-
×InformationNeed Windows 11 help?Check documents on compatibility, FAQs, upgrade information and available fixes.
Windows 11 Support Center.
-
×InformationNeed Windows 11 help?Check documents on compatibility, FAQs, upgrade information and available fixes.
Windows 11 Support Center.
- HP Community
- Notebooks
- Business Notebooks
- Was hacked via AMTactivate AMT Exploit?
Create an account on the HP Community to personalize your profile and ask a question
08-28-2019 10:11 AM
I've never needed the vPro features, I just like business laptops, they're solid, versatile and more reliable overall I think.
To make a long story short, I noticed unusual activity on my laptop (no need to go into details) which fits right in line
with a Management Engine AMT exploit. I never bothered configuring the MEbX password when I obtained by laptop via
the Ctrl-P keypress on boot (I'm not even sure if a non-provisioned laptop is even supposed to acknowledge the key combo) but the AMTactivate exploit doesn't *need* the laptop to be provisioned at all to be vulnerable:
The Zbook 15 G1/G2 is right on target for being exploitable. I know the CVE which directly relates to this issue was supposed to be patched with sp87481.exe or sp87881.exe (Cant bring up the release notes so I don't know exactly which one it is) but there's obviously an updated variant about.
Since I never use vPro or the Management Engine's advanced features, I would like to disable as many of its modules as possible, ESPECIALLY! the network stack module! I have been trying to use me_cleaner to effect this:
https://github.com/corna/me_cleaner/wiki
But unfortunately the fwupdate utility you supply will not flash a modified image of the Management Engine firmware for some reason.
HP NEEDS TO PROVIDE A TOOL THAT DOES WHAT ME_CLEANER DOES FOR ALL ITS MODELS, ESP IT'S BUSINESS CLASS LAPTOPS!
For those who still don't know, the ME is always on; if your laptop is connected to power either via battery or AC it is on and active and can be exploited, even if your laptop is powered off. You don't even need a wifi card, just close proximity to be hacked (It has its own network stack). Its completely transparent to your OS and other hardware so you won't know you're hacked. Everything that you could do with a full AMT provisioned laptop someone can do with your hardware.
I haven't come here to state what most of the technically proficient here already know, but to ask the HP tech supports here if there is a way to gut the Management Engine modules to disable this hardware backdoor or for the possibility of HP themselves providing a tool that does this. I know the ME is needed for some hardware funtions, but surely the network stack module isn't required.
Right now after weeks of looking for a solution my only option seems to be getting a SPI hardware flasher and manually
flashing my modified ME firmware myself, risking a bricked motherboard or downgrading to a Core I3 CPU (And I'm not even sure downgrading to an I3 fully mitigates all AMT vulnerabilities).
So tech, what can you help me do about this?
08-30-2019 12:36 PM
did you try disabling AMT in the BIOS? F10, Advanced\ Remote Management Options Menu\ Active Management Technology (AMT) - it is checked by default