AMT security links
|Deletions are marked like this.||Additions are marked like this.|
|Line 106:||Line 106:|
|https://yro.slashdot.org/story/18/01/12/201200/researcher-finds-another-security-flaw-in-intel-management-firmware||* Talk: *Intel AMT: Using & Abusing the Ghost in the Machine* by Parth Shukla - email@example.com:|
|Line 108:||Line 108:|
|https://arstechnica.com/information-technology/2018/01/researcher-finds-another-security-flaw-in-intel-management-firmware/|| - Video: https://www.youtube.com/watch?v=aiMNbjzYMXo
- Slides: https://goo.gl/HJASb8
|Line 110:||Line 111:|
|https://press.f-secure.com/2018/01/12/intel-amt-security-issue-lets-attackers-bypass-login-credentials-in-corporate-laptops/||* F-Secure security alert:|
|Line 112:||Line 113:|
|https://business.f-secure.com/intel-amt-security-issue (see FAQ at the end)
| - https://press.f-secure.com/2018/01/12/intel-amt-security-issue-lets-attackers-bypass-login-credentials-in-corporate-laptops/
- https://business.f-secure.com/intel-amt-security-issue (see **FAQ** at the end)
- Full advisory: https://sintonen.fi/advisories/intel-active-management-technology-mebx-bypass.txt
|Line 115:||Line 117:|
Slides: https://goo.gl/HJASb8 redirects to
|* Slashdot story: https://yro.slashdot.org/story/18/01/12/201200/researcher-finds-another-security-flaw-in-intel-management-firmware
* Arstechnica story: https://arstechnica.com/information-technology/2018/01/researcher-finds-another-security-flaw-in-intel-management-firmware/
Intel Active Management Technology (AMT)
Intel® Active Management Technology (Intel® AMT) is a feature of Intel® Core™ processors with Intel® vPro™ technology1,2 and workstation platforms based on select Intel® Xeon® processors. Intel® AMT uses integrated platform capabilities and popular third-party management and security applications, to allow IT or managed service providers to better discover, repair, and help protect their networked computing assets. Intel® AMT also saves time with remote maintenance and wireless manageability for your mobile workforce, and secure drive wiping to simplify PC lifecycle transitions.
See also Wikipedia articles on:
- Active Platform Management Demystified: Unleaching the power of Intel™ vPro Technology written by Arvind Kumar, Purushottam Goel, and Ylian Saint-Hilaire in 2009.
A partial list of AMT security holes includes:
- CVE-2017-5712 (see INTEL-SA-00086)
- CVE-2017-5689 (see INTEL-SA-00075)
- CVE-2017-5705 and similar CVE-2017-5706 CVE-2017-5707 CVE-2017-5708 CVE-2017-5709 CVE-2017-5710 CVE-2017-5711
Software tools for AMT security:
- Intel-SA-00086-software for vendor firmware updates and tools
- Intel-SA-00086 Detection Tool for Linux and Windows
- INTEL-SA-00075-Linux-Detection-And-Mitigation-Tools: https://github.com/intel/INTEL-SA-00075-Linux-Detection-And-Mitigation-Tools
- AMT status checker for Linux: https://github.com/mjg59/mei-amt-check
- AMT Forensics: Retrieve Intel AMT's Audit Log from a Linux machine without knowing the admin user's password: https://github.com/google/amt-forensics
Intel ME configuration is included in the BIOS by the Intel ® Management Engine BIOS Extension (Intel MEBX). The Intel MEBX provides the ability to change and/or collect the system hardware configuration, passes it to the management firmware and provides the Intel ME configuration user interface.
This option is usually not displayed on the PC boot screen.
When creating an MEBX admin password, it is important to note that the BIOS will interpret keystrokes assuming a US keyboard layout.
The documented default password for user admin is also admin. If AMT is enabled, this password must be changed.
Since non-alphanumeric characters are required in MEBX passwords, it is important to take note the actual characters typed into the BIOS, since they may be different when you login to the AMT from a web-browser or other tool! In BIOS setup, a US keyboard layout is assumed.