Tuesday, 05 December 2017 07:25

Dell and others move to disable Intel's Management Engine

Written by

Reading time is around minutes.

It seems that PC makers are not happy with the Intel’s Management Engine (IME) and the flaws that keep being found in it. The original flaw allowed attackers a clean way to compromise a system including uploading malware and exfiltrating data. This could be done in a way that bypassed most security systems and even allowed for tampering with the UEFI BIOS if the attacker was sophisticated enough. To their credit, Intel did warn people and manufacturers about this and patched it fairly quickly. The problem is, now that the cat is out of the bag about one flaw; there are sure to be more.

Because of the pervasive control that the IME has over a system and the sad fact that it typically cannot be disabled by an end user, some companies are moving to disable this control system. Dell, System76, and a few others have decided to either offer the option to have the IME disabled or to just turn it off altogether. The latter would seem to be the smarter choice given how much control someone would have if they could compromise the IME.

Much like the UEFI BIOS, the IME runs in its own space, with its own memory, processes, threads, bus and storage. It is a great place to hide and since it runs at the CPU level it cannot be monitored, or protected by anything running at the OS level. It is a great place to hid from anti-malware that might be on a system. Both of these components (the UEFI BIOS and IME) can independently control the hardware in the system without alerting the OS running in the layers above them, but are capable of interacting with any OS executing there. This is not exactly what you want to hear about important subsystems on your PC.

We fully expect to see other vendors make this move in the near future and we might even see other security tools that at least detect when the IME or UEFI BIOS are trying to interact with the OS or trying to inject processed into normal userland or kernel memory space… of course there is still the processing and memory space for the GPU that everyone seems to overlook, but that is for another article.

For now, if you own an Intel based system, we urge you to make sure that you are up-to-date with the latest patches for it so that you are as protected as currently possible.

Read 7882 times

Leave a comment

Make sure you enter all the required information, indicated by an asterisk (*). HTML code is not allowed.