There is also a folder dedicated to the Intel Management Engine, but its contents are also something that Intel integrators do not already know. They are test code and recommendations for when and how often to perform those automated tests when designing systems that include an Intel CPU with the Intel ME.
One of the newer bits of the dump included “Whitley / Cedar Island Platform Message of the Week,” dated May 5th. Cedar Island is the motherboard architecture underlying both Cooper Lake and Ice Lake Xeon CPUs. Some of those chips were released earlier this year, while some are still generally available. Whitley is the dual-socket architecture for both Cooper Lake (14 nm) and Ice Lake (10 nm) Xeons. Cedar Island is for Cooper Lake only
Some content provides a cryptic reference to voltage faults in some Ice Lake samples. It is not clear if the failures apply to actual hardware supplied to customers or if they occur on reference boards that Intel provided to OEMs for use in designing their own boards.
While Intel said it did not believe the documents were obtained through a network breach, a screenshot of the conversation that Kottmann had with the source provided an alternative explanation. The source said the documents were hosted on a non-secure server that hosts Akamai’s content delivery network. The source claimed to have identified the server with the nmap port scan tool and from there used a python script to guess default passwords.
Here is the conversation:
source: They have a server hosted online by Akami CDN that was not properly secured. After an internet-wide nmap scan, I found my target port open and went through a list of 370 possible servers based on details that nmap provided with an NSE script.
source: I used a python script I created to investigate various aspects of the server, including default username names and insecure file / folder access.
source: The folders just left open if you could guess someone’s name. Once you were in the folder you could go back to root and just click on the other folders whose name you did not know.
deletescape: holy shit that’s incredibly funny
source: Best of all, due to a different traffic configuration, I was able to masqurade as one of their employees as my own user.
deletescape: LOL
source: Another funny thing is that on the zip files you can find yourself password protected. Most of them use the password Intel123 as a small letter intel123
source: Security at its finest.
Kottmann said they did not know the source well, but, based on the apparent authenticity of the material, there is no reason to doubt the source’s ass about how it was obtained.
The Intel spokeswoman did not immediately respond to a request for comment.
Many viewers have expressed alarm that the source code has comments with the word back door. Kottmann told Ars that the word appeared twice in the source code associated with Intel’s Purely Refresh chipset for Xeon CPUs. To date, there are no known source code analyzes that have found any secret methods of authentication, encryption, or other security protection. Besides, the term back door in encoding can sometimes refer to debugging features or have other benign meanings.
People also used the passwords Intel123 and intel123. These are undoubtedly weak passwords, but it is unlikely that their purpose was to secure the contents of the archive files from unauthorized persons.
This story originally appeared on Ars Technica.
More great WIRED stories
.
