In this great speech on BlackHat Europe 2017, Mark Ermolov and Maxim Goryachy by Positive Technology talks about the Intel Management Engine subsystem and how the recently discovered vulnerabilities can be used in order to compromise a system.
Intel Management Engine (Intel ME) is a proprietary technology that consists of a microcontroller integrated into the Platform Controller Hub (PCH) chip, that has access to almost all data on the computer.
Therefore, the ability to execute third-party code on Intel ME would allow for a complete compromise of the platform.
In a subsystem change that will be detailed in the talk of Intel ME version 11+, a vulnerability was found. It allows an attacker of the machine to run unsigned code in PCH on any motherboard via Skylake+. The main system can remain functional, so the user may not even suspect that his or her computer now has malware resistant to reinstalling of the OS and updating BIOS. Running your own code on ME gives unlimited possibilities for researchers, because it allows exploring the system in dynamics.
Analysis of Intel ME 11 was previously impossible because the executable modules are compressed by Huffman codes with unknown tables.
However, the research team has succeeded in recovering these tables and created a utility for unpacking images and has performed an interesting analysis of the firmware.
The paper examines the discovered vulnerabilities related to Intel ME:
- Ring-3 rootkits: discovered in Intel ME in 2009. The attack involved injecting code into a special region of UMA memory into which ME unloads currently unused memory pages.
- Zero-Touch Provisioning: presented in 2010 by Vassilios Ververis. It allows to bypass AMT authorization.
- Silent Bob is Silent: discovered in May 2017, it allows an unauthorized user to obtain full access to the main system on motherboards supporting the vPro technology.
This vulnerability can be exploited virtually using all this attack vectors:
- Local communication interface (HECI): a separate PCI device serving as a circular buffer to exchange messages between the main system and Management Engine.
- Network (vPro only): The network module contains a great deal of legacy code but can only be found in business systems.
- Host memory (UMA): a special region of UMA memory is involved in Ring-3 attacks in which ME unloads currently unused memory pages.
- Firmware SPI layout: A specialized device would look like regular SPI flash to the PCH,but can send different data each time it is accessed, allowing bypassing signature verification and code injection into ME
- Internal file system: Intel ME uses SPI flash as primary file storage with its own file system, with a rather complicated structure. Many privileged processes store their configuration files in it. Therefore the file system seemed a very promising place for acting on ME.
The full paper is available here: