Hidden Kill Switch Identified in Controversial Intel ME controller chip

Europe’s leading cyber-security firm Positive Technologies’ security researchers have bad news for Intel users. They have detected a secret configuration setting or kill switch that disables the Intel Management Engine (ME) 11 chip.

This chip comprises a microcontroller, and its task is to control the CPU, so if it gets disabled then the device will become open to grave security risk. The flaw was identified in May when a vulnerability in the Active Management Technology used by Intel was identified. This is the same firmware application that the Intel Me chip has.

The flawed hardware is harvesting an “undocumented master controller” inside which the Electronic Frontier Foundation (EFF) referred to as a ‘security hazard.’ ME chip requires a Platform Controller Hub chip to function along with other integrated peripherals, and its job is to handle the majority of the data that travels between the processor and the external devices. This is how the chip is capable of accessing the data on the host computer and therefore when it is compromised it starts serving as a backdoor and allows an attacker to gain full control of the device.

Already there have been attempts to disable the ME chip, but these have remained restricted to preventing the computer from booting or crashing the computer system totally but to no avail because ME components have been cleverly integrated by Intel into the computer’s key processes, e.g., initialization, power management, and processor’s booting.

Intel ME system is an entirely different processor embedded in Intel’s CPUs, and it has no link with the main CPU as it has a separate Operating System, hardware bus driver, memory manager file system, etc. It also has full access to various sensitive system components like system memory, keyboard, and video network. Therefore, it can easily access and obtain data as well as crucial control components of a computer, and if the ME chip is disabled, then the computer will stop functioning.

The defect was believed to be fixed to some extent using ME Cleaner, but the risk will not be eliminated because of the way the chip has been designed. It has an “irremovable environment with an obscure signed proprietary firmware, with full network and memory access, which poses a serious security threat,” read the chip’s configuration information.

However, researchers Dmitry Sklyarov, Mark Ermolov, and Maxim Goryachy from Positive Technologies have now identified a method to turn off the risk factor in the Intel Me chip by accessing a configuration file and setting the undocumented High Assurance Platform or HAP bit to 1. HAP is an IT security structure that was developed by the National Security Agency in the US.

As per the information of Positive Technologies’ researchers, government agencies often try to eliminate or at least reduce the probability of unauthorized access and HAP’s impact on Boot Guard is yet unknown but it might provide valuable insights into the issue. Boot Guard is the boot process verification system from Intel.

In response to the issue related to ME Chip, Intel’s spokesperson stated: “In response to requests from customers with specialized requirements, we sometimes explore the modification or disabling of certain features. In this case, the modifications were made at the request of equipment manufacturers in support of their customer’s evaluation of the US government’s ‘High Assurance Platform’ program. These modifications underwent a limited validation cycle and are not an officially supported configuration.”

Intel also stated that it doesn’t design backdoors for allowing access to its products and it never participates in any scheme that affects the security of its technology. However, the flaw is real and cyber criminals are now gearing up to exploit the vulnerabilities in Intel Me chips as the flaws will let them avoid firewalls and steal information using the AMT Serial-over-LAN interface.



Related Posts