Differences between revisions 8 and 23 (spanning 15 versions)
Revision 8 as of 2018-01-17 11:26:04
Size: 4297
Comment:
Revision 23 as of 2018-01-26 14:00:06
Size: 6304
Comment: EFF story
Deletions are marked like this. Additions are marked like this.
Line 10: Line 10:
Intel® Active Management Technology (Intel® AMT_) is a feature of Intel® Core™ processors with Intel® vPro technology1,2 and workstation platforms based on select Intel® Xeon® processors. Intel® *Active Management Technology* (Intel® AMT_) is a feature of Intel® Core™ processors with Intel® vPro_ technology and workstation platforms based on select Intel® Xeon® processors.
Line 18: Line 18:
* ME_ (*Intel Management Engine*) * Intel ME_ (*Intel Management Engine*)
Line 23: Line 24:

Documentation
-------------

* The book `Active Platform Management Demystified: Unleaching the power of Intel™ vPro Technology <http://www.meshcommander.com/active-management>`_ written by Arvind Kumar, Purushottam Goel, and Ylian Saint-Hilaire in 2009.

AMT management tools
====================

* MeshCommander_ is an entirely web based tool for remote management of your Intel® AMT computers.

.. _MeshCommander: http://www.meshcommander.com/
Line 30: Line 43:
A partial list of AMT_ security holes: A partial list of AMT_ security holes includes:
Line 32: Line 45:
* CVE-2017-5712_ (see INTEL-SA-00086_)
Line 33: Line 47:
* CVE-2017-5705_ (and 5706-5711) * CVE-2017-5705_ and similar CVE-2017-5706_ CVE-2017-5707_ CVE-2017-5708_ CVE-2017-5709_ CVE-2017-5710_ CVE-2017-5711_
Line 35: Line 49:
Software tools for AMT_ security:

* Intel-SA-00086-software_ for vendor firmware updates and tools
* `Intel-SA-00086 Detection Tool <https://downloadcenter.intel.com/download/27150?v=t>`_ for Linux and Windows
* INTEL-SA-00075-Linux-Detection-And-Mitigation-Tools: https://github.com/intel/INTEL-SA-00075-Linux-Detection-And-Mitigation-Tools
* AMT status checker for Linux: https://github.com/mjg59/mei-amt-check
* AMT Forensics: Retrieve Intel AMT's Audit Log from a Linux machine without knowing the admin user's password: https://github.com/google/amt-forensics


.. _CVE-2017-5712: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5712
.. _INTEL-SA-00086: https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00086&languageid=en-fr
.. _Intel-SA-00086-software: https://www.intel.com/content/www/us/en/support/articles/000025619/software.html
Line 36: Line 62:
.. _INTEL-SA-00075: https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00075&languageid=en-fr
Line 37: Line 64:
.. _INTEL-SA-00075: https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00075&languageid=en-fr .. _CVE-2017-5706: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2017-5706
.. _CVE-2017-5707: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2017-5707
.. _CVE-2017-5708: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2017-5708
.. _CVE-2017-5709: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2017-5709
.. _CVE-2017-5710: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2017-5710
.. _CVE-2017-5711: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2017-5711
Line 42: Line 74:
Intel ME_ configuration is included in the BIOS by the Intel ® Management Engine BIOS Extension (Intel MEBX_). Intel ME_ configuration is included in the BIOS by the Intel® *Management Engine BIOS Extension* (MEBX_).
Line 56: Line 88:
When entering the MEBX_ login screen, the factory default password is **admin**.
You will then be asked to set a new MEBX_ password.
Line 68: Line 103:
AMT security
============
AMT security links
==================
Line 71: Line 106:
https://yro.slashdot.org/story/18/01/12/201200/researcher-finds-another-security-flaw-in-intel-management-firmware * Talk: *Intel AMT: Using & Abusing the Ghost in the Machine* by Parth Shukla - timevortex@google.com:
Line 73: Line 108:
https://arstechnica.com/information-technology/2018/01/researcher-finds-another-security-flaw-in-intel-management-firmware/   - Video: https://www.youtube.com/watch?v=aiMNbjzYMXo
  - Slides: https://goo.gl/HJASb8
Line 75: Line 111:
https://press.f-secure.com/2018/01/12/intel-amt-security-issue-lets-attackers-bypass-login-credentials-in-corporate-laptops/ * F-Secure security alert:
Line 77: Line 113:
https://business.f-secure.com/intel-amt-security-issue (see FAQ at the end)
https://sintonen.fi/advisories/intel-active-management-technology-mebx-bypass.txt
  - https://press.f-secure.com/2018/01/12/intel-amt-security-issue-lets-attackers-bypass-login-credentials-in-corporate-laptops/
  - https://b
usiness.f-secure.com/intel-amt-security-issue (see **FAQ** at the end)
  - Full advisory: https://sintonen.fi/advisories/intel-active-management-technology-mebx-bypass.txt
Line 80: Line 117:
AMT default login: Boot and press control-P. Login as admin/admin * EFF story: https://www.eff.org/deeplinks/2017/05/intels-management-engine-security-hazard-and-users-need-way-disable-it
Line 82: Line 119:
https://www.youtube.com/watch?v=aiMNbjzYMXo
Slides: https://goo.gl/HJASb8 redirects to
https://drive.google.com/file/d/0BxMgdZPXsSLBYTBpWXZoRFJXZk0/view
* Wired story: https://www.wired.com/story/intel-management-engine-vulnerabilities-pcs-servers-iot/
Line 86: Line 121:
intel/INTEL-SA-00075-Linux-Detection-And-Mitigation-Tools:
https://github.com/intel/INTEL-SA-00075-Linux-Detection-And-Mitigation-Tools
* Slashdot story: https://yro.slashdot.org/story/18/01/12/201200/researcher-finds-another-security-flaw-in-intel-management-firmware
Line 89: Line 123:
AMT Forensics: Retrieve Intel AMT's Audit Log from a Linux machine without knowing the admin user's password.
https://github.com/google/amt-forensics

http://www.meshcommander.com/

AMT status checker for Linux: https://github.com/mjg59/mei-amt-check
* Arstechnica story: https://arstechnica.com/information-technology/2018/01/researcher-finds-another-security-flaw-in-intel-management-firmware/

Intel Active Management Technology (AMT)

About AMT

Intel® Active Management Technology (Intel® AMT) is a feature of Intel® Core™ processors with Intel® vPro technology and workstation platforms based on select Intel® Xeon® processors. Intel® AMT uses integrated platform capabilities and popular third-party management and security applications, to allow IT or managed service providers to better discover, repair, and help protect their networked computing assets. Intel® AMT also saves time with remote maintenance and wireless manageability for your mobile workforce, and secure drive wiping to simplify PC lifecycle transitions.

See also Wikipedia articles on:

Documentation

AMT management tools

  • MeshCommander is an entirely web based tool for remote management of your Intel® AMT computers.

AMT firmware updates

A number of security holes in AMT firmware have been reported. If you have activated AMT, it is mandatory to install the latest AMT firmware updates from your PC vendor.

A partial list of AMT security holes includes:

Software tools for AMT security:

Management Engine BIOS Extension (MEBX)

Intel ME configuration is included in the BIOS by the Intel® Management Engine BIOS Extension (MEBX). The Intel MEBX provides the ability to change and/or collect the system hardware configuration, passes it to the management firmware and provides the Intel ME configuration user interface.

Accessing MEBX

If the PC has AMT hardware, you can enter the MEBX setup just after the POST start-up by pressing:

Control-P

This option is usually not displayed on the PC boot screen.

When entering the MEBX login screen, the factory default password is admin. You will then be asked to set a new MEBX password.

MEBX password

When creating an MEBX admin password, it is important to note that the BIOS will interpret keystrokes assuming a US keyboard layout.

The documented default password for user admin is also admin. If AMT is enabled, this password must be changed.

Since non-alphanumeric characters are required in MEBX passwords, it is important to take note the actual characters typed into the BIOS, since they may be different when you login to the AMT from a web-browser or other tool! In BIOS setup, a US keyboard layout is assumed.

IT-wiki: Intel_AMT (last edited 2018-01-26 14:00:06 by OleHolmNielsen)