Skip to main content

Intel Acknowledges ME Flaws, Announces Fixes

Over the last few months, security researchers from Purism, Positive Technologies, and even Google have found ways how to disable the secretive Management Engine (ME) firmware on Intel processors. This seems to have prompted Intel to do a review of its firmware and plug most of the holes that allowed the researchers to take over the ME.

Researchers Disable ME

This year, security researchers from Purism, the maker of privacy-focused Linux-based laptops, and Positive Technologies started looking for ways to disable Intel’s ME firmware. Many privacy activists, including Purism's security researchers, worried that ME could be used as a backdoor.

The closed source proprietary model of the firmware also denies most people—except the NSA—the ability to see what it does on a computer, which means it might come with security flaws that could be exploited by sophisticated attackers.

Both of these worries prompted Google to work on disabling ME for its servers so it can be more sure that it couldn’t be exploited by attackers.

The latest major revelation around ME vulnerabilities was a recent announcement from a Positive Technologies researcher that they have achieved full takeover of ME (and therefore of the computer in question) via USB. The researcher didn’t reveal more at the time, but he’s about to present the hack at the next Chaos Computer Club conference (34C3) at the end of December.

Intel Announces Fix For The Flaw

Intel announced that it has completed a security review of its ME firmware as well as the Intel Server Platform Services (SPS) and Intel Trusted Execution Engine (TXE) with the goal of enhancing firmware resilience. The review was prompted by the latest work by “external researchers.”

Intel identified multiple security flaws in the ME firmware versions 11.0/11.5/11.6/11.7/11.10/11.20, as well as SPS Firmware version 4.0 and TXE version 3.0. As Purism told us recently, version 11 of ME is quite different from the one Intel used before, and it also runs on a separate x86 processor, as opposed to an Arc processor like before. Versions 11 and later are available to Intel 6th-gen processors (Skylake) and newer.

The full list of impacted CPUs includes:

6th, 7th & 8th Generation Intel Core Processor FamilyIntel Xeon Processor E3-1200 v5 & v6 Product FamilyIntel Xeon Processor Scalable FamilyIntel Xeon Processor W FamilyIntel Atom C3000 Processor FamilyApollo Lake Intel Atom Processor E3900 seriesApollo Lake Intel PentiumCeleron N and J series Processors

As many privacy and security activists have feared, the recent flaws could allow an attacker to gain unauthorized access to ME functionality and third-party secrets protected by the ME, the SPS, or the TXE.

To determine if the recently found vulnerabilities impact your system, Intel has created a detection tool that can be downloaded from its site. The tool is available only for Windows and Linux users.

The patch meant to fix these vulnerabilities will not be provided by Intel. You will have to check with your notebook’s OEM or your PC’s motherboard maker to see if they have released a firmware update that fixes the recent flaws.

Purism told us in an email that although they need to test the new firmware, they think they should still be able to use the undocumented mode that the NSA has also been using to continue to disable the ME in their laptops, as the recent vulnerabilities announced by Intel don't seem to relate to it.

  • fball922
    This article seems to be missing random words and is confusing to read.
    Reply
  • shrapnel_indie
    The closed source proprietary model of the firmware also denies most people—except the NSA—the ability to see what it does on a computer, which means it might come with security flaws that could be exploited by sophisticated attackers.
    they think they should still be able to use the undocumented mode that the NSA has also been using to continue to disable the ME in their laptops, as the recent vulnerabilities announced by Intel don't seem to relate to it.

    IOW: the alphabet soups still have their unmonitored back-door(s) in place so they can exploit it whenever they wish. Hopefully only under a valid warrant, but somehow I don't think that will stop 'em. If they're there (the access points, undocumented or not) SOMEONE will take advantage of it, not just guv snoops either. -- Shame on you Intel!
    Reply
  • Glock24
    I imagine there are other flaws affecting pervious products too, but they are too old for Intel to invest any effort to patch.

    But then, those "flaws" may actually be features requested by the NSA.
    Reply
  • TripleHeinz
    I executed the tool in a machine with a 4th gen core processor and this is the output just in case you were wondering what happens if you do:

    Risk Assessment
    Based on the analysis performed by this tool: This system is not vulnerable.

    For more information refer to the SA-00086 Detection Tool Guide or the Intel security advisory Intel-SA-00086 at the following link: https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00086&languageid=en-fr

    INTEL-SA-00086 Detection Tool
    Application Version: 1.0.0.128
    Scan date: 21-11-2017 16:05:21

    Host Computer Information
    Name: TRIPLEHEINZ
    Manufacturer: Gigabyte Technology Co., Ltd.
    Model: B85N-WIFI
    Processor Name: Intel(R) Core(TM) i3-4330 CPU @ 3.50GHz
    OS Version: Microsoft Windows 10 Pro

    Intel(R) ME Information
    Engine: Intel(R) Management Engine
    Version: 9.0.30.1482
    SVN: 1

    Copyright(C) 2017, Intel Corporation, All rights reserved.
    Reply
  • derekullo
    At first I thought they were acknowledging Windows Millenium's flaws ....

    All was forgiven with Windows Xp lol
    Reply
  • hahmed330
    Fixed it at least on My computer using the patch provided by Asus using this utility.
    Reply
  • hellraiser06
    And, TH still embeds videos that autoplay. You know guys, it becomes really awkward at work when everybody is suddenly looking at you just because you forgot to mute your browser. Just sayin
    Reply
  • geekguy
    So basically it's not a backdoor if the "right" guy is using it, if I understood correctly.
    "... worried that ME could be used as a backdoor.
    The closed source proprietary model of the firmware also denies most people—except the NSA..."
    Moral of the story, buy Intel, you will be safe, you need to be safe! At least that's how the saying goes...
    Reply
  • Mpablo87
    Full takeover of ME via USB!!
    Positive Technologies sounds great
    Reply
  • rwinches
    The vulnerability affects sixth, seventh and eighth generation Core chips (Skylake, Kaby Lake and Kaby Lake R), along with Pentium, Celeron, Atom and multiple Xeon chips.

    https://finance.yahoo.com/news/intel-apos-latest-core-processors-142100896.html
    Reply