[tor-relays] Exploiting firmware

Alex Haydock alex at alexhaydock.co.uk
Wed Dec 7 22:50:39 UTC 2016


On 07/12/16 21:45, diffusae wrote:
> Hmm, interesting subject ...
>
> On 07.12.2016 21:35, Gumby wrote:
>>   Subject seems to have changed a bit, so not hijacking it.
>> When thinking of any exploitation of firmware - should there be concerns
>> of Intel's Management Engine in the CPU of any relays
>>  running on "home hardware" in any common unused pc or laptop?
>> Should that be a concern on ANY newer Intel hardware?
>>
>> Gumby
> What do you think about Intel AMT, it's a part of the most modern PCs?
>
Intel ME/AMT concerns me too, especially how unavoidable it seems to be
on modern CPUs (AMD is no escape, as they have an equivalent in the form
of their "Platform Security Processor").

Though I this probably concerns me less than the fact that only the
fastest relays are going to be deployed on colocated and fully
owner-controlled hardware or under their own ASNs.

The rest are probably going to be VPS nodes or at least connected to
some out-of-band network management interface for quick deployment and
monitoring at the ISP-level. This can provide low-level access in a
similar way to ME/AMT. I've seen many providers allowing access to
management TTYs, or even raw disk management tools via HTTP web interfaces.

Abusing the ME/AMT would require some sort of co-operation on Intel's
part, or stolen signing keys, but imagine if you could get access to
some sort of administration panel for OVH/DigitalOcean etc. Co-opting a
large number of relays/exits through that process might be a lot easier,
so if I was going to worry about out-of-band management interfaces, I'd
probably worry about those first.



More information about the tor-relays mailing list