Security News Intel ME's Undocumented Manufacturing Mode Suggests CPU Hacking Risks

Solarquest

Moderator
Thread author
Verified
Staff Member
Malware Hunter
Well-known
Jul 22, 2014
2,525
Positive Technologies (PT), a Russian security company that has discovered multiple bugs in Intel’s Management Engine (ME) over the last couple of years, this week revealed more details about Intel’s “Manufacturing Mode” for ME, saying it can expose users to remote hacking. This is the second undocumented mode in Intel ME that PT has found in recent years.

Intel ME Manufacturing Mode
According to PT, Intel’s Manufacturing Mode in its processors is intended for configuration and testing of chips during manufacturing. The mode is expected to be disabled before shipping the for the same reason software's debugging mode is disabled before shipping: you don’t want hackers to gain easy access to it.
However, PT said that if the Manufacturing Mode in Intel ME is not disabled in the final product, average customers are not able to disable it because they wouldn't know about it naturally (since it's undocumented) and because the tools that can do that are not officially available. Because of that, no current software, including Chipsec, which can normally tell you about processor configuration errors at the UEFI firmware level, can see whether or not the Manufacturing Mode is disabled.

What Does Manufacturing Mode Do?
Manufacturing Mode allows for the configuration of critical platform settings, such as those for BootGuard, a technology available with Intel’s chips that can verify the boot process. These settings are stored in one-time-programmable memory (FUSEs), and some of them are called Field Programmable Fuses (FPFs).
...
...
...
 

Lightning_Brian

Level 15
Verified
Top Poster
Content Creator
Sep 1, 2017
742
Fun stuff (not!)!! I foresee hopefully great patches in the future that will hopefully limit the profile of the potential ability of hackers remotely hacking our computers. My hope is that it doesn't take years for Intel to act on the given information if such information is verified by others within the security community.

Great post there @Solarquest ! My hope is that Intel gets the ball rolling here and starts putting out some good firmware releases to fix the various gaps in security.
 
F

ForgottenSeer 58943

Intel stuff is engineered from the ground up with fast and loose security, and worse, purposefully engineered security 'lapses'. IDF (U8200) bragged a few years ago they were '15+ years' ahead of everyone else in hacking and compromising systems. We only need to look to intel to see why that was the case.

download.jpg
 
  • Like
Reactions: Vasudev

RejZoR

Level 15
Verified
Top Poster
Well-known
Nov 26, 2016
699
Lol, Intel would be great at making Swiss cheese. Holes are important when making one and Intel is absolute winner at making holes. Anyone buying Intel CPU from this point on must be an idiot. Even if AMD's are slightly inferior with gaming. This is just pathetic.
 

Entreri

Level 7
Verified
May 25, 2015
342
I highly doubt it is just the Israeli's using this backdoor. Before too long the Chinese, if they are not already using it as well.

"NSA budget request for 2013 contained a Sigint Enabling Project with the goal to "Insert vulnerabilities into commercial encryption systems, IT systems, …" and it has been conjectured that Intel ME and AMD Secure Technology might be part of that programme"

Intel Management Engine - Wikipedia
 
5

509322

Just to let people know.. this sort of Intel stuff isn't going away. And it isn't something that is an Intel-only issue. It is a problem that extends beyond mere negligence - although that is all most people will see it as - a problem of negligence and wrong-doing.
 

Vasudev

Level 33
Verified
Nov 8, 2014
2,224
I doubt that hack would work correctly, because most BIOS are configured to brick itself even if someone tampers the ME so you need to replace/desolder BIOS chip and flash stock BIOS via a programer.
I think changing ME Manuf mode might brick it as well. Win-raid has some tools to check ME info and flash BIOS/ME stuffs.
The company will be using JTAG and other stuffs provided by Intel for PC testing/deployment.
I will be going AMD on my next PCs.
 
  • Like
Reactions: Sunshine-boy
5

509322

Threadripper? I'm going for TR2. I might still use current Intel laptops!

The issue is not necessarily AMD itself. The issue is Windows and 3rd-party softs not working as well\not well optimized for AMD as they do\are for Intel systems. Once again, all efforts are put into Intel because almost everyone has an Intel system.

I know I won't be shopping for another AMD system anytime soon. If a really good deal falls into my lap, I might take it... but given my numerous past bad experiences with AMD, I highly doubt it.
 

Vasudev

Level 33
Verified
Nov 8, 2014
2,224
The issue is not mecessarily AMD itself. The issue is Windows and 3rd-party softs not working as well\not well optimized for AMD as they do\are for Intel systems. Once again, all efforts are put into Intel because almost everyone has an Intel system.
Windows and Linux use generic optimization that works on AMD,Intel,ARM etc..
Yes you're correcct, app developers use Intel Compiler and other development tools. Heck, even BIOS say they're supported on latest Intel CPUs.
I feel AMD will catchup sooner because enterprise servers are slowing migrating to AMD just to mitigate performance loss after uCode updates.
 
  • Like
Reactions: Sunshine-boy
5

509322

Windows and Linux use generic optimization that works on AMD,Intel,ARM etc..
Yes you're correcct, app developers use Intel Compiler and other development tools. Heck, even BIOS say they're supported on latest Intel CPUs.
I feel AMD will catchup sooner because enterprise servers are slowing migrating to AMD just to mitigate performance loss after uCode updates.

AMD is never going to catch up to Intel because the OEMs have never been able to rely upon AMD to meet demand. It isn't as if OEMs haven't tried in the past to give AMD business... because they have... but AMD simply cannot meet OEM demand and schedules. So the hardware industry stays away. And it makes sense. If I am selling a product, I need to get my hands on the components I need to manufacture the product. Intel is that supplier that I can count on.

People are sheeples. They can be led around by the nose on price. OEMs know this so it would be in their best financial interests to manufacture as many AMD systems as possible - or at least that is how it appears on paper. If they could produce AMD systems with all the same capacity and capabilities as Intel systems, at hundreds of dollars less, then they would. However, the truth is... AMD systems have never worked as well as Intel ones. And that is the other side of the problem.

Despite claims of AMD being equivalent, I have always gotten better performance ... much better performance without all the problems of AMD systems. That is the reputation that AMD created for itself, all by itself.
 
  • Like
Reactions: Vasudev

Vasudev

Level 33
Verified
Nov 8, 2014
2,224
AMD is never going to catch up to Intel because the OEMs have never been able to rely upon AMD to meet demand. It isn't as if OEMs haven't tried in the past to give AMD business... because they have... but AMD simply cannot meet OEM demand and schedules. So the hardware industry stays away. And it makes sense. If I am selling a product, I need to get my hands on the components I need to manufacture the product. Intel is that supplier that I can count on.

People are sheeples. They can be led around by the nose on price. OEMs know this so it would be in their best financial interests to manufacture as many AMD systems as possible - or at least that is how it appears on paper. If they could produce AMD systems with all the same capacity and capabilities as Intel systems, at hundreds of dollars less, then they would. However, the truth is... AMD systems have never worked as well as Intel ones. And that is the other side of the problem.

Despite claims of AMD being equivalent, I have always gotten better performance ... much better performance without all the problems of AMD systems. That is the reputation that AMD created for itself, all by itself.
I hope AMD change that quickly! I really want AMD to catch up to Intel in meeting deadline and expectations. Then again, it applies mostly to laptops and custom desktops with RGB that sells like hotcakes than assembled PCs.
I haven't tried AMD chip at all! Its been 20 years with Intel. I really want AMD CPUs and GPUs just to tumble outrageous prices set by Blue and Green Teams.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top