Wednesday, October 5th 2016
Major Intel NUC Security Vulnerability Uncovered
A major security vulnerability got uncovered, affecting Intel NUC (next-unit of computing) compact system boards featuring 5th and 6th generation Core processors. It involves a BIOS-level security hole, with which an attacker with local administrative privileges can make their malware access the "system management mode," a special BIOS-level user-state, and take full control of the platform.
Intel has since released corrective BIOS updates for its 6th generation "Swift Canyon," 6th generation "Grass Canyon" and "Pinnacle Canyon" boards; and 5th generation "Rock Canyon" boards. Even the performance-oriented "Skull Canyon" NUC, which features Intel's powerful onboard graphics core, isn't spared from this vulnerability. The latest BIOS update can be installed on affected platforms using the Intel Driver Update Utility.
Intel has since released corrective BIOS updates for its 6th generation "Swift Canyon," 6th generation "Grass Canyon" and "Pinnacle Canyon" boards; and 5th generation "Rock Canyon" boards. Even the performance-oriented "Skull Canyon" NUC, which features Intel's powerful onboard graphics core, isn't spared from this vulnerability. The latest BIOS update can be installed on affected platforms using the Intel Driver Update Utility.
17 Comments on Major Intel NUC Security Vulnerability Uncovered
"This is a vulnerability for your home where someone with the keys and security system codes can wreck your stuff..."
labs.mwrinfosecurity.com/blog/masquerading-as-a-windows-system-binary-using-digital-signatures/
tell me one piece of software from intel, thats actually any good ?
there is no such thing as secure system once is connected to internet in my opinion
Theoretically, with access to the firmware, one could install firmware residing malware that a reinstall would not fix.
It's more like an attacker with keys to your home can claim legal ownership of your home...
World is sickening and the amount of backdoors a PC, router or any device has these days.
www.blackhat.com/docs/us-15/materials/us-15-Domas-The-Memory-Sinkhole-Unleashing-An-x86-Design-Flaw-Allowing-Universal-Privilege-Escalation.pdf
more like they can squat in your home until you have the police remove them. Which isn't hard. Nor is rolling back a bios to remove the threat and then loading a new one that isn't vulnerable to it.
at any rate Nuc's are desktop level. Ie no one would bother with this exploit. If they have local admin access they have everything they want already and this exploit is useless to them.
At a server level then sure a bios level back door would be most useful, especially in bigger organizations.
1 the hacker uses an exploit to gain full local admin privileges
2 instead of taking what they wanted that exists at this level, they want to compromise this system further by using the bios exploit in the OP
3 to prevent the bios exploit from being removed they then turn to firmware which they load onto something that runs first.
4 they take the spoils from step 1 and wait for IT
5 IT/hired tech/advanced user finds local admin exploit removes and reboots
6 local admin exploit re-appears due to bios exploit
7 IT/hired tech/advanced user searches google on another device, finds article and attempts to load new bios
8 new bios load fails or reverts exploit due to firmware
9 IT/hired tech/advanced user searches google on another device, finds another article and removes firmware while the unit is offline and then uploads new exploit proof bios then loads up OS and removes local admin exploit.
So that's a pita for the hacker who only really wanted the info from step 1, a big pita for the user and techs to remove the thing, and a massive obvious trail of "change all your account info stat!" that the hacker seriously didn't want to happen because that completely undoes all his hard work...
or he could use local admin exploit, gain info, and then wipe his exploit and the trail of it ever happening. That way all the account info remains unchanged and he can now use it himself or sell it. This of course can be fully automated ad would be happening simultaneously to thousands of people on the net who will be using many different devices rather than just these specific models Intel NUCs...
you starting to get the picture? The local admin exploit wasn't platform specific, yet somehow they're supposed to go several extra steps in on one model of pre-builts? One that isn't exactly the no 1 seller.