Published in PC Hardware

Beware Intel’s secret CPU inside

by on16 June 2016
Beware Intel’s secret CPU inside


It takes over your PC

New Intel x86 processors have a secret control mechanism that runs on a separate chip that no one is allowed to audit or examine and according a security expert it exposes all affected systems to nearly unkillable, undetectable rootkit attacks.

Damien Zammit wrote in boing boing that he had made it his mission to open up this system and make free, open replacements, before it's too late.

What has him cross is the Intel Management Engine (ME) which is subsystem which uses a 32-bit ARC microprocessor that's physically located inside the chipset. Its job is to provide a firmware blob to run a management system for big enterprise deployments.

It functions even when your main CPU is suspended. In some chipsets the ME implements a system called Intel's Active Management Technology (AMT). It is entirely transparent to the operating system, which means that this extra computer can do its job regardless of which operating system is installed and running on the main CPU.

It enables you to manage computers remotely and can accessing any memory region without the main x86 CPU knowing about it. It also runs a TCP/IP server on your network interface and packets entering and leaving your machine on certain ports bypass any firewall running on your system.

Zammit goes into reasons why this is a really bad idea if it can be exploited. He argues that it although the ME firmware is cryptographically protected with RSA 2048, researchers have been able to exploit weaknesses in the ME firmware and take partial control of the ME before.

He said that this makes ME a huge security loophole, and it has been called a very powerful rootkit mechanism. Once a system is compromised by a rootkit, attackers can gain administration access and undetectably attack the computer.

Intel appears to be in love with it and on systems newer than the Core2 series, the ME cannot be disabled. As a result Intel systems that are designed to have ME but lack ME firmware (or whose ME firmware is corrupted) will refuse to boot, or will shut-down shortly after booting.

For obvious reasons Intel keeps most details about ME secret and there is no way for the main CPU to tell if the ME on a system has been compromised, or anyway to "heal" a compromised ME.

“A large portion of ME's security model is "security through obscurity", a practice that many researchers view as the worst type of security. If ME's secrets are compromised (and they will eventually be compromised by either researchers or malicious entities), then the entire ME security model will crumble, exposing every recent Intel system to the worst rootkits imaginable,” he wrote.

Last modified on 16 June 2016
Rate this item
(31 votes)
Tagged under
More in this category: « ASML buys HMI Why Apple deal is not so important to Qualcomm »
back to top

Latest comments

Read more about: