Login Papers Register

Need an account to vote? Register to attend at gsec.hitb.org/sg2017/

<< previous next >>

MythBusters: CVE-2017-5689 - How We Broke Intel AMT

Dmitriy Evdokimov

This paper has been accepted.

Every modern computer system based on Intel architecture has Intel Management Engine (ME) - a built-in subsystem with a wide array of powerful capabilities (such as full access to operating memory, out-of-band access to a network interface, running independently of CPU even when it is in a shutdown state, etc.). On the one hand, these capabilities allow Intel to implement many features and technologies based on Intel ME. On the other hand, it makes Intel ME a tempting target for an attacker. Especially, if an attack can be conducted remotely.

Here, Intel Active Management Technology (AMT) fits perfectly – it is based on Intel ME and means for a remote administration of computer system. In this talk we will discuss the methods of remote pwning of almost every Intel based system, manufactured since 2010 or later.

About Dmitriy Evdokimov

As Embedi’s CTO, he leverages more than 10 years of practical experience in information security. Dmitry has authored several research papers, participated at key world cybersecurity conferences. The quality of his expertise and recognition of the largest world leading vendors describe Dmitry’s professionalism best.

About Alexander Ermolov

Researcher, reverse engineer, and information security expert. A staff member of Embedi. My passion includes low-level design, analysis of system software, BIOS, and other firmware. I love to research undocumented technologies.

About Maksim Malyutin

Programmer who has occasionally ended up dealing with information security. Key interests include- UEFI, SMM, and other depths of Intel architecture. Maxim firmly believes that he will one day make the computer revere itself instead of him with just a couple of Python scripts.