The Intel Management Engine has been discovered to be vulnerable to various attacks, including those performed via the JTAG over USB.
This week, Intel released a tool that will enable you to verify if your computer is vulnerable to exploitation. If the tool indicates your computer is vulnerable, you will need to update updates / firmware patches from your computer manufacturer’s website. Note: Most computers will report vulnerabilities since this disclosure and the tool to test for the vulnerability was only made available this week. This vulnerability impacts the last 9 years worth of Intel chips produced. Better dust off your Commodore 64 or TRS 80 guys if you want to be protected from back doors built into the Intel micro processor.
The tool can be downloaded from https://downloadcenter.intel.com/download/27150
If your system is vulnerable to these types of attacks, the tool will report a screen similar to the following:
Details on the vulnerability from Intel’s website can be obtained at https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00086&languageid=en-fr
Interestingly enough, running Windows update on an impacted computer will not mitigate this vulnerability (as of today anyway). You must visit your manufacturer’s website to obtain the firmware update.
Visit your computer maker’s website. For the computer I tested, I had to visit HP’s website at https://support.hp.com. After running the dos command “msinfo32”, I obtained the System SKU and entered it on the driver search page by model and discovered a recent firmware update that appears to address the Intel ME issue.
I encourage everyone to run the tool on their system and communicate their findings to their IT department and management team!
One thing I noticed was that despite there being new firmware and BIOS updates for the HP machine I used to generate this blog post, the HP Update Software utility failed to report that there was new software updates available.
This could mean that the HP software update utility is not working on my test computer, or that HP is delaying applying the updates until a certain amount of time has lapsed.
Regardless, I recommend visiting your device manufacturer’s website and testing the deployment of any available firmware or BIOS updates as soon as possible. The vulnerabilities related to JART over USB basically mean that anyone with physical access to a powered on computing device having an exposed and unpatched USB port can have the Intel processor completely taken over to run unsigned code and easvesdrop on the computer user undetected.
I am glad to see that the many vulnerabilities out there are starting to get patched!