Intel Computers Remain Vulnerable to IME Exploits Since 2017
I have long followed Rob Braxman of @RobBraxmanTech on Odysee. I find he is able to explain complex security issues so that I can understand them - or at least think I do. In his latest video he explains that the Intel IME system can be used to turn systems on, install or reinstall operating systems, and undertake every action possible to computers with Intel chipsets. While this capability was claimed to be to enable companies to manage their IT systems remotely, exploits that have been publicly available since 2017 continue to enable malicious actors to perform these operations on all computers with Intel chipsets, including brand new computers. This vulnerability has not been patched.
IMG source - Odysee.com/@RobBraxmanTech
I urge folks to understand this threat, and consider how to secure their cryptocurrency and financial assets from attack. Further, even if, like me, you don't access your accounts online at all, and therefore are not vulnerable to financial attacks via this vector, there are a great many means of profiting from identity theft that don't involve taking money from you directly. Therefore you should still implement security from this exploit as you are able.
Braxman states that Intel has disabled IME in 9th generation chips for consumer machines, and we are currently several generations beyond that today, so theoretically new Intel machines are immune to the IME exploit. However, an exploit remain in place on all Intel chipsets that load during boot 'even if the BIOS is locked down with a password.' He provides a link to a tool that Intel has provided that enables you to ascertain if your system is vulnerable to this exploit. While Intel is not offering a patch for this exploit at this time, knowing you are vulnerable enables you to take other actions, such as changing passwords, account numbers, and etc., that may have been previously compromised, and thereafter to keep such information secure from exploit.
Risk exists. Successful investing requires we manage risk, and that requires we do due diligence in ascertaining risks. I encourage you to do your due diligence. Rob points out that even if you find you are vulnerable there are things you can do to mitigate the threat. NAT (network address translation) that is ubiquitous on routers should prevent malicious actors from reaching your computer using IPV4, but IPV6 remains vulnerable, and he recommends disabling IPV6. By doing this you limit your vulnerability your local network. However, Wifi, Bluetooth, and such mechanisms yet can enable local attacks, so further attention is necessary to secure your system. Something else he recommends is not using public Wifi access, because this can enable bad actors to use the exploit to elevate their privileges on your system.
Finally, AMD systems are not vulnerable to these exploits, which are exclusive to Intel chipsets, but do remain vulnerable to the Meltdown and Spectre exploits. No matter what chipset your device runs, there are vulnerabilities that exist, and your ability to secure yourself from exploits depends on your exercise of due diligence to understand those vulnerabilities and take necessary actions to prevent bad actors from using them against you.
I hope you take necessary action to secure your system, your money, and yourself from bad people that want to do you harm.
just hold your cryptos on airgrapped hardware wallets/ devices
BTC PSBT (partially signed bitcoin transaction) are beautiful
so you do not even need to trust ledger or any company
I recommend a simple 5$ Raspberry Pi ZERO (WITHOUT Wifi & Bluetooth)
you can easily build a SeedSigner (lovely devices but wasnt able to upgrade yet) so you dont even need an external mouse/ keyboard/ screen
have fun and stay safe :)
Well, that is a good way to hold secure crypto, and a seedsigner could well be a solution to transacting (I dunno. I don't have one or know more about them than you've told me). However, that doesn't mitigate the security issues that we face from Intel IME, Meltdown, and Spectre, all of which are unpatched presently, to my knowledge. Even if our crypto or other monies aren't at risk because we've wisely put them in hardware wallets, our identity can be used to make money in a variety of ways, and anyone that can use our computer and keys for accounts we post from can spoof as us and obligate us financially.
For example, people often use online services to file their taxes. Imagine if someone filed a fraudulent return and sent it to the IRS from your computer, while collecting the refund on your behalf at some other address. The first thing you'd know about it would be the IRS audit. Unless you could prove your computer had been hacked, and maybe not even then, you'd have no ability to prove to the IRS you hadn't sent in that fraudulent return.
Botnets are also a terrible burden on society, and the net, and we should not enable our computers or IoT devices to be used to DDoS folks.
Thanks!
yea, man in the middle attacks..
also works in our juristical/ law system
heard about the Mortgages on foreign houses/ lawn ?
I have the idea that lending is a somewhat universal process, but I get that idea without ever having borrowed or lent money across borders. What are you referring to?
Congratulations @valued-customer! You have completed the following achievement on the Hive blockchain And have been rewarded with New badge(s)
Your next payout target is 7000 HP.
The unit is Hive Power equivalent because post and comment rewards can be split into HP and HBD
You can view your badges on your board and compare yourself to others in the Ranking
If you no longer want to receive notifications, reply to this comment with the word
STOPTo support your work, I also upvoted your post!
Check out our last posts:
Support the HiveBuzz project. Vote for our proposal!
Dear @valued-customer !
Thank you for article!