News

Researchers disable Intel Management Engine via undocumented feature

By admin
Spread the love

Researchers at the security firm Positive Technologies have found a way to disable the Intel Management feature on the chipmaker’s CPUs. They discovered an undocumented feature created as part of an NSA program.

The research focuses on the Intel Management Engine 11, which is applied to processors from the Skylake generation. This separate processor works separately from the CPU itself and is therefore accessible when the CPU itself is turned off. According to Intel, it can be used for remote management. The processor provides functions such as rebooting a system and can access virtually all data on a system, according to the researchers. If a malicious person gains access to the engine, it therefore represents a high risk. Critics of the function have therefore usually referred to it as a backdoor.

Disabling the feature is not possible, although several projects have tried to make this happen. The researchers mention, among other things, the ‘me_cleaner’ project, which largely disables the function. But this method also has shortcomings, for example, it is possible that the system restarts after 30 minutes. This year it also appeared that a vulnerability was present for a long time in a part of the Management Engine, the Active Management Technology. This allowed attackers to gain access to systems.

The researchers write that analysis of the engine has been impossible until now, because the executable modules were compressed with Huffman encoding without knowing the tables used. The researchers do not say how they came up with the necessary tables, but have published a tool on GitHub with which the images can be extracted. This allowed them to conduct further analysis.

They go on to say that they found a large amount of xml files in various tools that Intel normally provides to hardware makers to set some parameters of the engine. These contain a field called ‘reserve_hap’, which also referred to the so-called High Assurance Platform. This is an NSA-affiliated platform that focuses on information security. Enabling this feature finally managed to disable the Management Engine early in the boot process. The researchers have so far found no code showing that the engine itself can ‘escape’ from this mode.

Intel responded to questions from the researchers: “In response to requests from customers with special requirements, we sometimes investigate changes to or disable certain features. In this case, the changes were made at the request of hardware makers to support customers with the High Assurance Platform. These changes have undergone limited validation and are not an officially supported configuration.”

The researchers write that they assume that this is a ‘typical requirement’ of governments to prevent side channel leaks.

You might also like
News

EU Council determines position on security requirements for digital products

News

Zeeland power grid is full, grid operator stops new requests from major consumers

News

Samsung develops first GDDR7 chips, mentions bandwidths of up to 32Gbit/s per pin

News

ASUS will produce and support NUC mini PCs after Intel exit

News

Meta introduces open source language model Llama 2, works on PCs and phones

News

Logitech acquires stream controller maker Loupedeck