Intel's Management Engine Security Vulnerability.

Author: Shazin Sadakath


 

Ever since early 2000s, Intel has been including a tiny little microcontroller inside their CPUs. This microcontroller is connected to everything, and can transfer data between your hard drive and your network adapter. It’s always on, even when the rest of your computer is shutdown, and by using the right software, anyone can wake it up over a network connection. This spy chips were included in the silicon at the behest of the NSA. In short, this can be exploited to spy on anyone using an Intel CPU and it is called Intel Management Engine

This year, researchers Mark Ermolov and Maxim Goryachy presented an exploit at BlackHat Europe allowing for arbitrary code execution on the Intel ME platform. But this attack requires physical access to the machine and is a local attack. But this is an opening for an array of attack vectors given enough time and resources. This exploit forces more security on Intel chips and specially in their Management Engine.

What is Intel Management Engine and What can it do?

Intel's Management Engine is partly a collection of tools, software and hardware conveniently hidden inside latest of the Intel CPUs. These chips and software ever since their inception in early 2000s as TPMs (Trusted Platform Modules). These chips are formed into a root of 'trust' on a Computer. If a TPM can be trusted, the entire computer can be trusted. Incrementally came AMT (Active Management Technology), a collection of embedded processors for Ethernet which were introduced to allow easy provisioning of laptops in a corporate environment. Later more hardware added to the CPU which later became the IME (Intel Management Engine) a system that is connected to every device in a computer. IME is connected to the network interface and its connected storage. The scary part is Intel ME is always on even when the computer is off. So in theory, Even if someone type on a keyboard of a computer that is shutdown, the Intel ME can send those key presses to practically anywhere.

Mitigation

Intel has released a set of tools for Specific Hardware manufacturers to check whether a paticular model is affected by this vulnerability. It is highly adviced that everyone use this tool to check for their product and make sure they are not vulnerable.

Conclusion

In this digital era it is always required to keep an eye on both software and hardware security vulnerabilities as almost everything we do nowadays involves a software and hardware.

 



Tags: Intel IME Security Vulnerability
Views: 1841
Register for more exciting articles

Comments

Please login or register to post a comment.


There are currently no comments.