Sunday June 19, 2016

Intel X86s Hide Another CPU That Can Take Over Your Machine

This guy is on a mission to create an alternative for Intel’s Management Engine, which is claimed by some to be a huge security loophole and powerful rootkit mechanism. Being that it works independently, a compromised ME would be bad news because the rest of the system wouldn’t even know if it was even infected.

On systems newer than the Core2 series, the ME cannot be disabled. Intel systems that are designed to have ME but lack ME firmware (or whose ME firmware is corrupted) will refuse to boot, or will shut-down shortly after booting. There is no way for the x86 firmware or operating system to disable ME permanently. Intel keeps most details about ME absolutely secret. There is absolutely no way for the main CPU to tell if the ME on a system has been compromised, and no way to "heal" a compromised ME. There is also no way to know if malicious entities have been able to compromise ME and infect systems.

Comments