We have known about Intel’s Management Engine [ME], a small microprocessor that runs independently of the main CPU and operating system since Matthew Garrett, the well-known Linux and security developer who works for Google blew the whistle on the tech.
Various pieces of software run on the ME, ranging from code to handle media DRM to an implementation of a TPM. AMT [Active Management Technology] is another piece of software running on the ME.
Now at a presentation at the Embedded Linux Conference Europe, Ronald Minnich, a Google software enginee,r reported that systems using Intel chips that have AMT, are running MINIX.
Apparently these processors are running a closed source variation of the open source MINIX 3. It is running on three separate x86 cores on modern chips.
It's running: TCP/IP networking stacks (4 and 6), file systems, drivers (disk, net, USB, mouse), web servers. MINIX also has access to your passwords. It can also re-image your computer's firmware even if it's powered off.
It “can implement self-modifying code that can persist across power cycles". So, if an exploit happens here, even if you unplug your server in one last desperate attempt to save it, the attack will still be there waiting for you when you plug it back in.
MINIX does this because it runs at a fundamentally lower level.
Minnich said: "there are big giant holes that people can drive exploits through. If you're not scared yet, maybe I didn't explain it very well, because I sure am scared."