Intel AMT/ME Meet Intel's hardware backdoor "csk"
[email protected] V00d00 0xfdd Dec 10th-12th, 2013 "csk"
[email protected] (V00d00 0xfdd) Intel AMT/ME Dec 10th-12th, 2013 1 / 38 UH? booting a brand new laptop "csk"
[email protected] (V00d00 0xfdd) Intel AMT/ME Dec 10th-12th, 2013 2 / 38 One day I pressed Ctrl+p "csk"
[email protected] (V00d00 0xfdd) Intel AMT/ME Dec 10th-12th, 2013 3 / 38 WTF? disklamer Part of vpro blah, sorry I am not working for Intel It's a work in progress, simply driven by curiosity I stole most of this stuff WTF - Intel Active Management Technology http://en.wikipedia.org/wiki/Intel Active Management Technology Intel's native remote support feature, part of Management Engine Introduced by Intel in 2005 as key vpro feature, disabled by default? Implemented as another chipset on vpro enabled mother boards Pretty much independent of the installed OS Able to work even when the machine's OS is in S3 state Ownz your NIC "csk"
[email protected] (V00d00 0xfdd) Intel AMT/ME Dec 10th-12th, 2013 4 / 38 Features at a glance Features Out of band remote access to remotely diagnose, control and repair Three configuration mode, manual, one touch and zero touch Two provision modes, each enabling different level of security Support IDE-Redirection and Serial-Over-Lan capabilities Use cases Software/Hardware discovery and invertory Remote diagnosis and repair, helpdesk work Hardware based isolation and recovery Agent Presence Checking (read AV) Network Access Controls "csk"
[email protected] (V00d00 0xfdd) Intel AMT/ME Dec 10th-12th,