Published in News

Intel’s management engine is security nightmare

by on15 May 2017


EFF warning


The Electronic Frontier Foundation is warning that Intel's largely-undocumented "Management Engine" is a security nightmare.

The first problem is the engine’s AMT module which is intended to allow system administrators to remotely control the machines used by an organisation and its employees.

A vulnerability we reported on earlier this month allows an attacker to bypass password authentication for this remote management module, meaning that in many situations remote attackers can acquire the same capabilities as an organisation’s IT team, if active management was enabled and provisioned.

Once they have AMT access, attackers can interact with the screen or console as if the user were doing so themselves. Attackers can also boot arbitrary OSes, install a new OS, and (with some work) steal disk encryption passwords.

Not every machine is susceptible to the attack. For it to work, AMT has to have been both enabled and provisioned (commonly AMT is enabled but not provisioned by default). Once provisioned, AMT has a password set, and is listening for network packets and will control the system in response to those.

It can be provisioned by default if vendors used a feature called “Remote Configuration” with OEM Setup, by a user with administrative access, interactively or with a USB stick during system boot, or (via the LMS vulnerability) by unprivileged users on Windows systems with LMS. Macs have MEs, but don’t ship with AMT at all. The password protection is crucial for machines with AMT provisioned, but this week’s vulnerability allowed it to be bypassed.

There is presently no way to disable or limit the Management Engine and the EFF said that Intel urgently needs a way to turn it off as some of its modules could be terrible for security.

Some of the other modules include hardware-based authentication code and a system for location tracking and remote wiping of laptops for anti-theft purposes. The EFF feels it should be up to hardware owners to decide if this code will be installed in their computers.

It particularly does not like the DRM module which is actively working against the user's interests, and should never be installed in a Management Engine by default.

While Intel may put a lot of effort into hunting for security bugs, vulnerabilities will inevitably exist, and having them lurking in a highly privileged, low-level component with no OS visibility or reliable logging is a nightmare for defensive cybersecurity.

The design choice of putting a secretive, unmodifiable management chip in every computer was terrible, and leaving their customers exposed to these risks without an opt-out is an act of extreme irresponsibility.

EFF believes that Intel needs to provide a minimum level of transparency and user control of the Management Engines inside computers, to prevent this cybersecurity disaster from recurring.

“Unless that happens, we are concerned that it may not be appropriate to use Intel CPUs in many kinds of critical infrastructure systems.”

Last modified on 15 May 2017
Rate this item
(0 votes)

Read more about: