cageymaru
Fully [H]
- Joined
- Apr 10, 2003
- Messages
- 21,964
Apple has shipped laptops with the Intel ME or "manufacturing mode" enabled. Intel practices "security through obscurity" where corporations such as Apple have to sign a NDA before using certain software packages in an attempt to protect intellectual property. Normal users would never know about or be able to test their equipment to find out if Intel ME was left enabled from the factory. Security researchers have discovered a way to exploit Intel ME in such a way that allows attackers to change ME settings and disable security controls; which would lead to new attacks against the chip. Luckily they also have a solution for consumers to use to disable Intel ME.
So one logical question is, how can users close Manufacturing Mode themselves if the manufacturer has failed to do so? To disable Manufacturing Mode, FPT has a special option (-CLOSEMNF) that in addition to its main purpose also allows setting the recommended access rights for SPI flash regions in the descriptor.
Our research shows that Intel ME has a Manufacturing Mode problem, and that even giant manufacturers such as Apple are not immune to configuration mistakes on Intel platforms. Worse still, there is no public information on the topic, leaving end users in the dark about weaknesses that could result in data theft, persistent irremovable rootkits, and even "bricking" of hardware. We also suspect that the ability to reset ME without resetting the main CPU may lead to yet additional security issues, due to the states of the BIOS/UEFI and ME falling out of sync.
So one logical question is, how can users close Manufacturing Mode themselves if the manufacturer has failed to do so? To disable Manufacturing Mode, FPT has a special option (-CLOSEMNF) that in addition to its main purpose also allows setting the recommended access rights for SPI flash regions in the descriptor.
Our research shows that Intel ME has a Manufacturing Mode problem, and that even giant manufacturers such as Apple are not immune to configuration mistakes on Intel platforms. Worse still, there is no public information on the topic, leaving end users in the dark about weaknesses that could result in data theft, persistent irremovable rootkits, and even "bricking" of hardware. We also suspect that the ability to reset ME without resetting the main CPU may lead to yet additional security issues, due to the states of the BIOS/UEFI and ME falling out of sync.