Intel ME, the disturbing CPU that controls our processors without our knowledge

For years Intel incorporates technologies that theoretically help system administrators and businesses to control the hardware they manage, but one of these subsystems is especially disturbing. This is Intel Management Engine (ME), a disturbing CPU that resides in each of the processors that the manufacturer has developed in recent times.

Why is disturbing? Well, for the simple reason that just details about the chip that has known almost unlimited powers to control the processor and cannot be audited: your firmware is protected and now many experts warn suspicions that a chip like this could generate. For example, would lead to attacks completely undetectable rootkits.

A too powerful and unknown chip

In BoingBoing recently spoke of Intel ME and detailing how this technology is sold as a management system for enterprise deployments of computer equipment. These chips have a subsystem completely independent of the operating system that we install on our team, and which among other things provides a way to manage these devices remotely so.

To do this Intel gives remarkable powers to his ME: it is able to access any region of memory without CPU SoC Intel is aware of the existence of these accesses, and even run a TCP / IP server on our network interface and entrain and manages the output data packets through ports security measures such as firewalls skip our system.

This gives many advantages to system administrators, but also a huge potential risk for possible cyberattacks that would take advantage of this subsystem to gain full control of the computer without the user nor the machine- own found out anything. It is what some security experts qualify as a “security ring -3”, which goes beyond rootkits level 0 (KernelMode), level -1 (hypervisor) or level 2 (SMM System Management Mode).

You may also like to read another article on NetDigEdu: Intel wants your next helmets are connected via a USB-C

As explained a few months ago in Hackaday, “I could be like a supervitamin rootkit into the wrong hands.” Intel ME firmware is protected with an RSA 2048 encryption, making it virtually inviolable for both security experts to crackers and cybercriminals, but that does not mean that you will not be able to violate the security ever.

Own experts that warn of potential hazards advocate another solution: to create an alternative firmware Open Source that is auditable and is open to scrutiny by other experts to precisely strengthen its security and to ensure that the use of the chip and its powerful functions do nothing “evil”. Meanwhile better wait for the first one it finds vulnerability in the Intel ME is not one of the bad guys. That could be fatal.

Leave a Reply

Your email address will not be published. Required fields are marked *