Intel’s management engine gives backdoor access to every part of your machine.
Five years ago, Intel rolled out something called the Management Engine (ME). It is a completely separate computing environment for Intel chipsets, which gives almost unlimited access to your computer. ME can access your network, operating system, memory and cryptography engine. It can access your computer remotely, even when the computer is off. All of this is underscored by the fact that we don’t know what ME is up to, and there’s no way to look at the code. What is certain, is that once a hacker manages to break into the Management Engine, every Intel computer will have a massive security and privacy problem. Hackaday described Intel’s Management Engine as “the single most dangerous piece of computer hardware ever created” in an article published this weekend.
If this sounds scary to you, you’ll be happy to hear there’s now a way to disable ME on your computer. When the engine was first rolled out in GM45 chipsets, it could be removed physically, because it was situated on a chip separate from the northbridge. For core i3/i5/i7 processors however, the Management Engine is integrated into the chip. Physically removing it is impossible, but some efforts to disable it have been at least partially successful. Those partial successes have, until very recently, had a major drawback. If disabled, ME does not receive a valid Intel signature form the computer, and when this happens, the computer auto shuts down after 30 minutes.
The BeagleBone single board computer that hackers used to disable ME
A few months ago however, hacker Trammel Hudson discovered that if he deleted ME’s first page, or memory block, his Thinkpad didn’t shut down. This led two other hackers, Nicola Corna and Frederico Amedeo Izzo to create a script which utilized the exploit to disable ME. In essence, the engine thinks it’s still running, while not really doing anything. With some extra wires, a BeagleBone single board computer, and a SOIC-8 chip, the hackers were able to completely shut down ME. The exploit is known to work on Sandy Bridge and Ivy Bridge processors. It should work on Skylake processors, and Haswell and Broadwell are untested.