The possibility that 'Manufacturing mode' at the manufacturing stage of Intel chip caused MacBook vulnerability


By Snippy HolloW

At the stage of manufacturing the semiconductor chip, test is carried out by putting the chip in "test mode" in order to check whether it operates normally. It has been pointed out that this test function called " Manufacturing Mode (Manufacturing Mode)" caused vulnerability of commercially available computers.

Positive Technologies - learn and secure: Intel ME Manufacturing Mode: obscured dangers and their relationship to Apple MacBook vulnerability CVE-2018-4251
http://blog.ptsecurity.com/2018/10/intel-me-manufacturing-mode-macbook.html

Among the chipsets manufactured by Intel, " Intel Management Engine (Intel ME)", an embedded microcomputer running a lightweight microkernel operating system that provides various functions and services, is built in I have sometimes. Intel ME, which is responsible for functions such as low power consumption and anti-theft function, has a manufacturing mode for the purpose of configuring and testing the end platform at the manufacturing stage, which is invalid before sale or shipment to users You need to.

However, it is said that this mode is not described in the document published by Intel. And since related utilities such as Intel ME System Tools are not officially available, ordinary users can not disable this mode. As a result, even if manufacturing mode is enabled for some reason, there is no way to inform the user to return it to normal state.


By Serigne diagne

At the manufacturing stage, various settings are written to one-time programmable memory (FUSE) etc. built in the chip, checking the operation, etc. However, the contents written at this time can not be restored properly to the original The chipset may be vulnerable due to the cause. One example is the vulnerability "CVE-2018-4251" registered in the vulnerability information database. This is confirmed to occur on Apple computers running macOS version 10.13.5 or earlier, and it is possible for an attacker to modify the EFI flash memory area which constitutes an application with access authority to the root It was a problem of making it possible.

CVE - CVE - 2018 - 4 251
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4251

According to Positive Technologies which investigated this problem, there is a problem with the manufacturing mode in Intel ME, even big makers such as Apple can not avoid the influence of misconfiguration caused by the Intel platform . Furthermore, it does not appear that information on weaknesses that could cause data to be stolen or "unwanted" in which the terminal becomes unusable is not disclosed to the end user.

Positive Technologies also points out that there is a possibility of additional security problems because the state of the BIOS and UEFI and ME will not be synchronized by resetting the ME without resetting the main CPU.

in Software,   Hardware,   Security, Posted by darkhorse_log