Intel Management Engine is a Security Disaster


#1

Most people don’t realize that many PCs ship with essentially a second computer on their motherboard. In the case of Intel machines, it’s called the Intel Management Engine. It was put there to make lives easier on computer administrators who have to manage and maintain thousands of systems on a network.

The problem being that it’s literally its own subsystem, complete with its own processor and software that runs outside of the main processor and OS. So all that fancy anti-virus and security software you installed does zilch. Hell, you can power off your machine and they can still attack it through the Management Engine so long as it’s plugged in. And the Management Engine depends on software written by Intel, which, as we’ve seen in the past, hasn’t taken security or software seriously.

They’ve already had one or two big security holes exposed this year, which were hastily patched, but now they’re going back to apply more bandaids.

Of course, the issue is that the vast majority of users have no idea about this, that they need to patch it, or how to patch it. And, like Android phone manufacturers, each OEM will have to issue out their own firmware updates to patch their respective machines.
.


#2

Well wow, crap.


#3

Well, the upside is I’ve been debating about patching my IME for a while. Guess I don’t have to worry about it not being broke.


#4

Do AMD platforms also have such a subsystem?


#5

The management engine runs a version of MINIX. Andrew Tanenbaum was so excited when he found out.

AMD has this:

https://www.amd.com/en-us/innovations/software-technologies/security

Not sure how similar it is to Intel ME.


#6

MINIX!?! I’ve studied that OS when I was in University. Now I’m scared, because while Windows and Linux has gotten 30 years of scrutiny, MINIX is a niche OS that no one pays any attention to. That’s 30 years of holes for people to find and exploit.


#7

Intel was literally relying on security by obscurity on a system that is on every CPU they’ve shipped for the last three years.

Did they seriously think no one would notice or not care?


#8

#9

After all the patches it may end up being not so MINI.


#10