Reply to post: Re: Who is behind all this bashing against Intel ME , uh?

Intel Management Engine pwned by buffer overflow

tim292stro

Re: Who is behind all this bashing against Intel ME , uh?

> [...] Why no one is checking coding flaws in AMD, IBM Power, Oracle SPARC, ARM ? They all have the same as Intel Management Engine chipsets running full embedded OS that don't have the specifications disclosed either.

Well, 80/20 rule: first 20% effort gives 80% results, last 80% only gives final 20% results. If you want to get into as many distributed platforms are possible with as much RAM, CPU power, and storage resources attached to the services you want to compromise - do you attack AMD, POWER, SPARC, or ARM? No, you go after Intel x86. Being a big target means taking the most shots. Ask, Windows vs Linux who is attacked more?

If you attack the OS and they have good security practices in place, but you find there is a low level OS that is not protected that can circumvent the protections the User's OS has in place - would you continue attacking the hardened User OS or the insecure OS below the security features? This attack makes perfect sense to me...

> [...] Also all this easy hacking of Intel ME how? The full hardware and software specifications are not public so other than government spies and competitors spies there is no way to steal that data to hack the system either.

Don't underestimate the power of common debugging tools in the hands of interested/committed engineers... ;-) JTAG, I2C, SPI, and USB are not alien technologies to most engineers, and even hobbiests are getting in the game now that ARM and FPGAs are getting into the masses hands. All of those interfaces have fairly standard communication methods for data to go over them, which any person familiar with can peal apart. You give the complications of modern technology too much credit for being an obscurity wall IMHO.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon