Announcement

Collapse
No announcement yet.

Intel Releases Linux-Compatible Tool For Confirming ME Vulnerabilities

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • #41
    PSP could probably e.g. scan memory in hope to find right packet, then do what this packet prescribes. This does not req's net drivers at all and could even survive firewall or air gap. It do not even have to be net, opening PNG from flash stick would do, as long as it decodes to correct memory pattern recognized as backdoor data packet. There're infinite ways to put data in memory. Then the only thing matters if that nasty crap could scan system memory to find it or not.

    How do we know it isn't a case? This attack is theoretically possible. We can't check if its a case with all crap "security" blobs around. Nor we can readily disable it (or upload own code) to ensure it isn't a case. I do not know exact details e.g. if it could do DMA or if IOMMU would intervene, etc, but in your "DRM sponsored hardware" world I would assume worst of the worst by default, unless proven otherwise. Just to be on the safe side. I had enough of treacherous system level shit, sorry.
    Last edited by SystemCrasher; 11-25-2017, 04:00 AM.

    Comment


    • #42
      You're talking about how a hypothetical attack might be able to be triggered (assume you're talking about "backdoor data packet" as the trigger ?).

      I'm talking about how it gets data back to the hypothetical bad guys - maybe print a message on the console asking you to "mail the flash stick to the following address in Maryland" ?

      Comment


      • #43
        Originally posted by bridgman View Post
        I'm talking about how it gets data back to the hypothetical bad guys - maybe print a message on the console asking you to "mail the flash stick to the following address in Maryland" ?
        UEFI Network Stack?

        Comment


        • #44
          Originally posted by numacross View Post

          UEFI Network Stack?
          Disabled as default, at least on my motherboard.

          Comment


          • #45
            Originally posted by Brisse View Post
            Disabled as default, at least on my motherboard.
            The code is still there, just "disabled".

            Comment


            • #46
              I didn't think the UEFI network stack was available at runtime, just boot time (for PXE).

              Comment


              • #47
                Originally posted by bridgman View Post
                I didn't think the UEFI network stack was available at runtime, just boot time (for PXE).
                Even if, then let's just crash the kernel (or NMI, or ACPI or simulate Ctrl+Alt+Del with the USB-to-PS/2 SMM), force a reboot, get to UEFI-level and use the network stack. As long as the code exist to access the built-in NIC from UEFI it can be used.

                Comment


                • #48
                  Originally posted by bridgman View Post

                  You're thinking the PSP has driver code in it for all the NICs it is likely to encounter ? Still scratching my head.
                  It only needs a few drivers for the built-in NICs in majority of motherboards. You don't need to have 100% coverage. The rest is easy, just install a kernel-memory level rootkit/malware, you only need 5-10 versions for OS/version matches needed if you have full RAM access. Then the malware takes care of the networking,. It's more visible but if you REALLY need it you can do it that way.

                  Comment

                  Working...
                  X