Beware Intel’s secret CPU inside

Status
Not open for further replies.

Kuttz

Level 13
Thread author
Verified
Top Poster
Well-known
May 9, 2015
630
It takes over your PC

New Intel x86 processors have a secret control mechanism that runs on a separate chip that no one is allowed to audit or examine and according a security expert it exposes all affected systems to nearly unkillable, undetectable rootkit attacks.

Damien Zammit wrote in boing boing that he had made it his mission to open up this system and make free, open replacements, before it's too late.

What has him cross is the Intel Management Engine (ME) which is subsystem which uses a 32-bit ARC microprocessor that's physically located inside the chipset. Its job is to provide a firmware blob to run a management system for big enterprise deployments.

It functions even when your main CPU is suspended. In some chipsets the ME implements a system called Intel's Active Management Technology (AMT). It is entirely transparent to the operating system, which means that this extra computer can do its job regardless of which operating system is installed and running on the main CPU.

It enables you to manage computers remotely and can accessing any memory region without the main x86 CPU knowing about it. It also runs a TCP/IP server on your network interface and packets entering and leaving your machine on certain ports bypass any firewall running on your system.

Zammit goes into reasons why this is a really bad idea if it can be exploited. He argues that it although the ME firmware is cryptographically protected with RSA 2048, researchers have been able to exploit weaknesses in the ME firmware and take partial control of the ME before.

He said that this makes ME a huge security loophole, and it has been called a very powerful rootkit mechanism. Once a system is compromised by a rootkit, attackers can gain administration access and undetectably attack the computer.

Intel appears to be in love with it and on systems newer than the Core2 series, the ME cannot be disabled. As a result Intel systems that are designed to have ME but lack ME firmware (or whose ME firmware is corrupted) will refuse to boot, or will shut-down shortly after booting.

For obvious reasons Intel keeps most details about ME secret and there is no way for the main CPU to tell if the ME on a system has been compromised, or anyway to "heal" a compromised ME.

“A large portion of ME's security model is "security through obscurity", a practice that many researchers view as the worst type of security. If ME's secrets are compromised (and they will eventually be compromised by either researchers or malicious entities), then the entire ME security model will crumble, exposing every recent Intel system to the worst rootkits imaginable,” he wrote.

Original article at: Beware Intel’s secret CPU inside
 
Last edited by a moderator:

DardiM

Level 26
Verified
Honorary Member
Top Poster
Malware Hunter
Well-known
May 14, 2016
1,597
I hope I will keep my old i7 980X (6 cores /12 threads) a long time :p
 
  • Like
Reactions: brambedkar59

SHvFl

Level 35
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Nov 19, 2014
2,350
And why exactly does only the 32 bit have it?
 
  • Like
Reactions: DardiM

jamescv7

Level 85
Verified
Honorary Member
Mar 15, 2011
13,070
The problem here is that manufacturers target to have good profits so with the highest security quality assurance is equal to higher price.

Usually it is all about the performance rather security nowadays to meet up by the majority users.
 

BoraMurdar

Super Moderator
Verified
Staff Member
Well-known
Aug 30, 2012
6,598
I still can't believe no other country can outmatch intel x86 and amd64. It's about time we had an open source microprocessor industry with a brand new secure instruction set.
Intel and AMD business industry worth many billions. Its would be impossible to have a successful open source hardware manufacturer nowadays
 

Andytay70

Level 15
Verified
Top Poster
Well-known
Jul 6, 2015
737
How many people use x86 processors? Most PC's are shipped with x64 bit Processors.
 
  • Like
Reactions: DardiM
Status
Not open for further replies.

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top