Intel ME Firmware Security Issue

Intel Management Engine (ME), a microcontroller that handles much of the communication between the processor and external devices, hit the headlines in May 2017 due to security concerns regarding the Active Management Technology (AMT) that runs on top of the engine. More probing revealed AMT had a simple authentication error: an attacker could login with an empty password field.

Positive Technologies researchers say the exploit “allows an attacker of the machine to run unsigned code in the Platform Controller Hub on any motherboard via Skylake+”.

The company’s researchers Mark Ermolov and Maxim Goryachy discovered is that when Intel switched Management Engine to a modified Minix operating system, it introduced a vulnerability in an unspecified subsystem.

Because ME runs independently of the operating system, a victim’s got no way to know they were compromised, and infection is “resistant” to an OS re-install and BIOS update, Ermolov and Goryachy say.

In response to issues identified, Intel has published its advisory here. https://www.intel.com/content/www/us/en/support/articles/000025619/software.html

 

Leave a Reply