1
0
mirror of https://github.com/PrivSec-dev/privsec.dev synced 2024-11-09 08:21:32 -05:00
Signed-off-by: Salim B <git@salim.space>
This commit is contained in:
Salim B 2024-04-15 00:50:31 +02:00 committed by GitHub
parent fe158e7e04
commit b93f2767b0
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194

View File

@ -121,7 +121,7 @@ Unfortunately, some components are poorly understood due to being obfuscated usi
Skochinsky's and Corna's analysis was sufficient to clarify (but not completely contradict) sensationalism claiming that ME can remotely lock any PC (it was a former opt-in feature), can spy on anything the user does (they clarified that access is limited to unblocked parts of the host memory and the integrated GPU, but doesn't include e.g. the framebuffer), etc. Skochinsky's and Corna's analysis was sufficient to clarify (but not completely contradict) sensationalism claiming that ME can remotely lock any PC (it was a former opt-in feature), can spy on anything the user does (they clarified that access is limited to unblocked parts of the host memory and the integrated GPU, but doesn't include e.g. the framebuffer), etc.
While claims such as "ME is a black box that can do anything" are misleading, ME not without its share of vulnerabilities. My favorite look at its issues is a presentation by [Mark Ermolov](https://www.blackhat.com/eu-17/speakers/Mark-Ermolov.html) and [Maxim Goryachy](https://www.blackhat.com/eu-17/speakers/Maxim-Goryachy.html) at Black Hat Europe 2017: [How to Hack a Turned-Off Computer, or Running Unsigned Code in Intel Management Engine](https://www.blackhat.com/docs/eu-17/materials/eu-17-Goryachy-How-To-Hack-A-Turned-Off-Computer-Or-Running-Unsigned-Code-In-Intel-Management-Engine-wp.pdf). While claims such as "ME is a black box that can do anything" are misleading, ME is not without its share of vulnerabilities. My favorite look at its issues is a presentation by [Mark Ermolov](https://www.blackhat.com/eu-17/speakers/Mark-Ermolov.html) and [Maxim Goryachy](https://www.blackhat.com/eu-17/speakers/Maxim-Goryachy.html) at Black Hat Europe 2017: [How to Hack a Turned-Off Computer, or Running Unsigned Code in Intel Management Engine](https://www.blackhat.com/docs/eu-17/materials/eu-17-Goryachy-How-To-Hack-A-Turned-Off-Computer-Or-Running-Unsigned-Code-In-Intel-Management-Engine-wp.pdf).
In short: ME being proprietary doesn't mean that we can't find out how (in)secure it is. Binary analysis when paired with runtime inspection can give us a good understanding of what trade-offs we make by using it. While ME has a history of serious vulnerabilities, they're nowhere near what [borderline conspiracy theories](https://web.archive.org/web/20210302072839/themerkle.com/what-is-the-intel-management-engine-backdoor/) claim.[^11] In short: ME being proprietary doesn't mean that we can't find out how (in)secure it is. Binary analysis when paired with runtime inspection can give us a good understanding of what trade-offs we make by using it. While ME has a history of serious vulnerabilities, they're nowhere near what [borderline conspiracy theories](https://web.archive.org/web/20210302072839/themerkle.com/what-is-the-intel-management-engine-backdoor/) claim.[^11]