Quantcast

How are people dealing with the Intel AMT BIOS vulnerability/backdoor?

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

How are people dealing with the Intel AMT BIOS vulnerability/backdoor?

techay
Hi,

Just checked my router today and found out that the AMT vuln is on there and active/provisioning, probably like most of your systems too..

I have had to disconnect it from the Internet of course. Looks like trying to disable AMT/MEBx within the BIOS doesn't do jack on my M58P, as it's still being reported by a detection tool that it active and provisioning. Intel have released instructions to patch for the Windows OS, but I don't have that OS on any hard drives so isn't helpful for me. Intel have screwed us all over - I'm totally fed up with this crap.
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: How are people dealing with the Intel AMT BIOS vulnerability/backdoor?

Theodoros
- Disable and try to exploit (best way to know really)
- If necessary file a bug report with the vendor
- Block perspective ports on your network.

On 14 May 2017 at 21:33,  <[hidden email]> wrote:
> Hi,
>
> Just checked my router today and found out that the AMT vuln is on there and active/provisioning, probably like most of your systems too..
>
> I have had to disconnect it from the Internet of course. Looks like trying to disable AMT/MEBx within the BIOS doesn't do jack on my M58P, as it's still being reported by a detection tool that it active and provisioning. Intel have released instructions to patch for the Windows OS, but I don't have that OS on any hard drives so isn't helpful for me. Intel have screwed us all over - I'm totally fed up with this crap.

Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: How are people dealing with the Intel AMT BIOS vulnerability/backdoor?

lists-2
Hi Theodoros, techay, misc@

It is not only this particular system board firmware replacement project,
that will show you exactly the same sentiment in appreciation for most of
the manufacturer provided basic system bootstrap and management software:

https://libreboot.org/faq.html#hardware-compatibility
https://www.coreboot.org/Intel_Management_Engine
https://en.wikipedia.org/wiki/Intel_Active_Management_Technology

Other projects attempting to work with and around the respective hardware
vendors will give you a similar state of the union public address if any.
This includes all major market share companies on the most popular viable
actively evolving commercial platforms, the less popular are much worse..

This also raises several other key points worth mentioning here..  People
often ask which hardware to choose, Intel or AMD, on the popular x86 arch
and alternatives to the mainstream processor & chip set offerings.  It is
very very disappointing to see they ALL are on the path of corrupted docs
and employ all means to prevent open standards with competitive products.

Both Intel and AMD are incredibly flawed so the main topic is incomplete,
in terms of their vulnerable !management engines, hardware compatibility,
and engineer and programmer documentations.  This also includes all other
types of chips and/or controller logic boards with programmable firmware.

It is a big disaster problem where every vendor is deliberately at fault!
The below is a very sane, and minimal set of generic good recommendations
but it's also absolutely incompatible with the topic definition, gives no
solution, and is not specifically OpenBSD but ALL operating systems case.

Indeed, CPU & firmware misfeatures are a big and more prominent pest now.
The existing products have already been produced, sold, installed, used..
In fact when you attack the general computing main board platforms makers
you do nothing & waste your time, better use it to help devise open ones!
Open and free in all possible ways from design to user level programming.

It's however known that the attempted open platforms are more encumbered.
In reality, the freest products are the one that are most mature & known.
Rather make more usable free software operated the most popular products.

We seem to desperately need even cheaper modern processors manufacturing.
Complete with user lever complete hardware validation, with verification,
and user capabilities to burn off those logic segments found vulnerable..

Or, just best effort correct hardware implementation with full open docs.
Fix the topic to how to deal with the total disaster of recent computers.
The only way to make some effect on the current state is to re-implement.

OpenBSD gives us hope by doing this on the software level for many years.
This also slowly creates positive effects on the hardware levels as well.
Most sane people are evading these and program around that to circumvent.

Kind regards,
Anton Lazarov

Mon, 15 May 2017 09:05:38 +0300 Theodoros <[hidden email]>

> - Disable and try to exploit (best way to know really)
> - If necessary file a bug report with the vendor
> - Block perspective ports on your network.
>
> On 14 May 2017 at 21:33,  <[hidden email]> wrote:
> > Hi,
> >
> > Just checked my router today and found out that the AMT vuln is on
> > there and active/provisioning, probably like most of your systems
> > too..
> >
> > I have had to disconnect it from the Internet of course. Looks like
> > trying to disable AMT/MEBx within the BIOS doesn't do jack on my
> > M58P, as it's still being reported by a detection tool that it
> > active and provisioning. Intel have released instructions to patch
> > for the Windows OS, but I don't have that OS on any hard drives so
> > isn't helpful for me. Intel have screwed us all over - I'm totally
> > fed up with this crap.  

Loading...