
How to Hack a Turned-Off Computer, or Running Unsigned Code in Intel ME - alexlash
http://blog.ptsecurity.com/2018/01/running-unsigned-code-in-intel-me.html
======
j_s
This PDF might be news to many; click 'past' to see previous submissions --
last month's got traction:

[dupe]
[https://news.ycombinator.com/item?id=16015539](https://news.ycombinator.com/item?id=16015539)
(543 points, 107 comments)

HN user saulrh mentioned that the list of requirements "does not seem
incredibly unusual" for enterprise setups with AMT on.

Pre-Meltdown/Spectre this was 2017's "big deal" re:Intel; nearly all of the
varying degrees of paranoia in the previous discusson seem a lot more
reasonable with the benefit of hindsight. (If any more AMT info has become
available thanks to Meltdown/Spectre-enhanced reverse engineering I would
appreciate a heads-up; example vs SGX: [https://github.com/lsds/spectre-
attack-sgx](https://github.com/lsds/spectre-attack-sgx))

~~~
godelmachine
I thought it's not possible to paste the same link twice in HN, yet this
appears for the 3rd time, as far as my memory permits.

------
lasermike026
OK, so the computer and network switch are connected to a UPS power supply.
Kill the power for both. System is now down...

Intel needs get their act together or remove this features entirely. Clean it
up.

------
pweissbrod
I didnt see mention of this in the article but I thought accessing a powered-
off machine required usage of the 3G wireless support built in to the vPro
line of intel chips.

~~~
ben_w
> the 3G wireless support built in to the vPro line of intel chips

Yikes. That’s the first I’ve heard of this. It’s terrifying that even exists
as an option, given how much of a strategic military benefit it provides to
whoever can pull Intel’s strings.

~~~
pweissbrod
scary stuff ben_w look it up 3g support has been in the vPro line for the
better part of a decade.

call me a conspiracy theorist if you like but i'll bet you dollars to donuts
wireless powerless remote management exploits exist in the wild for these
intel chips.

and by wild i include state-owned in there

edit: if you have one of these chips you can disable the feature in bios

~~~
ben_w
I just did. I agree. And I cannot because I have a mac.

------
z_open
Does AMD's PSP have the same security vulnerability?

~~~
freeone3000
Likely not the same, due to independent implementation, but it'd be foolish to
think it didn't have security flaws equally as severe.

~~~
blauditore
Can you elaborate?

From what I understand (I'm not well-informed though), those security flaws
stem mainly from carelessness by Intel. So this would assume AMD acts equally
careless, which may or may not be true.

~~~
gh02t
I think the argument is that AMD's implementation is similar in complexity and
any sufficiently complex implementation will likely have vulnerabilities,
sloppy or not.

