Uncategorized

Apple fixed firmware vulnerability found by Positive Technologies

June 14, 2018
The vulnerability allowed exploiting a critical flaw in Intel Management Engine and still can be present in equipment of vendors that use Intel processors. Apple released an update for macOS High Sierra 10.13.4, which fixes the firmware vulnerability CVE-2018-4251 found by Positive Technologies experts Maxim Goryachy and Mark Ermolov. For more details, see Apple Support.[…]

http://blog.ptsecurity.com/2018/06/apple-fixed-vulnerability-founde-by-PT-experts.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4251
https://support.apple.com/en-us/HT208849

Standard
Uncategorized

PT Security: new Intel ME research

https://github.com/ptresearch

https://github.com/ptresearch/IntelME-Crypto/blob/master/Intel%20ME%20Security%20keys%20Genealogy%2C%20Obfuscation%20and%20other%20Magic.pdf

Standard
Uncategorized

Fruct20: UEFI BIOS and Intel ME attack vectors and vulnerabilities

UEFI BIOS and Intel Management Engine Attack Vectors and Vulnerabilities
Alexander Ogolyuk, Andrey Sheglov, Konstantin Sheglov
Saint Petersburg National Research University of Information Technologies, Mechanics and Optics
St. Petersburg, Russia

We describe principles and implementation details of UEFI BIOS attacks and vulnerabilities, suggesting the possible security enhancement approaches. We describe the hidden Intel Management Engine implementation details and possible consequences of its security possible discredit. Described breaches in UEFI and Intel Management Engine could possibly lead to the invention of “invulnerable” malicious applications. We highlight the base principles and actual state of Management Engine (which is a part of UEFI BIOS firmware) and its attack vectors using reverse engineering techniques.

From conclusion:
* Disable all SMM code (if possible by patching or other methods)
* Disable any external firmware components (PCI boot)
* Disable S3 Bootscript (after sleep mode)
* SMI transaction Monitor extensive usage (to find malicious SMI calls)
* Enable Secure Boot mode
* Enable BIOS password
* Extensive reverse engineering of vendor’s firmware samples to find and report vulnerabilities
* Code reviews (of open sourced UEFI based systems like Tiano-Core)

https://fruct.org/publications/abstract20/files/Ogo.pdf

https://www.fruct.org/publications/abstract20/files/Ogo.pdf

https://www.fruct.org/program20

https://www.fruct.org/sites/default/files/files/conference20/FRUCT20_Program.pdf

Standard
Uncategorized

ME Analyzer 1.48.0 released

https://github.com/platomav/MEAnalyzer

Standard
Uncategorized

PTSecurity: how to run code in Intel ME

Thursday, January 18, 2018
How to hack a disabled computer or run code in Intel ME
At the recent Black Hat Europe conference, Positive Technologies researchers Mark Ermolov and Maxim Goryachy spoke about the vulnerability in Intel Management Engine 11 , which opens up access to most of the data and processes on the device. This level of access also means that any attacker exploiting this vulnerability, bypassing traditional software-based protection, will be able to conduct attacks even when the computer is turned off. Today we publish in our blog the details of the study.[…]

http://blog.ptsecurity.ru/2018/01/intel-me.html

https://translate.google.com/translate?hl=en&sl=ru&u=http://blog.ptsecurity.ru/2018/01/intel-me.html

 

Standard