Uncategorized

Intel-SA-00112: Q1’18 AMT 9.x/10.x/11.x Security Review Cumulative Update

Re: https://firmwaresecurity.com/2018/07/11/intel-releases-a-dozen-new-security-advisories/

In an effort to continuously improve the robustness of the Intel® Converged Security Management Engine (Intel® CSME), Intel has performed a security review of its Intel® CSME with the objective of continuously enhancing firmware resilience. As a result, Intel has identified security vulnerabilities that could potentially place affected platforms at risk.[…]

https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00112.html

 

Standard
Uncategorized

Lenovo: Intel AMT MEBx Access Control Bypass

Intel Active Management Technology MEBx Access Control Bypass
2018-02-08
Initial Release

Scope of Impact: Industry-wide
Lenovo Security Advisory: LEN-19568

Potential Impact: Remote access and control
Severity: Critical

Intel has issued an advisory for Intel vPro Active Management Technology (AMT) to all system manufacturers. The Intel AMT default configuration has weak security around the Management Engine BIOS Extension (MEBx) password.[…]

ThinkPad – Updates coming soon
ThinkServer- Researching

https://support.lenovo.com/us/en/solutions/LEN-19568

https://sintonen.fi/advisories/intel-active-management-technology-mebx-bypass.txt

https://www.intel.com/content/www/us/en/support/articles/000020917/software/manageability-products.html

https://www.intel.com/content/dam/support/us/en/documents/technologies/Intel_AMT_Security_Best_Practices_QA.pdf

http://thinkdeploy.blogspot.com/2016/08/the-think-bios-config-tool.html

 

 

Standard
Uncategorized

F-Secure: new Intel AMT security issue

Intel AMT Security Issue Lets Attackers Bypass Login Credentials in Corporate Laptops

Intel AMT Security Issue Lets Attackers Bypass Login Credentials in Corporate Laptops
Insecure defaults in Intel AMT allow an intruder to completely bypass user and BIOS passwords and TPM and Bitlocker PINs to backdoor almost any corporate laptop in a matter of seconds.

Helsinki, Finland – January 12, 2018: F-Secure reports a security issue affecting most corporate laptops that allows an attacker with physical access to backdoor a device in less than 30 seconds. The issue allows the attacker to bypass the need to enter credentials, including BIOS and Bitlocker passwords and TPM pins, and to gain remote access for later exploitation. It exists within Intel’s Active Management Technology (AMT) and potentially affects millions of laptops globally. The security issue “is almost deceptively simple to exploit, but it has incredible destructive potential,” said Harry Sintonen, who investigated the issue in his role as Senior Security Consultant at F-Secure. “In practice, it can give an attacker complete control over an individual’s work laptop, despite even the most extensive security measures.”[…]

 

Standard
Uncategorized

Intel MeshCommander (AMT tool): now available for Mac and Linux (not just Windows)

Meshcommander is an Intel AMT tool from Intel. Previously, I thought it was a Windows-only thing, but the current release has Linux and Mac support as well as Windows!

https://software.intel.com/en-us/blogs/2018/01/08/meshcommander-for-npm-linux-osx-windows

http://www.meshcommander.com/meshcentral2

http://www.meshcommander.com/meshcommander

https://www.npmjs.com/package/meshcommander

https://software.intel.com/sites/default/files/managed/f1/ca/NPM-MC-MultiOS.png

Standard
Uncategorized

Hack.lu 2017 Intel AMT: Using & Abusing the Ghost in the Machine by Parth Shukla

 

Standard
Uncategorized

Intel MeshCentral2 updated with Load Balancer & Peering Support

Intel has released an updated version of MeshCentral2, an Intel AMT-based management tool for Windows. New version has “server peering” support, which I confess I don’t yet understand what that means, but sounds signficant, something to learn about…

[…]MeshCentral2 is a free open source web-based remote computer management solution allowing administrators to setup new servers in minutes and start remotely controlling computers using both software agent and Intel® AMT. The server works both in a LAN environment and over the Internet in a WAN setup. Now, I just released a new version with support for server-to-server peering allowing for improved fail-over robustness and scaling. Some technical details:

* Servers connect to each-other using secure web sockets on port 443. This is just like browsers and Mesh agents, so you can setup a fully working peered server installation with only port 443 being open.
* Server peering and mesh agent connections use a secondary authentication certificate allowing the server HTTPS public certificate (presented to browser) to be changed. This allows MeshCentral2 peer servers to be setup with different HTTPS certificates. As a result, MeshCentral2 can be setup in a multi-geo configuration.
* All of the peering is real-time. As servers peer together and devices connect to the servers, users see a real-time view on the web page of what devices are available for management. No page refresh required.
* MeshCentral2 supports TLS-offload hardware for all connections including Intel® AMT CIRA even when peering. So, MeshCentral2 servers can benefit from the added scaling of TLS offload accelerators.
* Fully support server peering for Browsers, Mesh Agents and Intel® AMT connections.
* The server peering system does not use the database at all to exchange state data. This boosts the efficiency of the servers because the database is only used for long term data storage, not real time state.
* There is no limit to how many servers you can peer, however I currently only tested a two server configuration.

https://software.intel.com/en-us/blogs/2017/09/21/meshcentral2-load-balancer-peering-support

http://www.meshcommander.com/meshcentral2

https://software.intel.com/sites/default/files/managed/ce/37/MeshCentral2-DualServer.png

 

Standard