operations. It doesn't neccesarily matter if the "killswitch/backdoor" is not configurable, or that it could be disabled by a technician - "it only has to work once", for example using software (that would only be installed on agency computers) that activates when the equipment is unplugged without an authorization code.

Nobody else would really be affected. In theory.

The terms "Liability" "Potential single point of failure" and "Critically compromised" seem more apropos...

8
0
Silver badge

Re: The mind absolutely boggles.

The thing is, no one ever FINISHES the quote. There's a second part.

Insanity is doing the same thing over and over and expecting a different result.

Persistence is doing the same thing over and over and actually getting a different result.

So, you see, it's only insane until something different happens. Then it becomes persistence...and praiseworthy.

26
0
Silver badge

Re: The mind absolutely boggles.

@Charles 9 - Thanks for helping to restore some sanity and harmony to my household :)

8
0
Silver badge

Re: The mind absolutely boggles.

"

The mask set for a modern CPU is probably $50 million

"

But it would not require a different mask set.

Putting a different 64 bit hard-wired serial number onto every individual chip does not require a new mask set for every wafer.

To produce a variant that enables or disables one bit in a register could be achieved at the packaging stage (strapping a chip pad high or low at bonding time), or blowing a fusible link on the chip post-packaging.

Very complex variations to a chip's functionality is often achieved by changing the relatively coarse (=cheap) mask of just a single metal layer. This can for example determine the data in the chip's internal program ROM (firmware) which can give versions of what is otherwise an identical chip radically different behaviours, or it could be the interconnect between non-dedicated gates to make a custom gate-array ASIC. Wafers without the final metal layer can be tested & stored until needed, and then the final metal layer put on after an order has been received.

14
0
Mushroom

Re: The mind absolutely boggles.

"They are not very smart,"

Never underestimate the intelligence of your opponent. The reason the TLA's keep doing this kind of BS is because they believe everyone else is too stupid to care or powerless to do anything about it.

And sadly, they are for the most part correct.

6
0
Silver badge

@Cynic_999

I was taking the 'NSA making their own chips' to mean they'd design and make their own x86 compatible CPUs to be sure there's no backdoor. Having a way to disable ME is fine, but what if there are backdoors to enable a way to get to ring 0 from user mode via a certain instruction sequence? OK, if such a backdoor really existed the NSA probably put it there, but what if Intel were infiltrated by the Chinese and someone managed to put something like that in the instruction decoder? That's where I was thinking as far as having them roll their own secure CPU.

3
0
Silver badge

Re: The mind absolutely boggles.

And if you look at the contents of ark.intel.com, Intel are masters at either product differentiation or obfuscation depending on your point of view.

1
0

Re: The mind absolutely boggles.

486SX, 487 CoPro and 486DX being a case in point, it's barely more difficult to design a chip that can have features permanently disabled before encapsulation to give you a 'range' to sell from, it would be no more difficult to do that and offer chips that have MEP disabled in hardware if there was a market (which there obviously is) but it's simpler to have it configurable by integrators (an undocumented jumper or cuttable PCB trace on the board perhaps) or even software houses because that means you can sell commodity hardware as 'secure' so costs are rock bottom.

1
0
Headmaster

Re: The mind absolutely boggles.

"I had to concede that she was right and that I was speechless."

Nitpick - since there weren't any changes in Earth's gravitational field that we're aware of, your wife obviously tried a *different* way that time, otherwise the bottle would have fallen over as well.

Not that it wasn't a good idea to concede, mind you...

3
0
Anonymous Coward

Re: The mind absolutely boggles.

50 million? 500 million? For the masks to make computers that may actually be moderately secure?

Cheap at the price, given what the secrets you are trying to protect cost.

0
0
Silver badge

Re: The mind absolutely boggles.

since there weren't any changes in Earth's gravitational field that we're aware of, your wife obviously tried a *different* way that time

Define "different". Or, more to the point, define "same". Exactly the "same"!

Pretty hard.. The universe is ageing, if nothing else...

1
0

Re: The mind absolutely boggles.

They don't need unlimited manpower and time, only the right manpower and enough time, just like anyone else who designs silicon.

0
0
Silver badge

Intel back doors

Positive Technologies in its blog post acknowledged that it would be typical for government agencies to want to reduce the possibility of unauthorized access.

I'm not too adverse to reducing unauthorized access myself. What gets me is that if Intel didn't advertise this as a feature, then they probably know a lot of people don't want it.

18
0

Re: Intel back doors

AMD has a similar feature.

Both are sold as a "central management" feature, but also probably have some backdoors included by a three letter agency.

25
0
Silver badge
Black Helicopters

Re: Intel back doors

This has all the smell of something done at the bidding of a TLA or FLA. If it's not advertised, someone doesn't want anyone else to know about it. So, who and why, becomes the question. If we're not supposed to know about this "feature" I'm assuming that it could prevent someone (say a TLA or FLA) from accessing the device. Or in the case of a TLA or FLA, it keeps their secrets? Or did I get it wrong?

Icon.. yeah.. too much information lately on what the spooks have done makes me wonder how much more is out there.

20
0
Anonymous Coward

maybe it is for covering tracks/preventing access, after leaking the system's secrets.

or enables controlled third party access.

A feature for everyone that only one wants?

Psst! All bears, there is the honeypot!

10
0
Silver badge

Re: Intel back doors

I have alarm bells ringing when I read this.

I suspect that it does not turn it OFF. It turns OFF "unauthorized access" and the possibility for access with proper "authority" by someone in possession of a magic key still stands.

10
0
Silver badge
Headmaster

Re: Intel back doors (@Mark 85)

I hate to be pedantic (that's a lie, I quite enjoy it), but you used the wrong initialism for the Four Letter Agencies. the correct initialism is ETLA (Extended Three Letter Agency/Acronym) because it makes more sense that if TLAs have a three-letter acronym, then the ETLAs should have a four-letter acronym.

17
0
Bronze badge

Re: Pedantry

Oh well done Sir! Pedantry like is welcome anytime.

2
0

This post has been deleted by its author

Big Brother

Fool me once tovarisch

In 1962, the CIA contracted the Xerox company to place a miniature camera inside the photocopier at the Soviet Union's embassy in Washington DC. A team of four Xerox engineers working in secret shoe-horned a modified home movie camera into the machine that triggered the device whenever a copy was made. In 1963, this was installed by a Xerox technician during a regular maintenance visit to the Soviet embassy. On subsequent visits the Xerox man retrieved and replaced the film.

http://electricalstrategies.com/about/in-the-news/spies-in-the-xerox-machine/

20
0
Anonymous Coward

Re: Fool me once tovarisch

Yeah, and in part because of that little stunt, nearly all imported photocopiers (the only kind that actually worked) in the Soviet Union until at least the mid-1980s ended up installed in Faraday cages. You also had to sign and account for everything either entering or leaving the copy room.

On the balance, it was much less trouble to learn short-hand and just write down the gist of anything you wanted to have a copy of, than to actually copy it - so thanks a lot, господа шпионы.

11
0
Silver badge

Re: Fool me once tovarisch

Errr how would a Faraday cage stop a small camera built into the copier from stealing their secrets?

1
0
Anonymous Coward

Re: Fool me once tovarisch

Errr how would a Faraday cage stop a small camera built into the copier from stealing their secrets?

Are you asking for the security to actually make sense? What planet are you from?

9
0
Silver badge

Re: Fool me once tovarisch

The cage prevented wireless transmissions, allowing the checkpoint to search for cameras and so on.

2
0
Gold badge
WTF?

So first with the "no password" management account (but) then remote turn off entirely.

It's like every single home security, or CCTV system in the world had the same shutdown code on them. Handy should you want to break in somewhere and leave no evidence of what you look like.

The first looked like they'd just cut 'n' pasted both the MIPS chip and its management code but this looks like someone added at least one register bit as well.

BTW for those who remember "Back Orifice" was also described as a "remote management tool."

20
0
Silver badge

Re: So first with the "no password" management account (but) then remote turn off entirely.

BTW for those who remember "Back Orifice" was also described as a "remote management tool."

In fairness to those who minted the expression, it's pretty darn clear what it means. I always assumed it meant exactly what is says.

0
0
Silver badge
Big Brother

I guess I know what architectures to avoid...

self-explanatory

5
3

Re: I guess I know what architectures to avoid...

> I guess I know what architectures to avoid...

Well, yeah. But what remains?

15
1
Silver badge

Re: I guess I know what architectures to avoid...

What would be far more useful is a list of architectures that I can trust.

16
0
Silver badge

Re: I guess I know what architectures to avoid...

@alain williams:

Pretty much only Intel chips produced before circa 2008. Anything after that most likely contains some version of the ME. AMD chips started having something similar circa 2013.

I doubt there is many chips out there that don't have a remote access vulnerability backed in.

10
0

Re: I guess I know what architectures to avoid...

It's probably not the "architecture" that you need to be trusting, rather the chips. I bet the pre-pentium chips are probably trustworthy. After all, the older back the chip design, the less likely that it was designed for "internet" usage.

So really, what you want to look at is dusting off your old retro computers, and see if you can equip with with an Ethernet card :)

10
0

Re: I guess I know what architectures to avoid...

ARM and OpenPOWER systems both come in versions that can be trusted, at least far more than x86 can. POWER9 is due out shortly and should give x86 a run for its money hardware-wise; it remains to be seen software-wise what the uptake will be.

6
0
Silver badge

Re: I guess I know what architectures to avoid...

I have a couple mid-1980s 386SX16s with NE2000 Ethernet cards connected to TehIntraWebTubes as I type. Yes, they are functional, and doing useful work.

8
2
Bronze badge

Re: I guess I know what architectures to avoid...

> it remains to be seen software-wise what the uptake will be.

For the target audience, the question is most likely to be 'how good is the linux build and compiler'?

5
0
Bronze badge

Re: I guess I know what architectures to avoid...

>Well, yeah. But what remains?

Abacus?

3
0
Bronze badge

Re: I guess I know what architectures to avoid...

Redhat support PPC with their RHEL Linux distribution. It's a full distribution so includes compilers (gcc) and most other common GNU/open source software (apache software etc.)

IBM also release some of their enterprise software for Linux on PPC and AIX on PPC, Oracle database is available on AIX for PPC.

3
0

Re: What would be far more useful is a list of architectures that I can trust.

Here you go:

2
0
Bronze badge

Re: architectures that I can trust

I believe that an abacus is fairly unhackable, that and an edible notebook should be sufficient for most requirements.

3
0
Silver badge

Re: architectures that I can trust

What do you mean? I can hack your abacus with something as simple as a ballpoint pen. Just poke the operator in the ribs and while he's not looking slide one of the beads over. Or just poke him hard enough so he shakes the thing.

1
0
Silver badge

Re: architectures that I can trust

When I use my abacus, I can't turn my back on it for even a minute. If I do, one of the cats invariably uses it as a toy. The Wife says they aren't playing, they are plotting world domination, and I should keep the tools stowed when I'm not using them ...

2
0

Re: I guess I know what architectures to avoid...

You could try ARM.

Particularly when you can get them from scores of chip vendors, or with a big enough budget, fab your own..

Add a carefully put together Linux, and you have the start of something with better chances of being/remaining secure.

0
0
Silver badge

Re: I guess I know what architectures to avoid...

I still have stack of various 3Com Etherlink III (3C509) cards as they were very well supported by just about anything and performed pretty well.

You can also do stuff with them and a PIC18F452 :-)

0
0
Silver badge
Windows

"High Assurance Platform"

That means someone is getting the "Low Assurance Platform".

That's you.

"You can't turn off the telescreen if not inner party member, prole!"

24
0
Silver badge
Unhappy

repeating it gain

See Reflections on Trusting Trust Proceedings of ACM. Also explains why the Chinese were correct in their assumptions that western hardware was intrinsically insecure and created their own silicon.

However it is known that their consumer phones also have interesting additions if run inside the Middle kingdom. Such as full remote control

Now where was that 486 motherboard ?

17
0

Page:

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Forums

Biting the hand that feeds IT © 1998–2017