Read the Wikipedia page on Intel AMT, specifically the section on security, and download the paper by Vassilios Ververis which showed serious weaknesses in the GM45 chipset. This means that hundreds of thousands of PCs deployed with Intel vPro technology have a backdoor that can be used remotely even when the machines are switched off! Vassilios lists the following installed bases as examples:
- Atos Origin an international IT services company[16].The company’s annual revenues are more than 5e billion and it employs over 46,000 people in 40 countries.
- Nottingham University Hospitals (NHS) Trust is one of the largest hospitals in the UK with an annual budget of more than 555e million. The hospital has provisioned[36] and uses around 6,000 Intel vPro based desktop PCs embedded with the Intel AMT platform over two sites: Queen’s medical center and city hospital.
- University of Plymouth the fifth largest university in the United Kingdom, deployed around 4,800 PCs with Intel DQ965GF vPro and AMT enabled motherboards[29].
- Bangkok’s general hospital one of the largest hospitals in Thailand. They have migrated to the Intel AMT infrastructure with over 1500 PCs[77],
These are just samples. Vulnerable hardware will be everywhere, and being used by people with no knowledge of this whatever!
This is not script kiddy level stuff. But it isn’t only nation state accessible either. This guy was a PhD and found this exploit pretty much in his own. But he’s (in 2010) shown others how to do this. It seems to me that a single technically competent individual could exploit this, let alone a criminal organisation.
The implications are staggering but it doesn’t end there.
Just searching for the above guy’s name I found another more general paper that (skimming only) appears to present a large catalogue of terrifying vulnerabilities in the platform management enabled PCs: http://fish2.com/ipmi/old/itrain.html
This doesn’t just have implications for SAFENetwork, it appears to be a massive current risk to all levels of society, from nation state, to organisation and individuals.