The Russians reveal the hidden mode and factory error in the new Intel processors

  • Thread starter Deleted member 55181
  • Start date

Deleted member 55181


Positive Technologies is a Russian security company that has already discovered several bugs in the Intel Management Engine (ME) over the past years. This week, the Russians revealed more information about the Manufacturing Mode in the ME, which is present in some Intel processors and can be used remotely by hackers. This is the second hidden and officially undocumented mode in Intel ME, which was discovered by a Russian company. According to Positive Technologies, the Manufacturing Mode in Intel processors is designed to configure and test chips during production. However, this mode should be blocked before shipment of systems, for the same reason that the debugging mode is turned off before leaving the factory - no one wants hackers to have easy access to it. Positive Technologies claims, however, that this factory mode in Intel ME has not been blocked in the final products, and the average user is not able to block it, even from the very fact that no one knows about it (which is obvious, since it is not in the documentation) and because there are no official tools that would help in this process. For this reason, no software, including even advanced applications showing errors in the configuration of the processor from UEFI level, are unable to determine whether the factory mode has been turned off or is still active.

Intel counts another major slip. A (?) Factory error may allow remote control of the computer.

Manufacturing Mode allows you to configure critical areas of the platform, such as BootGuard - Intel technology, which verifies the boot process. These options are stored in only writeable memory (FUSE), and some of them are called Field Programmable Fuses (FPF). FPF is used to collect platform parameters. Saving information in FPF requires that Intel ME be in Manufacturing Mode. It is a two-stage process during which the FPF is first saved to the temporary memory and then permanently recorded when the factory mode is closed. However, if Manufacturing Mode is not closed, it means that the process has not been completed, which allows the hackers to overwrite the FPF and take control of the platform in this way. In this hackers way can set their own values in BootGuard and other security options. Intel's platform will automatically load the code uploaded by the hackers, regardless of the actions the user will take to protect his computer against Malware. What's more, if hackers finish the FPF process, this code will never be deleted again. Positive Technologies' employees believe that all newer Intel processors have a factory-enabled mode, including Apollo Lake, Gemini Lake and Cannon Lake, putting the user at risk, because attackers can not only control the boot process, but also steal OEM keys that are used for signing different software in a given machine. The Russians emphasize that Intel ME was previously located in a separate SPI flash memory, which had independent access rights to the CPU and ME, which meant that it was not possible to read and save ME from the CPU side. Intel, however, has changed this in recent platforms by presenting a mechanism for parent access that controls a special SPI region and can give the CPU access to ME regions to which there would normally be no permissions. Intel wanted to simplify the process of updating the ME, at the same time making it easier to take control over the CPUs hackers. The Russians also discovered that Intel processors delivered to Apple laptops are vulnerable to this threat, but after reporting to the manufacturer, the threat was eliminated along with macOS High Sierra 10.13.5. Allegedly, Lenovo Yoga and ThinkPad laptops have this mode turned off by default. The Russians from Positive Technologies were also the first to announce the discovery of another undocumented mode of High Assurance Platform (HAP), which was developed by the NSA for Intel. Intel ME is often criticized by activists involved in privacy. Technology is accused of being a potential backdoor and a danger for users.



Reaction score: 16
Messages: 40

Thank you for the translation! This is fascinating. Makes me wonder if its a major slip by intel or our friends at the Naughty Spy Agency getting a little too bold with their backdoors...


Aspiring Daemon

Reaction score: 308
Messages: 732

That's the reason I've been getting away from the "big two" processor sources for my personal computing. For corporate data centers, you're forced to take your chances, since IT processor hardware is available from few producers. Alternatively on the personal front: are the Broadcom's, Samsung's, Qualcom's, etc, etc, etc, any better in this regard? There are only a few processor chip makers even in the mobile realm, and they're each big enough such that interested parties might want them to be made into "players." Built-in "kinks" don't stay secret for long, and are eventually abused. I don't know whether or not any particular processor, SoC, or board maker is a "player" - but it seems the only "safer, but not really safe" route is to choose a little known outfit that's not yet on anybody's radar screen. At that point you have to deal with low support levels and the new hardware bugs associated with new stuff.

What about chips of Chinese origin? How much attention is paid by "interested parties" to small SoC makers in that realm, or others in the burgeoning arena of fabless SoC manufacture? There's no way around this issue of uncertainty, other than to go completely off the grid. High integration SoC architectures potentially amplify the problem, with the arrival of built-in RF comm peripherals.

Let's face it: we don't trust anybody anymore.

We all know about this issue, and dance around it, just hoping that there really is a tooth fairy. But, I think we may be naive. The new trend of e-commerce to keep credit card details on the client, with no persistent storage on the web server, is a *really* good idea in light of these trends ...

Of course, photonics makes it all moot.