Mark Ermolov

Security Researcher, Positive Technologies

About speaker

Mark Ermolov is a system programmer that is interested in security aspects of hardware, firmware, and low-level system software (bare-metal hypervisors, OSes cores, device drivers). He has had talks at Russian security conferences PHDaysIV and ZeroNights and at 33c3 and HITB2017AMS. One of his previous researches was about internal structure of Microsoft PatсhGuard and ways to compromise it. Now, he is researching various hardware components of Intel platforms: PCH, IOSF, iGPU, and corresponding firmware.
November 16
15:00 — 16:00
Main Track
Security through obscurity – is a principle which has been under criticism for some years now, but this doesn’t stand in the way of large electronics producers demanding the signing of a Non-Disclosure Agreement, masqueraded as protection of intellectual property when issuing technical documentation. The situation is progressively exacerbating due to the rising complexity of circuit boards and the integration of various proprietary firmware on them. This practically makes independent research into these platforms impossible, which is potentially dangerous for regular users as well as producers of said equipment.

An example of such technology is Intel Management Engine (Intel ME) as well as its versions for server (Intel SPS) and mobile (Intel TXE) platforms. In our report we shall explain how, using undocumented commands, the SPI-flash memory could be rewritten and initiate the mother of bad scenarios – the exploitation of the ME (INTEL-SA-00086) vulnerability for Apple MacBook (CVE-2018-4251). The root of the problem turned out to be an undocumented operation of Intel ME - Manufacturing Mode.