INTEL announces vulnerabilities in Firmware

Questions about hardware,drivers and peripherals
Forum rules
Before you post please read how to get help
User avatar
tovian
Level 5
Level 5
Posts: 529
Joined: Sun Nov 22, 2015 1:17 pm
Location: Heart of Dixie

INTEL announces vulnerabilities in Firmware

Post by tovian » Wed Nov 22, 2017 2:42 pm

PC vendors scramble as Intel announces vulnerability in firmware [Updated]

Millions of computers could be remotely hijacked through bug in firmware code.


This is not good.
This article has a link to a vulnerability detection tool for Linux (and Windows).

Linux Download
“I think that this situation absolutely requires a really futile and stupid gesture be done on somebody's part!"
"We're just the guys to do it.”

Animal House

User avatar
Schultz
Level 6
Level 6
Posts: 1181
Joined: Thu Feb 25, 2016 8:57 pm

Re: INTEL announces vulnerabilities in Firmware

Post by Schultz » Wed Nov 22, 2017 11:24 pm

I downloaded the tool but don't know how to start it. Can anyone help? I read on Intel's site that it is "a command line executable," but it doesn't give any instructions.

User avatar
jimallyn
Level 18
Level 18
Posts: 8136
Joined: Thu Jun 05, 2014 7:34 pm
Location: Wenatchee, WA USA

Re: INTEL announces vulnerabilities in Firmware

Post by jimallyn » Wed Nov 22, 2017 11:49 pm

Navigate to wherever you saved the file with your file manager. Right click on it, then click "Extract here." Open a terminal and use cd to navigate to the SA00086_Linux folder that you just unzipped. Type ./intel_sa00086.py and press Enter. That should do it. I did not have to make any of those files executable, they already were when I unzipped them. If you have any problems, inside that SA00086_Linux is another folder called 'documents.' The .pdf file has instructions if you need them.
Image

“If the government were coming for your TVs and cars, then you'd be upset. But, as it is, they're only coming for your sons.” - Daniel Berrigan

User avatar
Schultz
Level 6
Level 6
Posts: 1181
Joined: Thu Feb 25, 2016 8:57 pm

Re: INTEL announces vulnerabilities in Firmware

Post by Schultz » Thu Nov 23, 2017 12:16 am

Thanks for the help jimallyn. My system is not vulnerable.

User avatar
jimallyn
Level 18
Level 18
Posts: 8136
Joined: Thu Jun 05, 2014 7:34 pm
Location: Wenatchee, WA USA

Re: INTEL announces vulnerabilities in Firmware

Post by jimallyn » Thu Nov 23, 2017 12:23 am

Schultz wrote:My system is not vulnerable.
Unfortunately, mine is. I unplugged the network cable when I left the house today.
Image

“If the government were coming for your TVs and cars, then you'd be upset. But, as it is, they're only coming for your sons.” - Daniel Berrigan

User avatar
Faust
Level 4
Level 4
Posts: 351
Joined: Thu Jul 14, 2016 3:40 am

Re: INTEL announces vulnerabilities in Firmware

Post by Faust » Thu Nov 23, 2017 3:30 am

jimallyn wrote: Unfortunately, mine is. I unplugged the network cable when I left the house today.
Yes , one of mine also , but while it is undoubtedly " a bad thing " , it is not disastrous and I don't believe that drastic measures are needed .
Keep in mind that to exploit the vulnerability locally , physical access to the machine is needed .
Remote exploitation requires root privileges , and we are smart enough to NOT run as root ( and Mint actively discourages us from doing this ) .

As I mentioned in another thread , reliable information on this is scarce and Intel seem to be rather coy about giving us the full picture .
For example , it would be very useful to know which ports are being used so that they could be blocked by a firewall .

In my notes I have these listed ( but no link to the source .... doh ! )

16992, 16993, 16994, 16995, 623, 664

I'd be interested to hear from other members who are looking into this .
" And so it goes " - Kurt Vonnegut
The modern reality and the satirical parody are rapidly converging .

User avatar
jimallyn
Level 18
Level 18
Posts: 8136
Joined: Thu Jun 05, 2014 7:34 pm
Location: Wenatchee, WA USA

Re: INTEL announces vulnerabilities in Firmware

Post by jimallyn » Thu Nov 23, 2017 4:34 am

Good points, Faust. I went back and read the article again, and I'm feeling a bit better now! I wish Intel would abandon the notion that putting malware in their CPUs is a good idea.
Image

“If the government were coming for your TVs and cars, then you'd be upset. But, as it is, they're only coming for your sons.” - Daniel Berrigan

User avatar
Faust
Level 4
Level 4
Posts: 351
Joined: Thu Jul 14, 2016 3:40 am

Re: INTEL announces vulnerabilities in Firmware

Post by Faust » Thu Nov 23, 2017 4:48 am

Update :
The Electronic Frontier Foundation has directly challenged Intel on this matter , and they replied , but only to nit-pick about details in the article
( which eff promptly corrected ) .... it changes nothing .
They have completely ignored the demands from eff to " do the right thing "

" So we call upon Intel to:

Provide clear documentation for the software modules that are preinstalled on various Management Engines.
What HECI commands provide a full list of the installed modules/services? What are the interfaces to those services?

Provide a way for their customers to audit ME code for vulnerabilities. That is presently impossible because the code is kept secret.

Offer a supported way to disable the ME.
If that’s literally impossible, users should be able to flash an absolutely minimal, community-auditable ME firmware image.
On systems where the ME is an essential requirement for other security features that are important to some users (like Boot Guard),
offer an additional option of a near-minimal, community-auditable ME firmware image that performs these security functions, and nothing else.
Or alternatively, a supported way to build and flash firmware images where the user can inspect and control which services/modules are present,
in order to manage security risks from those modules. "


https://www.eff.org/deeplinks/2017/05/i ... disable-it

There is certainly no help available on Intel's own site :
https://software.intel.com/en-us/articl ... -intel-amt
" And so it goes " - Kurt Vonnegut
The modern reality and the satirical parody are rapidly converging .

User avatar
Pjotr
Level 20
Level 20
Posts: 10428
Joined: Mon Mar 07, 2011 10:18 am
Location: The Netherlands (Holland)
Contact:

Re: INTEL announces vulnerabilities in Firmware

Post by Pjotr » Thu Nov 23, 2017 6:07 am

jimallyn wrote:Navigate to wherever you saved the file with your file manager. Right click on it, then click "Extract here." Open a terminal and use cd to navigate to the SA00086_Linux folder that you just unzipped. Type ./intel_sa00086.py and press Enter. That should do it. I did not have to make any of those files executable, they already were when I unzipped them. If you have any problems, inside that SA00086_Linux is another folder called 'documents.' The .pdf file has instructions if you need them.
Note that you have to run the command with sudo: sudo ./intel_sa00086.py

1. Without sudo:
pjotr@MD99587 ~/Downloads/intel $ ./intel_sa00086.py
INTEL-SA-00086 Detection Tool
Copyright(C) 2017, Intel Corporation, All rights reserved

Application Version: 1.0.0.128
Scan date: 2017-11-23 10:05:03 GMT

*** Host Computer Information ***
Name: MD99587
Manufacturer: MEDION
Model: E4213 MD99587
Processor Name: Intel(R) Celeron(R) CPU N2840 @ 2.16GHz
OS Version: LinuxMint 18.3 sylvia (4.11.0-14-generic)

This tool needs elevated privileges to run.

*** Risk Assessment ***
Detection Error: This system may be vulnerable.

For more information refer to the SA-00086 Detection Tool Guide or the Intel security advisory Intel-SA-00086 at the following link:
https://security-center.intel.com/advis ... geid=en-fr
2. With sudo:
pjotr@MD99587 ~/Downloads/intel $ sudo ./intel_sa00086.py
[sudo] wachtwoord voor pjotr:
INTEL-SA-00086 Detection Tool
Copyright(C) 2017, Intel Corporation, All rights reserved

Application Version: 1.0.0.128
Scan date: 2017-11-23 10:05:37 GMT

*** Host Computer Information ***
Name: MD99587
Manufacturer: MEDION
Model: E4213 MD99587
Processor Name: Intel(R) Celeron(R) CPU N2840 @ 2.16GHz
OS Version: LinuxMint 18.3 sylvia (4.11.0-14-generic)

*** Intel(R) ME Information ***
Engine: Intel(R) Management Engine
Version: 1.1.2.1120
SVN: 0

*** Risk Assessment ***
Based on the analysis performed by this tool: This system is not vulnerable.

For more information refer to the SA-00086 Detection Tool Guide or the Intel security advisory Intel-SA-00086 at the following link:
https://security-center.intel.com/advis ... geid=en-fr
Last edited by Pjotr on Thu Nov 23, 2017 6:22 am, edited 3 times in total.
Tip: 10 things to do after installing Linux Mint 19 Tara
Keep your Linux Mint healthy: Avoid these 10 fatal mistakes
Twitter: twitter.com/easylinuxtips
All in all, horse sense simply makes sense.

User avatar
michael louwe
Level 8
Level 8
Posts: 2329
Joined: Sun Sep 11, 2016 11:18 pm

Re: INTEL announces vulnerabilities in Firmware

Post by michael louwe » Thu Nov 23, 2017 6:10 am

@ jimallyn, .......
jimallyn wrote:
Schultz wrote:My system is not vulnerable.
Unfortunately, mine is. I unplugged the network cable when I left the house today.
.
According to this link https://www.howtogeek.com/56538/how-to- ... t-crashes/ on how to configure computers for Remote Management with the Intel MEBx/AMT/vPro feature, I do not think you need to take such preventive measures against the Intel ME vulnerability except to make sure that the feature is disabled in BIOS-1 level. Many steps are required before this deep remote access feature can be used. So, even unpatched Intel computers may not be vulnerable.
... Likely, it is mostly only computers which have already been such configured by businesses' System Admins for Remote Management, that are vulnerable and need to be patched.

User avatar
Flemur
Level 15
Level 15
Posts: 5805
Joined: Mon Aug 20, 2012 9:41 pm
Location: Potemkin Village

Re: INTEL announces vulnerabilities in Firmware

Post by Flemur » Thu Nov 23, 2017 12:04 pm

Pjotr wrote:[*** Risk Assessment ***
Detection Error: This system may be vulnerable.
I get that with or without "sudo" - they're exactly the same.

But great web page (download) they have there! Thousands of lawyer words, but not one word of instructions on how to run the thing.
please install the Intel(R) MEI/TXEI driver (available from your system manufacturer).
For more information refer to the SA-00086 Detection Tool Guide or the Intel security advisory Intel-SA-00086 at the following link:https://security-center.intel.com/advisory.aspx?inte ...
That link has no information on how to "install the Intel(R) MEI/TXEI driver" - it doesn't even mention MEI.
Please edit your original post title to include [SOLVED] if/when it is solved!
Your data and OS are backed up....right?
Mint 18.3 Xfce/fluxbox/pulse-less
Xubuntu 17.10/fluxbox/pulse-less

User avatar
Schultz
Level 6
Level 6
Posts: 1181
Joined: Thu Feb 25, 2016 8:57 pm

Re: INTEL announces vulnerabilities in Firmware

Post by Schultz » Thu Nov 23, 2017 12:15 pm

Pjotr wrote:
Note that you have to run the command with sudo
Here's how I did it: I opened the folder that contained "intel_sa00086.py" as administrator, and double-clicked it, and in the selection window that asked what to do, I selected run. I'm assuming that since I opened the containing folder as administrator, that the file was also run as administrator. Is that correct? Or did I need to also run the file itself as administrator?

User avatar
jimallyn
Level 18
Level 18
Posts: 8136
Joined: Thu Jun 05, 2014 7:34 pm
Location: Wenatchee, WA USA

Re: INTEL announces vulnerabilities in Firmware

Post by jimallyn » Thu Nov 23, 2017 4:02 pm

Pjotr wrote:Note that you have to run the command with sudo: sudo ./intel_sa00086.py
I get precisely the same output whether I use sudo or not. I do not get any message that it needs elevated privileges. Interesting.
Image

“If the government were coming for your TVs and cars, then you'd be upset. But, as it is, they're only coming for your sons.” - Daniel Berrigan

User avatar
Minterator
Level 5
Level 5
Posts: 596
Joined: Thu Jan 10, 2013 8:29 am

Re: INTEL announces vulnerabilities in Firmware

Post by Minterator » Fri Nov 24, 2017 6:59 pm

Asus doesn't have ME firmware update for this mobo, what next?

Code: Select all

sudo ./intel_sa00086.py 
INTEL-SA-00086 Detection Tool
Copyright(C) 2017, Intel Corporation, All rights reserved

Application Version: 1.0.0.128
Scan date: 2017-11-24 22:45:53 GMT

*** Host Computer Information ***
Name: Asus-h170
Manufacturer: System manufacturer
Model: System Product Name
Processor Name: Intel(R) Core(TM) i7-6700 CPU @ 3.40GHz
OS Version: LinuxMint 17.3 rosa (4.11.12-041112-generic)

*** Intel(R) ME Information ***
Engine: Intel(R) Management Engine
Version: 11.0.10.1002
SVN: 1

*** Risk Assessment ***
Based on the analysis performed by this tool: This system is vulnerable.
Explanation:
The detected version of the Intel(R) Management Engine firmware is considered vulnerable for INTEL-SA-00086.
Contact your system manufacturer for support and remediation of this system.


For more information refer to the SA-00086 Detection Tool Guide or the Intel security advisory Intel-SA-00086 at the following link:
https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00086&languageid=en-fr
Mint 17.3 MATE, kernel 4.11.12

User avatar
Faust
Level 4
Level 4
Posts: 351
Joined: Thu Jul 14, 2016 3:40 am

Re: INTEL announces vulnerabilities in Firmware

Post by Faust » Sat Nov 25, 2017 4:06 am

Minterator wrote:Asus doesn't have ME firmware update for this mobo, what next? ....
First of all " Do Not Panic " ( The Hitch-hikers Guide to the Galaxy is very specific on that point :lol: )

The manufacturer of one of my affected machines is not on that Intel list either , so it may be a long wait for some folks .
Even without the " band-aid" fix being offered , the potential attack-surface is still tiny for the vast majority of users ,
who may have " compromised " hardware .

Keep in mind that ALL systems are vulnerable to attack via USB ports ( STUXNET is all the proof that is needed )

A system that is booted and unattended can be compromised in seconds , even if the user is not logged in !
And a machine that is not powered-up is still vulnerable .... eg. attack by the aptly-named " Evil Maid " ,
.... most safes in hotel rooms are too small to hold a laptop .
I have seen machines with all of the USB ports sealed with hot glue , in fact some companies do this as a matter of policy .
[People who attend major hacker conventions such as DefCon have been known to take even more drastic measures ! ]

So that is one of the main attack vectors for any potential malicious exploitation of Intel ME .
The other being remote , which requires unauthorized elevation , and that should not bother us Mint users :)

In short , this latest security mess ( of Intel's own making ) is much less of a threat than it first appears .
" And so it goes " - Kurt Vonnegut
The modern reality and the satirical parody are rapidly converging .

User avatar
Minterator
Level 5
Level 5
Posts: 596
Joined: Thu Jan 10, 2013 8:29 am

Re: INTEL announces vulnerabilities in Firmware

Post by Minterator » Sat Nov 25, 2017 8:46 am

jimallyn wrote:Good points, Faust. I went back and read the article again, and I'm feeling a bit better now! I wish Intel would abandon the notion that putting malware in their CPUs is a good idea.
It's in the chipset, not the CPU. It's a separate MINIX mini-OS that works independently of Windows/Linux regardless of root/administrator privilege. It's a Big Brother backdoor that could give the NSA complete access to the entire system's memory space. My H170 machines are vulnerable and there's no fimrware update from Asus (yet?), my H270 has a patch from Asus but it's a Windows executable https://www.asus.com/us/Motherboards/RO ... Desk_BIOS/

https://www.techpowerup.com/238677/mini ... inix-drama

https://gadgets.ndtv.com/laptops/news/i ... ty-1773805

There are cleaners that overwrite parts of the firmware, thereby disabling it. But it may also brick the machine.

https://github.com/corna/me_cleaner/wik ... it-work%3F

https://github.com/bartblaze/Disable-Intel-AMT
Mint 17.3 MATE, kernel 4.11.12

User avatar
BG405
Level 6
Level 6
Posts: 1187
Joined: Fri Mar 11, 2016 3:09 pm
Location: England

Re: INTEL announces vulnerabilities in Firmware

Post by BG405 » Sat Nov 25, 2017 6:37 pm

jimallyn wrote:
Pjotr wrote:Note that you have to run the command with sudo: sudo ./intel_sa00086.py
I get precisely the same output whether I use sudo or not. I do not get any message that it needs elevated privileges. Interesting.
Same here.

Code: Select all

*** Risk Assessment ***
Detection Error: This system may be vulnerable, please install the Intel(R) MEI/TXEI driver (available from your system manufacturer).

For more information refer to the SA-00086 Detection Tool Guide or the Intel security advisory Intel-SA-00086 at the following link:
https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00086&languageid=en-fr
However, this CPU doesn't appear to be included in the list on that link. It's an Intel(R) Core(TM)2 Duo CPU T5550 @ 1.83GHz.

There is a box where you can tell them if you found the information useful or not, so I gave them this ...
What information? All I see is banners, an EULA (why is this spaced out to cover an acre of screen real-estate and in a tiny font? Hard to read and a PITA to navigate), but no actual information on this issue when I finally got to the bottom of it ...
Hope I wasn't too harsh but these people need to be told.
Dell Inspiron 1525 - LM17.3 CE 64-------------------Acer D255E 2GB - Manjaro KDE, LM17.3 KDE 32
Toshiba NB305 - LM17.3 Xfce 32---------------------K7S5A AMD 1.2GHz - LM17.3 Xfce 32 & WinXP-Pro
Acer Aspire E11 ES1-111M - LM18.2 KDE 64 ----Dell PII 350 64MB - Puppy 4.3 & Win98-SE

User avatar
CaptainKirksChair
Level 4
Level 4
Posts: 268
Joined: Sat Feb 18, 2017 9:29 pm

Re: INTEL announces vulnerabilities in Firmware

Post by CaptainKirksChair » Sat Nov 25, 2017 7:35 pm

My system MAY be vulnerable, according to the tool from Intel. However, Dell says I am not vulnerable because the E6400s are not on their list.

User avatar
jimallyn
Level 18
Level 18
Posts: 8136
Joined: Thu Jun 05, 2014 7:34 pm
Location: Wenatchee, WA USA

Re: INTEL announces vulnerabilities in Firmware

Post by jimallyn » Sat Nov 25, 2017 8:41 pm

BG405 wrote:Hope I wasn't too harsh but these people need to be told.
You weren't.
Image

“If the government were coming for your TVs and cars, then you'd be upset. But, as it is, they're only coming for your sons.” - Daniel Berrigan

User avatar
BG405
Level 6
Level 6
Posts: 1187
Joined: Fri Mar 11, 2016 3:09 pm
Location: England

Re: INTEL announces vulnerabilities in Firmware

Post by BG405 » Sat Nov 25, 2017 10:07 pm

jimallyn wrote: You weren't.
Thanks for that, prior to submitting it did have several revisions though! The drafts weren't quite as subtle :mrgreen:
Dell Inspiron 1525 - LM17.3 CE 64-------------------Acer D255E 2GB - Manjaro KDE, LM17.3 KDE 32
Toshiba NB305 - LM17.3 Xfce 32---------------------K7S5A AMD 1.2GHz - LM17.3 Xfce 32 & WinXP-Pro
Acer Aspire E11 ES1-111M - LM18.2 KDE 64 ----Dell PII 350 64MB - Puppy 4.3 & Win98-SE

Post Reply

Return to “Hardware Support”