Parrot Community

Community portal of the Parrot Project.

You are not logged in.

Announcement

Welcome Aboard Pirate!

Support us on Patreon and contribute to our project!

HappyHacking!

#1 2017-09-01 14:01:28

robertjames
Community Member
From: Canada
Registered: 2017-08-11
Posts: 12

Intel’s Management Engine and AMD’s Secure Processor (AMD PSP)

Is anyone else here researching Intel’s Management Engine and AMD’s Secure Processor (formerly called AMD Platform Security Processor). I am highly curious about their purpose and capabilities. For those that are unaware I suggest these links as starting points:

https://chiefio.wordpress.com/2017/02/0 … rocessors/

https://starrynews.wordpress.com/2016/0 … -backdoor/

https://www.fsf.org/blogs/community/act … technology

https://www.techpowerup.com/235313/amd- … sed-source

I am concerned these devices operate below both end user and original equipment manufacturer control, and can not be physically disabled. All other security, privacy, malware protection and whole-disk/email encryption precautions would prove totally useless. This includes any “trusted” systems used solely for networking security, designed only to run firewall and intrusion detection software.

The only option available to people such as myself who are “interested” is either own obsolete equipment or settle for ARM based processors, used in Raspberry Pi & other small single-board computer clusters. Well that and/or create an Out-of-Band Network TAP, watching every single packet on a network; but that's a major pain in the rear:

https://www.securityforrealpeople.com/2 … k-tap.html

http://www.altsec.info/passive-network-tap.html

Indeed my concerns proved to be correct, when a vulnerability (CVE-2017-5689) was discovered in Intel’s Active Management Technology, the software controlling Intel's black box:

https://www.theregister.co.uk/2017/05/0 … erability/

It also should be noted that while cell phones use ARM processors, most smart phones also have a second separate processor, that negates the whole purpose. Though ARM processors in smart phones are not immune, I have always been a “dumbest burner phone” type of man; so I’ve got no worries on that front. As strange as it may sound, I am considering using only Raspberry Pi’s as my main computer systems thanks to the fact there are no Trusted Platform Modules, no unverifiable (but writable) hard disk firmware, and no UEFI. The days of stressing about Pentium III hard coded serial numbers is LONG gone!

On another note when it comes to ARM security, this is interesting from our friends in the "No Such Agency":

https://github.com/iadgov/Maplesyrup/bl … /README.md

And for a much more in depth review on processor security:

https://blog.invisiblethings.org/papers … armful.pdf


BREAKING FAKE NEWS: POTUS names Boris and Natasha as heads of Joint USA/RUSSIA CyberSec Alliance!

Offline

#2 2017-09-15 01:31:37

robertjames
Community Member
From: Canada
Registered: 2017-08-11
Posts: 12

Re: Intel’s Management Engine and AMD’s Secure Processor (AMD PSP)

Well, ask a simple question about ODIN’S EYE and you will be answered... maybe not DIRECTLY; but thanks!

https://beinglibertarian.com/disable-in … rtesy-nsa/

Does not help with my AMD device, though. Yet everyone using Intel systems should review the above link.


BREAKING FAKE NEWS: POTUS names Boris and Natasha as heads of Joint USA/RUSSIA CyberSec Alliance!

Offline

Board footer

Powered by FluxBB

Design by Klocek.