intel

117 Articles

What You Need To Know About The Intel Management Engine

December 11, 2017 by 95 Comments

Over the last decade, Intel has been including a tiny little microcontroller inside their CPUs. This microcontroller is connected to everything, and can shuttle data between your hard drive and your network adapter. It’s always on, even when the rest of your computer is off, and with the right software, you can wake it up over a network connection. Parts of this spy chip were included in the silicon at the behest of the NSA. In short, if you were designing a piece of hardware to spy on everyone using an Intel-branded computer, you would come up with something like the Intel Managment Engine.

Last week, researchers [Mark Ermolov] and [Maxim Goryachy] presented an exploit at BlackHat Europe allowing for arbitrary code execution on the Intel ME platform. This is only a local attack, one that requires physical access to a machine. The cat is out of the bag, though, and this is the exploit we’ve all been expecting. This is the exploit that forces Intel and OEMs to consider the security implications of the Intel Management Engine. What does this actually mean?

Continue reading “What You Need To Know About The Intel Management Engine”

Another Defeat Of The Intel Management Engine

December 7, 2017 by 53 Comments

If you have a computer with an Intel processor that’s newer than about 2007, odds are high that it also contains a mystery software package known as the Intel Management Engine (ME). The ME has complete access to the computer below the operating system and can access a network, the computer’s memory, and many other parts of the computer even when the computer is powered down. If you’re thinking that this seems like an incredible security vulnerability then you’re not alone, and a team at Black Hat Europe 2017 has demonstrated yet another flaw in this black box (PDF), allowing arbitrary code execution and bypassing many of the known ME protections.

[Mark Ermolov] and [Maxim Goryachy] are the two-man team that discovered this exploit, only the second of its kind in the 12 years that the ME has been deployed. Luckily, this exploit can’t be taken advantage of (yet) unless an attacker has physical access to the device. Intel’s firmware upgrades also do not solve the problem because the patches still allow for use of older versions of the ME. [Mark] and [Maxim] speculate in their presentation that this might be fixed on the next version of the ME, but also note that these security vulnerabilities would disappear if Intel would stop shipping processors with the ME.

We won’t hold our breath on Intel doing the right thing by eliminating the ME, though. It’s only a matter of time before someone discovers a zero-day (if they haven’t already, there’s no way to know) which could cripple pretty much every computer built within the last ten years. If you’re OK with using legacy hardware, though, it is possible to eliminate the management engine and have a computer that doesn’t have crippling security vulnerabilities built into it. This post was even written from one. Good luck doing anything more resource-intensive with it, though.

(Nearly) All Your Computers Run MINIX

November 11, 2017 by 68 Comments

Are you reading this on a machine running a GNU/Linux distribution? A Windows machine? Or perhaps an Apple OS? It doesn’t really matter, because your computer is probably running MINIX anyway.

There once was a time when microprocessors were relatively straightforward devices, capable of being understood more or less in their entirety by a single engineer without especially God-like skills. They had buses upon which hung peripherals, and for code to run on them, one of those peripherals had better supply it.

A modern high-end processor is a complex multicore marvel of technological achievement, so labyrinthine in fact that unlike those simple devices of old it may need to contain a dedicated extra core whose only job is to manage the rest of the onboard functions. Intel processors have had one for years, it’s called the Management Engine, or ME, and it has its own firmware baked into the chip. It is this firmware, that according to a discovery by [Ronald Minnich], contains a copy of the MINIX operating system.

If you are not the oldest of readers, it’s possible that you may not have heard of MINIX. Or if you have, it might be in connection with the gestation of [Linus Torvalds]’ first Linux kernel. It’s a UNIX-like operating system created in the 1980s as a teaching aid, and for a time it held a significant attraction as the closest you could get to real UNIX on some of the affordable 16-bit desktop and home computers. Amiga owners paid for copies of it on floppy disks, it was even something of an object of desire. It’s still in active development, but it’s fair to say its attraction lies in its simplicity rather than its sophistication.

It’s thus a worry to find it on the Intel ME, because in that position it lies at the most privileged level of access to your computer’s hardware. Your desktop operating system, by contrast, sees the hardware through several layers of abstraction in the name of security, so a simple OS with full networking and full hardware access represents a significant opportunity to anyone with an eye to compromising it. Placing tinfoil hats firmly on your heads as the unmistakable thwop of black helicopters eases into the soundscape you might claim that this is exactly what they want anyway. We would hope that if they wanted to compromise our PCs with a backdoor they’d do it in such a way as to make it a little less easy for The Other Lot. We suspect it’s far more likely that this is a case of the firmware being considered to be an out-of-sight piece of the hardware that nobody would concern themselves with, rather than a potential attack vector that everyone should. It would be nice to think that we’ll see some abrupt updates, but we suspect that won’t happen.

Intel I7 processor underside: smial [FAL].

How The Integrated Circuit Came To Be

November 7, 2017 by 43 Comments

As the saying goes, hindsight is 20/20. It may surprise you that the microchip that we all know and love today was far from an obvious idea. Some of the paths that were being explored back then to cram more components into a smaller area seem odd now. But who hasn’t experienced hindsight of that sort, even on our own bench tops.

Let’s start the story of the microchip like any good engineering challenge should be started, by diving into the problem that existed at the time with the skyrocketing complexity of computing machines.

Continue reading “How The Integrated Circuit Came To Be”

A Wii U That Is Both Computer And Console.

August 2, 2017 by 16 Comments

Legendary sudomod forum user [banjokazooie] has once again demonstrated their prowess in Wii U console modification — this time by transforming it into a powerhouse portable computer!

We loved [banjokazooie]’s RetroPie Wii U mod, and happy to see them back again with this build.  What’s in this thing this time around? Buckle up ’cause it’s a ride: an Intel M5 processor core M on their Compute Stick, 4GBs RAM, a 64GB solid-state drive, a 2K LCD touchscreen, Bluetooth, WiFi, a 128GB SD card slot, two 3.7V 4000 mAh batteries, a Pololu 5V,6A step-down voltage regulator, a Teensy 2.0++ dev board, a battery protection PCB, a USB DAC sound card, stereo amp, a USB hub for everything to plug into, and a TP5100 battery charging board. Check it out!

Continue reading “A Wii U That Is Both Computer And Console.”

Find Instructions Hidden In Your CPU

July 30, 2017 by 79 Comments

There was a time when owning a computer meant you probably knew most or all of the instructions it could execute. Your modern PC, though, has a lot of instructions, many of them meant for specialized operating system, encryption, or digital signal processing features.

There are known undocumented instructions in a lot of x86-class CPUs, too. What’s more, these days your x86 CPU might really be a virtual machine running on a different processor, or your CPU could have a defect or a bug. Maybe you want to run sandsifter–a program that searches for erroneous or undocumented instructions. Who knows what is lurking in your CPU?

Continue reading “Find Instructions Hidden In Your CPU”

The End Of Arduino 101: Intel Leaves Maker Market

July 25, 2017 by 81 Comments

This looks like the end of the road for Intel’s brief foray into the “maker market”. Reader [Chris] sent us in a tip that eventually leads to the discontinuation notice (PCN115582-00, PDF) for the Arduino 101 board. According to Intel forum post, Intel is looking for an alternative manufacturer. We’re not holding our breath.

We previously reported that Intel was discontinuing its Joule, Galileo, and Edison lines, leaving only the Arduino 101 with its Curie chip still standing. At the time, we speculated that the first wave of discontinuations were due to the chips being too fast, too power-hungry, and too expensive for hobbyists. Now that Intel is pulling the plug on the more manageable Arduino 101, the fat lady has sung: they’re giving up on hardware hackers entirely after just a two-year effort.

According to the notice, you’ve got until September 17 to stock up on Arduino 101s. Intel is freezing its Curie community, but will keep it online until 2020, and they’re not cancelling their GitHub account. Arduino software support, being free and open, will continue as long as someone’s willing to port to the platform.

Who will mourn the Arduino 101? Documentation was sub-par, but a tiny bit better than their other hacker efforts, and it wasn’t overpriced. We’re a little misty-eyed, but we’re not crying.  You?

[via Golem.de]