
Intel ME: Myths and Reality [pdf] - zkms
https://events.ccc.de/congress/2017/Fahrplan/system/event_attachments/attachments/000/003/391/original/Intel_ME_myths_and_reality.pdf
======
wilun
The first section is weird: it compares random opinions from random social
websites with another semi-random one from Hacker News (from someone who says
it worked on it, but we don't even now at which level, and the "I think I
would have known" part strongly make me think he actually would not have...),
and lets conclude that secret services never had any stake in the design.

The _unmarketed_ HAP bit is actually evidence they either can do some hack
leveraging it, or at least are worried other services can or will become able
to.

The theory that the _complete_ subsystem would have been kept secret if it was
of interest for secret services is also highly laughable. Especially when it
is well known how they regularly leverage other marketed management/sideband
services, for example in telecom equipment, to do their espionage operations.

~~~
wanderingjew
As one of the authors referenced in the 'myths' section of the talk (the ME
can do _anything_...), I have to disagree with the actual danger of the ME. It
is connected directly to system memory, and from there you _can_ actually do
anything.

It's like saying "I have a car and can drive 20 miles, but being able to drive
2000 miles is impossible." Saying _everything_ in impossible when you own the
system memory is just a failure of imagination.

------
macns
Page 37: "WHAT CAN I DO ABOUT IT?"

Page 45: "WHERE'S THE INTEL ME FIRMWARE?" _The Intel ME firmware is in the
same flash chip of the BIOS /UEFI, in its own region._

Page 46: "Reading and writing it with an external programmer is quite simple."
..showing 2 pictures of raspberry pi connected to disassembled laptops with
wiring all over the place.

How simple is simple I wonder :D

~~~
userbinator
When I was in Shenzhen, one of the services offered in their electronics
markets were laptop BIOS reflashes, and all they did was take the cover off
and clip an adapter[1] to the chip for a few minutes. Once you have the
hardware setup, it's not hard.

[1] [https://www.aliexpress.com/item/SOIC8-SOP8-Flash-Chip-IC-
Tes...](https://www.aliexpress.com/item/SOIC8-SOP8-Flash-Chip-IC-Test-Clips-
Socket-Adpter-BIOS-24-25-93-Programmer/32801699329.html)

------
thg
I would argue that the existence of the HAP bit, along with the ridiculous
amount of found security bugs (that on almost every ME currently in the wild
will _not ever_ be patched, mind you) can be seen as the ME being used as a
planted NSA backdoor, disguised as being a (useful) utility.

They get to exploit all the bugs to do their nefarious things and can neuter
the ME of their own machines to not provide the same attack surface. I find it
highly unlikely that the NSA did not know about how insecure the current ME
generation is and I also find it very hard to believe that Intel would not
have put _any_ effort into pentesting it.

Or maybe it was just pure corporate greed on Intel's part after all. I fear
we'll never know, unless another NSA leak happens that contains information
about this.

------
seba_dos1
Here's the recording from the talk:
[https://media.ccc.de/v/34c3-8782-intel_me_myths_and_reality](https://media.ccc.de/v/34c3-8782-intel_me_myths_and_reality)

IMO the first half is almost useless, but the second one is actually worth
listening to.

------
xtanx
Like wilun said: The first section is weird. They are ruining the point they
are trying to make when they say: "myth x" \- and then they say it is
basically true.

myth 1: and they come to the conclusion "pretty unlikely". So no you didn't
mythbust - just you don't think it is true. Also, if it is made for solving
real IT problems then why can't I disable it? (without using me_cleaner)

myth 2 conclusion: "yes, but it depends". So you are saying it is true.

myth 3 conclusion: "was possible, not anymore". You are saying it is true
again.

myth 4 conclusion: "its complicated" \- nobody said it was easy but its
possible so that makes it true.

and so on ...

------
snowpanda
Igor Skochinsky is great. He explains it so anyone can understand (something
becoming rarer these days), he is very helpful on Github too.

------
geezerjay
The presentation is basically a collection of social media posts made by self-
described hobbyists who right from the start state they are not security
researchers.

The relevance of this post is very limited.

~~~
carlob
They also wrote some scripts and ran some experiments, or did you stop reading
after a while?

~~~
geezerjay
> or did you stop reading after a while?

Of course. How much time do you spend reading opinions on a highly technical
field from hobbyists who readily admit they are no experts, and whose work is
based on a hand-picked list of comments posted by anonymous people on social
media?

I would gladly read the whole presentation from start to finish if it was
written by experts talking about their research in their domain of expertise.
This is not that.

~~~
cwyers
The title is "myths and reality." Where did you think the myths were going to
come from?

