cancel
Showing results for 
Search instead for 
Did you mean: 
Reply
Highlighted
Luc_T410
Serial Port
Posts: 30
Registered: ‎01-07-2015
Location: PL
Views: 3,207
Message 11 of 43

Re: Remote security exploit in all 2008+ Intel platforms

welcome,

from another computer in the same LAN you can also try to scan the IAMT_LOCAL_IP and see if port 623, 624, 16992-16995 are open or closed; just to be 100% sure that IAMT is not listening for incomming connection:

 

nmap -p16992,16993,16994,16995,623,664 IAMT_LOCAL_IP

and if you see open ports try:

curl -sS http://IAMT_LOCAL_IP:623 -i
curl -sS http://IAMT_LOCAL_IP:624 -i
curl -sS http://IAMT_LOCAL_IP:16992 -i 

 

Guru
Posts: 798
Registered: ‎07-21-2010
Location: US
Views: 3,161
Message 12 of 43

Re: Remote security exploit in all 2008+ Intel platforms

I have a W510 what needs to be done to fix this since Lenovo is only going back to W520?  Or nothing can be done?  What about disabling in AMT in Bios?


If a post answers your question, please mark it as an”Accepted Solution“!
If a post helps you, please click the star to give it a "Kudo"!


I do not work for, nor do I speak for Lenovo. I will not respond to private unsolicited private messages. Questions belong in the forum so it may help other forum members as well.
TP 25 Retro, X1 Yoga 3rd Gen, W510 850 EVO, A30p
Retired 385D, A20p, A21p

Luc_T410
Serial Port
Posts: 30
Registered: ‎01-07-2015
Location: PL
Views: 3,142
Message 13 of 43

Re: Remote security exploit in all 2008+ Intel platforms

T410, T510, W510... it is a long list of Lenovo products that will be vulnerable forever if Lenovo don't care and don't want to apply Intel fix for this problem.

 

Yes the sad part is that Intel already have a fix for this vulnerability ( AMT v6.2.61.3535 ) so Lenovo only have to copy-paste the fix and to release it as a BIOS upgrade.

 

https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00075&languageid=en-fr

Hentschke_Bau
Punch Card
Posts: 45
Registered: ‎02-03-2016
Location: Germany
Views: 3,134
Message 14 of 43

Re: Remote security exploit in all 2008+ Intel platforms

Guess I will delay my order of 60 T570 notebooks to see which vendor will take security most seriously...

Maybe Dell will do a better job here and will fix all vulnerable models?

Puppy
Bit Torrent
Posts: 1,813
Registered: ‎11-28-2007
Location: CZ
Views: 3,122
Message 15 of 43

Re: Remote security exploit in all 2008+ Intel platforms

As for remote access: Is safe to assume that disabling in BIOS turns it off for sure ? It displays deactivating state for a while after exit from BIOS and restarts. But some reports says it still remains active (even when disabled in BIOS !) anyway with default 'admin' password Smiley Frustrated

__________________________________
ThinkPad (1992 - 2012): R51, X31, X220, Tablet 8.
Do you care about privacy and security ? Leave Google behind
Community SeniorMod
Community SeniorMod
Posts: 1,903
Registered: ‎05-01-2010
Location: US
Views: 3,090
Message 16 of 43

Re: Remote security exploit in all 2008+ Intel platforms


@Hentschke_Bau wrote:

Guess I will delay my order of 60 T570 notebooks to see which vendor will take security most seriously...

Maybe Dell will do a better job here and will fix all vulnerable models?



Two days ago I contacted Dell and searched to find a list of their vulnerable systems so I can add it to the OEM list that I am working on at a security site. No reply. No advisory. There was no discussion topic at their forum, so I started one on May 2.  As of this moment my Dell forum topic still has no replies.

 

Lenovo should be commended for having their comprehensive advisory and list posted ASAP. SmileyThumbUp.gif












Deutsche Community Comunidad en Español English Community Русскоязычное Сообщество Communidade Portugues

If you find a post helpful and it answers your question, please click the "Accept As Solution" button.

I am not employed by Lenovo or Microsoft. I am a volunteer.

SpywareHammer





Puppy
Bit Torrent
Posts: 1,813
Registered: ‎11-28-2007
Location: CZ
Views: 3,051
Message 17 of 43

Re: Remote security exploit in all 2008+ Intel platforms

It is important to provide solution for non-corporate customers. Most of them have don't need/want the vPro features anyway. There must be a simple tool that reports whether the AMT is disabled (unprovisioned) on their machine without a need to install the complex (and vulnerable) Intel AMT software they don't need.

__________________________________
ThinkPad (1992 - 2012): R51, X31, X220, Tablet 8.
Do you care about privacy and security ? Leave Google behind
Luc_T410
Serial Port
Posts: 30
Registered: ‎01-07-2015
Location: PL
Views: 3,034
Message 18 of 43

Re: Remote security exploit in all 2008+ Intel platforms

The only viable solution for everybody is that hw manufacturer - in this case Lenovo - to release the fix for HW if Intel release one; keeping loyal customers to a brand ( ThinkPad ) is more important than the small cost for this sw fix.

 

Maybe at some point you will find that you need to use what Intel AMT offer ( and you already paid for that option ).

Anussia
Blue Screen Again
Posts: 25
Registered: ‎03-01-2017
Location: US
Views: 2,949
Message 19 of 43

Re: Remote security exploit in all 2008+ Intel platforms

According to https://support.lenovo.com/us/en/product_security/LEN-14963 my ThinkPad T560 with Intel iCore i6200U on-board is affected too.

However if to consult the product specification on Intel web side for this CPU the vPro is not populated here, so should be not affected. AMT seems to be vPro component.

Where this discrepancy from?

Intel check utility SCS Discovery completes with error of generic type something like an API was not available. This seems to be in line with Intels product specification but not with Lenovo claims in shown document.

Luc_T410
Serial Port
Posts: 30
Registered: ‎01-07-2015
Location: PL
Views: 2,941
Message 20 of 43

Re: Remote security exploit in all 2008+ Intel platforms

i5-6200U don't have vPro but ThinkPad T560 can have other processors that have vPro technology:

i7-6600U

i5-6300U

http://www3.lenovo.com/us/en/laptops/thinkpad/thinkpad-t-series/T560/p/22TP2TT5600

Top Kudoed Authors