Tag: Intel

Intel seeks senior security researcher

~ hucktech ~ Leave a comment

Job ID: JR0037962
Job Type: Senior Security Researcher

Intel Security Center of Excellence’s goal is to be a prominent leader in the industry to assure security in computing platforms by conducting advanced security research. If you are a seasoned threat, vulnerability and exploit research expert who craves for tons of fun and pride in raising the security bar for ubiquitous computing systems, we would like you to join us as a proud member of Intel’s Advanced Security Research Team. Through your deep vulnerability analysis and mitigation development expertise, you will influence the security of a variety of Hardware, Firmware, Software & Systems spanning a range of products including Devices, Cloud, Auto, IOT, AI, VR, Drones, and Networks.

* Knowledge of computer architecture CPU, SoC, chipsets, BIOS, Firmware, Drivers, and others

 

Spaces in URLs!

http://jobs.intel.com/ShowJob/Id/1352711/Senior%20Security%20Researcher

Intel: Root Cause of Spectre/Meltdown Reboot Issues Identified

~ hucktech ~ Leave a comment

https://newsroom.intel.com/news/root-cause-of-reboot-issue-identified-updated-guidance-for-customers-and-partners/

January 22, 2018 […]We have now identified the root cause for Broadwell and Haswell platforms, and made good progress in developing a solution to address it. Over the weekend, we began rolling out an early version of the updated solution to industry partners for testing, and we will make a final release available once that testing has been completed. Based on this, we are updating our guidance for customers and partners: We recommend that OEMs, cloud service providers, system manufacturers, software vendors and end users stop deployment of current versions, as they may introduce higher than expected reboots and other unpredictable system behavior. For the full list of platforms, see the Intel.com Security Center site.[…]

bios-8088: disassembled BIOS from 8088 machines

~ hucktech ~ Leave a comment

Disassembled BIOS from 8088 machines

https://github.com/ricardoquesada/bios-8088

Speaking of old Intel chips:

https://github.com/jeffpar/pcjs
https://github.com/morphx666/x8086NetEmu
https://github.com/nkeck720/tiny-8088

The IBM BIOS reference was a classic, and archives of it exist online:
https://www.google.com/search?q=IBM+BIOS+Interface+technical+reference

 

PTSecurity: how to run code in Intel ME

~ hucktech ~ Leave a comment

Thursday, January 18, 2018
How to hack a disabled computer or run code in Intel ME
At the recent Black Hat Europe conference, Positive Technologies researchers Mark Ermolov and Maxim Goryachy spoke about the vulnerability in Intel Management Engine 11 , which opens up access to most of the data and processes on the device. This level of access also means that any attacker exploiting this vulnerability, bypassing traditional software-based protection, will be able to conduct attacks even when the computer is turned off. Today we publish in our blog the details of the study.[…]

http://blog.ptsecurity.ru/2018/01/intel-me.html

https://translate.google.com/translate?hl=en&sl=ru&u=http://blog.ptsecurity.ru/2018/01/intel-me.html

 

system-bus-radio: Transmits AM radio on computers without radio transmitting hardware

~ hucktech ~ Leave a comment

Transmits AM radio on computers without radio transmitting hardware. Some computers are intentionally disconnected from the rest of the world. This includes having their internet, wireless, bluetooth, USB, external file storage and audio capabilities removed. This is called “air gapping”. Even in such a situation, this program can transmit radio. Publicly available documents already discuss exfiltration from secured systems using various electromagnetic radiations. Run this using a 2015 model MacBook Air. Then use a Sony STR-K670P radio receiver with the included antenna and tune it to 1580 kHz on AM. You should hear the “Mary Had a Little Lamb” tune playing repeatedly.

https://github.com/fulldecent/system-bus-radio

https://fulldecent.github.io/system-bus-radio/

INTEL-001-04 security advisory: Intel NUC and Infineon TPM

~ hucktech ~ Leave a comment

Intel® NUC Kit with Infineon Trusted Platform Module

Intel ID: INTEL-SA-00104
Product family: Intel® NUC Kit
Impact of vulnerability: Information Disclosure
Severity rating: Important
Original release: Jan 16, 2018
Last revised: Jan 16, 2018

Certain Intel® NUC systems contain an Infineon Trusted Platform Module (TPM) that has an information disclosure vulnerability as described in CVE-2017-15361.

Recently, a research team developed advanced mathematical methods to exploit the characteristics of acceleration algorithms for prime number finding, which are common practice today for RSA key generation. For more information please reference the public advisory issued by Infineon.

Intel highly recommends users make sure they have the appropriate Windows operating system patches to work around this vulnerability.

For customers that require a firmware upgrade please contact Intel Customer Support at https://www.intel.com/content/www/us/en/support.html for assistance.

All newly manufactured Intel® NUC systems that contain the Infineon TPM have been updated with the updated firmware from Infineon.

 

https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00104&languageid=en-fr

 

ME Analyzer 1.42.0 released

~ hucktech ~ Leave a comment

https://github.com/platomav/MEAnalyzer

io386: tool wrapping around ioperm(2), iopl(2), outb(b), etc.

~ hucktech ~ Leave a comment

Introduction: A command line tool wrapping around ioperm(2) iopl(2) outb(2), etc.
Where it is needed: Designed for Linux-as-bootloader-payload schemes like Heads, in order to perform low-level IO operations, e.g. triggering SMIs.

https://github.com/hardenedlinux/io386

 

Intel updates microcode for Linux

~ hucktech ~ 1 Comment

https://downloadcenter.intel.com/download/27431/Linux-Processor-Microcode-Data-File
https://downloadcenter.intel.com/product/873/Processors
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=886367#17
https://www.dragonflydigest.com/2018/01/09/20710.html
https://launchpad.net/ubuntu/+source/intel-microcode/3.20180108.0~ubuntu16.04.2
https://bugs.launchpad.net/ubuntu/+source/intel-microcode/+bug/1742364
http://ftp.us.debian.org/debian/pool/non-free/i/intel-microcode/

see-also:

https://github.com/platomav/CPUMicrocodes

http://inertiawar.com/microcode/

https://www.cyberciti.biz/faq/install-update-intel-microcode-firmware-linux/

https://labs.vmware.com/flings/vmware-cpu-microcode-update-driver#summary

https://firmwaresecurity.com/tag/microcode/

https://news.ycombinator.com/item?id=16111433

F-Secure: new Intel AMT security issue

~ hucktech ~ Leave a comment

https://press.f-secure.com/2018/01/12/intel-amt-security-issue-lets-attackers-bypass-login-credentials-in-corporate-laptops/

Intel AMT Security Issue Lets Attackers Bypass Login Credentials in Corporate Laptops
Insecure defaults in Intel AMT allow an intruder to completely bypass user and BIOS passwords and TPM and Bitlocker PINs to backdoor almost any corporate laptop in a matter of seconds.

Helsinki, Finland – January 12, 2018: F-Secure reports a security issue affecting most corporate laptops that allows an attacker with physical access to backdoor a device in less than 30 seconds. The issue allows the attacker to bypass the need to enter credentials, including BIOS and Bitlocker passwords and TPM pins, and to gain remote access for later exploitation. It exists within Intel’s Active Management Technology (AMT) and potentially affects millions of laptops globally. The security issue “is almost deceptively simple to exploit, but it has incredible destructive potential,” said Harry Sintonen, who investigated the issue in his role as Senior Security Consultant at F-Secure. “In practice, it can give an attacker complete control over an individual’s work laptop, despite even the most extensive security measures.”[…]

 

Intel MeshCommander (AMT tool): now available for Mac and Linux (not just Windows)

~ hucktech ~ Leave a comment

Meshcommander is an Intel AMT tool from Intel. Previously, I thought it was a Windows-only thing, but the current release has Linux and Mac support as well as Windows!

https://software.intel.com/en-us/blogs/2018/01/08/meshcommander-for-npm-linux-osx-windows

http://www.meshcommander.com/meshcentral2

http://www.meshcommander.com/meshcommander

https://www.npmjs.com/package/meshcommander

https://software.intel.com/sites/default/files/managed/f1/ca/NPM-MC-MultiOS.png

microcode

~ hucktech ~ 1 Comment

[Someone just asked me a microcode question, I was digging up some pointers to a microcode tool for someone, ended up cleaning out my browser’s microcode-related bookmarks, and thought I mine as well post a blog entry of the links…]

https://github.com/platomav/MCExtractor
https://www.win-raid.com/t3355f47-Intel-AMD-amp-VIA-CPU-Microcode-Repositories.html#msg45883

https://github.com/RUB-SysSec/Microcode
http://syssec.rub.de/research/publications/microcode-reversing/
see below video:

https://github.com/torvalds/linux/blob/master/Documentation/x86/microcode.txt
https://github.com/torvalds/linux/tree/master/arch/x86/kernel/cpu/microcode

https://community.amd.com/thread/216246
https://en.wikipedia.org/wiki/Microcode
https://linux.die.net/man/8/microcode_ctl
http://manpages.ubuntu.com/manpages/zesty/man8/iucode_tool.8.html
http://manpages.ubuntu.com/manpages/precise/en/man8/microcode_ctl.8.html
http://manpages.ubuntu.com/manpages/precise/en/man8/update-intel-microcode.8.html
https://askubuntu.com/questions/545925/how-to-update-intel-microcode-properly

How to update CPU microcode in Linux


http://www.linuxfromscratch.org/blfs/view/svn/postlfs/firmware.html

Updating microcodes


https://support.mozilla.org/en-US/kb/microcode-update
https://lists.debian.org/debian-security/2016/03/msg00084.html

https://wiki.debian.org/Microcode
https://wiki.gentoo.org/wiki/Intel_microcode
https://wiki.archlinux.org/index.php/microcode

http://blog.fpmurphy.com/2016/12/python-3-utilities-for-parsing-intel-microcode.html

 

DPTFExtract – Linux DPTF Extract Utility

~ hucktech ~ Leave a comment

This is a companion tool to Linux Thermal Daemon (thermald). This tool tries to reuse some of the tables used by “Intel ® Dynamic Platform and Thermal Framework (Intel® DPTF)” by converting to the thermal_conf.xml format used by thermald.

https://github.com/intel/dptfxtract

 

 

Intel adds ROP-detection Branch Monitoring support to Linux

~ hucktech ~ Leave a comment

https://twitter.com/aionescu/status/947990492062420992

https://lwn.net/Articles/738166/

Date: Fri, 3 Nov 2017 11:00:03 -0700

This patchset adds support for Intel’s branch monitoring feature. This feature uses heuristics to detect the occurrence of an ROP(Return Oriented Programming) or ROP like(JOP: Jump oriented programming) attack. These heuristics are based off certain performance monitoring statistics, measured dynamically over a short configurable window period. ROP is a malware trend in which the attacker can compromise a return pointer held on the stack to redirect execution to a different desired instruction. Currently, only the Cannonlake family of Intel processors support this feature. This feature is enabled by CONFIG_PERF_EVENTS_INTEL_BM. Once the kernel is compiled with CONFIG_PERF_EVENTS_INTEL_BM=y on a Cannonlake system, the following perf events are added which can be viewed with perf list:
intel_bm/branch-misp/ [Kernel PMU event]
intel_bm/call-ret/ [Kernel PMU event]
intel_bm/far-branch/ [Kernel PMU event]
intel_bm/indirect-branch-misp/ [Kernel PMU event]
intel_bm/ret-misp/ [Kernel PMU event]
intel_bm/rets/ [Kernel PMU event]

A perf-based kernel driver has been used to monitor the occurrence of one of the 6 branch monitoring events. There are 2 counters that each can select between one of these events for evaluation over a specified instruction window size (0 to 1023). For each counter, a threshold value (0 to 127) can be configured to set a point at which an interrupt is generated. The entire system can monitor a maximum of 2 events(either from the same or different tasks) at any given time. Apart from the kernel driver, this patchset adds CPUID of Cannonlake processors to Intel family list and the Documentation/x86/intel_bm.txt file with some information about Intel Branch monitoring.

The mysterious case of the Linux Page Table Isolation patches

~ hucktech ~ Leave a comment

WordPress chokes on this Tumbler.com-based document; please click on the URLs in the below tweets to reach article.

https://twitter.com/revskills/status/947894765126934528

The mysterious case of the Linux Page Table Isolation patches

tl;dr: there is presently an embargoed security bug impacting apparently all contemporary CPU architectures that implement virtual memory, requiring hardware changes to fully resolve. Urgent development of a software mitigation is being done in the open and recently landed in the Linux kernel, and a similar mitigation began appearing in NT kernels in November. In the worst case the software fix causes huge slowdowns in typical workloads. There are hints the attack impacts common virtualization environments including Amazon EC2 and Google Compute Engine, and additional hints the exact attack may involve a new variant of Rowhammer.

See-also: https://firmwaresecurity.com/2017/12/07/tu-graz-story-on-rowhammer/

Sysdream article on using PCILeech to attack Windows

~ hucktech ~ Leave a comment

Nice article by Sysdream on using PCIleech to attack Windows DMA.

https://sysdream.com/news/lab/2017-12-22-windows-dma-attacks-gaining-system-shells-using-a-generic-patch/