Intel’s controversial Management Engine
Security experts declare it’s “game over” after discovering that ME can be hacked via a simple USB port…
I Intel’s Management Engine is a highly controversial feature of Intel’s processors. It quietly runs the Minix operating system, effectively creating a separate PC within systems running Intel chips that is used to verify and supervise the main PC. Yet ME has come under renewed attack over its security flaws since we first reported on it in LXF225.
Security firm Positive Technologies has managed to gain access to the ME chip and revealed that some of our worst fears about Intel’s Management Engine could come true. In a series of tweets ( http://bit.ly/max-gor), Maxim Goryachy revealed that he and fellow researcher Mark Ermolov can prove that the Intel ME chip uses JTAG (Joint Test Action Group) debugging ports, which can be accessed via USB. JTAG allows low-level access to Intel CPUs running the ME, and by accessing the USB ports via DCI (Direct Connect Interface), malicious hackers could use physical access to access the target machine.
Meanwhile, Andrew Tanenbaum, the creator of the Minix operating system, wrote an open letter to Intel ( http://bit.ly/and-tan) stating that by putting Minix on the ME it had made it the “most widely used computer operating system in the world”, but that he didn’t know about it until he read a news report.
Andrew said that the “only thing that would have been nice is that after the project had been finished and the chip deployed, that someone from Intel would have told me, just as a courtesy.”