What You Need To Know About The Intel Management Engine

Over the last decade, Intel has been including a tiny little microcontroller inside their CPUs. This microcontroller is connected to everything, and can shuttle data between your hard drive and your network adapter. It’s always on, even when the rest of your computer is off, and with the right software, you can wake it up over a network connection. Parts of this spy chip were included in the silicon at the behest of the NSA. In short, if you were designing a piece of hardware to spy on everyone using an Intel-branded computer, you would come up with something like the Intel Managment Engine.

Last week, researchers [Mark Ermolov] and [Maxim Goryachy] presented an exploit at BlackHat Europe allowing for arbitrary code execution on the Intel ME platform. This is only a local attack, one that requires physical access to a machine. The cat is out of the bag, though, and this is the exploit we’ve all been expecting. This is the exploit that forces Intel and OEMs to consider the security implications of the Intel Management Engine. What does this actually mean?

What the Management Engine Is and Does

Intel’s Management Engine is only a small part of a collection of tools, hardware, and software hidden deep inside some the latest Intel CPUs. These chips and software first appeared in the early 2000s as Trusted Platform Modules. These small crypto chips formed the root of ‘trust’ on a computer. If the TPM could be trusted, the entire computer could be trusted. Then came Active Management Technology, a set of embedded processors for Ethernet controllers. The idea behind this system was to allow for provisioning of laptops in corporate environments. Over the years, a few more bits of hardware were added to CPUs. This was the Intel Management Engine, a small system that was connected to every peripheral in a computer. The Intel ME is connected to the network interface, and it’s connected to storage. The Intel ME is still on, even when your computer is off. Theoretically, if you type on a keyboard connected to a powered-down computer, the Intel ME can send those keypresses off to servers unknown.

In addition to the release of the ME exploit at Black Hat, we’ve learned a lot in the last few weeks. The ME is actually running Minix, a ‘hobby’ or ‘teaching’ operating system created by [Andy Tanenbaum], and the OS that gave birth to Linux. There is a significant discussion of the BSD licensing versus the GPL licensing of Minix and Linux, but that’s an argument for another time.

For several years now, researchers have been investigating the set of chips Intel has included in their latest CPUs. Unfortunately, Intel decided that closed-source was the way to go, and with that security researchers had an idea of what the Intel ME could do, but had no idea how that was done, and whether or not there were any security holes. This week, that wall was breached. Now anyone can execute arbitrary code on the Intel ME with a USB stick.

Mitigation

With the immense problems of the Intel Managment Engine, is there anything a regular joe can do to mitigate the security risks? Is there any way to just turn the ME off? Thankfully yes, with a few caveats.

System76, makers of fine Linux laptops and desktops, have released their own firmware update to disable the ME. Additionally, Dell is now selling a laptop — the ruggedized Lattitude 14 — with the default option of a disabled ME. There is, apparently, a market for the security conscious.

However, if you already own a computer, the chances are that you have a Management Engine somewhere in your box, and it’s running. What are your options, short of buying a new computer? The first step towards removing the ME is to see if it is indeed running. For this, Intel has released a tool to detect a running ME.

However, simply detecting the ME is not enough. You’ll need to disable it. Unfortunately, the implementation of the ME is left up to motherboard manufacturers, and there is no generic way to turn it off. This is perhaps the greatest security threat the ME poses; without a single, simple tool to turn the ME off in any instance, we’re left with only instructions and tutorials on how to disable the ME for individual makes and models of computers.

To that end, some motherboard manufacturers and OEMs have come up with methods to disable the ME in the last week or so, and it’s expected there will be an industry-wide response to this problem, with handy guides on how to disable the ME available from your motherboard OEM.

All of these are incomplete solutions. The recent Evil Maid exploit for the Intel ME, which requires physical presence, only works on ME versions higher than V. 11. While this does exclude all Macs, there’s still the possibility other exploits will be found, affecting earlier versions of the ME. How do you turn the entire thing off?

Unfortunately, you can’t. A computer without valid ME firmware shuts the computer off after thirty minutes. However, the me_cleaner tool does something rather clever: it tricks the ME into thinking it has valid firmware, but in fact does nothing. We took a look at this hack when it was first released, and yes, if you delete the first page of memory from the ME’s ROM, it stops working but still allows your computer to function.

This year’s biggest ‘I Told You So’

The Intel ME is a tiny, obscure piece of hardware locked away in nearly every modern Intel CPU. It’s connected to your storage and your network interface. If someone can access the ME, they own your computer. Right now, the best exploit for the ME — or worst, depending on your point of view — is simply a variation of the Evil Maid scenario. This exploit requires physical access to the device, and we all know physical access is ultimately root access. In this context, and any realistic threat model, the current exploit for the Intel ME is a bit overblown.

Consider this Stage One. The ultimate exploit for the ME is one over the network interface. With that, anyone can own an ME-equipped computer from anywhere on the planet. This exploit does not exist yet, and we know this by the fact there isn’t a new, massive botnet mining Bitcoin.

Until that day comes, we’re only left with the realization that yes, the nerds were right. The idea of the NSA putting hardware in every computer sounds absurd, until you realize it actually happened.

Over the last few decades, the general population has been dragged kicking and screaming in the world of information security. In the 80s, it was as simple as not writing your password down on a Post-It note. In a few years, we’ll get to the conversation about how Alexas and Google Homes are an Orwellian nightmare. Until then, we’ll have to use the Intel ME exploit as another example of how important security is, and how vital it is to listen to the people telling you, “this is bad”. Code that can’t be audited is code that can’t be trusted.

 

91 thoughts on “What You Need To Know About The Intel Management Engine

        1. Except for the fact that many laptops and phones do not have hardware turnoff switches or removable batteries anymore.

          We’re getting to a point where someone needs to make a device for the security conscious and a few manufactures are working on just that.

    1. Here’s something for you to read: https://en.wikipedia.org/wiki/Standby_power

      In a nutshell it’s because we consumers are idiots, and crave for convenience over everything. Wake on lan, IR remote switch on, wiggle-the-mouse for boot. Those things are not “off” (and as a collateral they’re draining something around a couple of W).

      Myself? I’ve a power strip with a switch, and separate those things (which today typically even have no real switch on them) from the supply, as meninosousa does. There are things I just don’t want to “outsource”.

    1. Alas, the code that can be audited can’t be trusted either. I mean, can you trust that it was audited, that auditors fully understood the code, that they are well meaning, and that they are well-meaning towards YOU? The trust is only shifted around, not eliminated. Auditing everything yourself (and all of us doing it for ourselves) would destroy productivity gain we got from data processing automation.

      And then again, can you be sure that proven innocuous code does not contain … some sort of “code steganography” (e.g. something like “port knocking”, but only “register knocking”, or “cache location knocking”) in collusion with underlying hardware (which you are unable to fully audit). To be sure that code is not conveying any additional information to hardware apart from its primary public goal there would be necessary to exist a single canonical form of executive program for each programming task, and if code strays from it, something is fishy. But can we enumerate all possible programming tasks, on all levels of architectural hierarchy?

      Those who make their move first are always one step ahead.

      1. “Auditing everything yourself (and all of us doing it for ourselves) would destroy productivity gain we got from data processing automation.”

        Well, even starting down that road assumes that you can trust your own auditing skills. See also: Schneier’s Law.

      2. IIRC there was a backdoor hidden by NSA in important piece of code from Linux (all of them (something related to network implementation, I think, but can’t remember details)) that went unnoticed for decade or two. Which proves that having open source code available is no guarantee that there are no backdoors. That code was read and edited by many people, yet none of them noticed any problems…

        1. As a counter example, let me cite the old Interbase (a DB engine) backdoor which went unnoticed for seven years; then one day Borland released the source publicly and in less than on year later the vulnerability was discovered by a single developer.
          https://www.theregister.co.uk/2001/01/12/borland_interbase_backdoor_exposed/

          Government agencies can succeed in putting backdoors because they use gag orders to “discourage” developers to talk about them. Should a developer discover one, he’d be immediately approached by some government drone citing national security matters and politely asking to withdraw any post about it, implying that if he does not comply he’d be asked again but in a less polite way.

          1. Right, I have serious doubts about the parent comment. I think they may be thinking about NSAKEY or one of the Windows fiasco’s. Moryc: [citation needed]

  1. So what about AMD processors and motherboards? I assume they don’t feature IME but does AMD have its own version? If not maybe we will see a resurgence of AMD in the desktop realm (beyond GPUs).

    1. Well a quick search answered my question (I knew it would — I just figured it was still worth posting the question to generate awareness). Unfortunately AMD does have its own counterpart to IME and it’s just as closed to scrutiny.

        1. I don’t purport to know one way or another, but I’d be surprised if such a thing was in any processor designed for a mobile device.

          In the more limited scope of Apple, I’d be even *more* surprised, given they’re the same bunch that went to war with the FBI over similar issues.

          1. Edward Snowdens slide shows the exact chronological order in which each of the major tech companies volenteered to sell out their massive user bases privacy to the NSA. Apple were late to the game but they were there (no shock MS were first to throw us under the bus). When people talk about unrelaible tech companies from China, Russia not being trustworthy, Huawai, Kesparsky etc. they are not wrong, but the US tech giants are exactly the same. As a european I still see the US somewhat as the home team as we are culturally and linguistically aligned, but the fact remains that we pretend to hold ourselves to a higher standard, but our actions and our principals are not aligned.

            RMS warned of all this decades ago, The Free Software Foundation called it, but the entire business model of the Tech sector is incompatible with the concept of democratic freedom and the ideal free civic society. I love technology, but sadly it’s misuse is gradually enslaving us and robbing us of our freedoms

        1. It used to be as simple as cutting the write enable pin. [ or tying it high. ] doubtful most are that trivial these days.
          Short of building your own hardware from the wafer up.
          [ and writing your own wafer design tools because they could add things in after you press print and you’d probably never know. ]
          You’re always going to have that in the back of your mind.
          Waiting for someone to add a virus to routers that waits for them to not be in use and switches them to a network extending and file sharing mode. Sort of wifi only internet. With the shear number of wifi sources in built up areas the bandwidth would be huge.

  2. Now a class action lawsuit to add to our cost of replacing the 40k Intel based motherboards we currently have deployed.
    The least Intel could have done is offered a free removal tool — Steve Jobs was right when his said Intel managers had no class.

    Anyone have any SPARC64 machines for sale?

    1. Replace them with what?!?! If the NSA asked for part of the IME to be in there then do you really think off is off? Do you think a new model CPU/Motherboard is right around the corner that doesn’t have an IME? What are you going to do? Open RISC in an FPGA as a desktop?!?!

        1. Hmm… Is PowerPC free of that crap? If so then that might be a good solution for some people. I have to imagine that there is a reason Intel and AMD both have this while ARM is usually so full of vendor added crap that there is no telling what’s in there. If everyone switched to PowerPC without first putting the three-letter-agencies in check… How long before PowerPC get’s it’s own version of IME?

  3. This has me thinking… a desktop class processor custom fabbed so that we can know for sure what is on it is probably not happening any time soon. But… what if one purposely connected a computer to a network in such a way that the IME or AMD’s equivalent just doesn’t know how to use it? As a home computer user I’m not to worried about an evil maid but we all want protection from strangers on the internet.

    The first thing that comes to my mind, and about the only thing that might be within my own technical capability I have thought of is to connect via an ESP chip. The IME wouldn’t see a NIC, it would just see data going over a serial port. Would it recognize that as it’s connection to the outside world and use it? Even if there were a backdoor in the ESP chip (which I doubt) it’s not like it would be able to access my hard drive or my RAM or anything. But… that connection would be very slow.

    How about an open source NIC? Something on an FPGA maybe? I’m not sure exactly how this would work. Maybe there could be some sort of unique encryption key flashed onto the nic that must also be compiled into the driver. Even if someone ported the driver to Minix and it was built into the IME it wouldn’t work so long as the user changed their key to something other than the default one.

    The only way I can imagine the IME getting around that would be if it looked in RAM and recognized whatever represents the operating system’s TCP/IP stack and POKE’d it’s crap right into it. I’m thinking that maybe Linux with PIE could secure against that?

    1. It’s a clever idea and crossed my mind too, although I lack the skill to understand it. A beowulf cluster composed of amd and intel would be naturally resistant as the same exploit should not affect two systems in the same manner. Buffer overflows were such a big threat a few years back that the linux kernel was altered to randomize memory locations. I doubt an alternative firmware for routers to obfuscate network traffic would be a workable approach as they couldn’t approach the speed of a usable cpu.

  4. Ha ha, joke is on the NSA, all of my personal computers are at least 10 years old!

    One thing that is not clear to me; what about Apple hardware? It would be great to know there is at least one mass market option out there.

  5. pretty sure this only worked because the PC manufacturer left JTAG turned on… it’s not Intel’s fault, it’s the carelessness of the PC manufacturer who didn’t follow the recommendations and warnings laid out. Just like you can’t fault a car company for your cell phone getting stolen from your dashboard when you left the windows open all day in a bad neighborhood.

  6. I am no lawyer, but it would seem to me that Intel could, and should, be held accountable for intentionally installing, what can only be described as a backdoor virus, into the silicon of their ’86 processors.

    Surely as such, Intel should be held legally liable for any and all damage, direct and consequential, to all owners of computers with those “Intel Inside” computers. Thus, even examining what possible security risks they pose, is a cost, personal and corporate, to owners of those said computers, and is therefore both a direct and consequential expense/loss directly caused by Intel knowingly installing specific silicon inside their chips. Intel is smart/big enough to have reasonably have known, and indeed that was the purpose, that this would impose unreasonably security risks to everyone who bought/used their processors. Thus, they cannot deny legal liability.

    Some smart lawyers are going to make $$$$$$ going after Intel. Meanwhile we all pay for this monumental breach of confidence. The cat is out of the bag, so to speak.

    1. “Parts of this spy chip were included in the silicon at the behest of the NSA.”

      So… scapegoat the manufacturers while letting the real criminals carry on?!? This is why we can’t have nice things.

          1. That would bring prices down. I don’t think it would eliminate the IME though. Every fab that touches x86 would get a visit from a guy in a black suite with a bag of money in one hand and a ticket to Gitmo in the other. Funded by the taxpayers this could continue indefinitely.

  7. Brian,
    You’ll find the information you’ve said is actually outdated by at least a week or so… What you’ve documented is almost an exact of what I was thinking along the lines of before recent days ;)

    It doesn’t appear like an NSA requested backdoor but more like NSA found it to be too convenient a backdoor and so kept it secret whilst asking Intel for a reassuring kill-switch. NSA looked over something about the HAP-bit though:
    The kill-switch is after the bring-up-program (BUP) that is loaded from flash (Not USB… We’ll get to that later),
    The bring-up program had a fatal flaw in that it required a fixed size allocation for a file to load it’s configuration from (Not much was needed to be configured this early, we suppose).

    That config wasn’t signed, else it would’ve been a dead end to try and abuse as it wouldn’t even get past the signing checks.
    So a larger than max config would overflow the memory… but too big would knock out other stack canaries and ultimately cause a stack fault. Also if it’s own canary did get knocked off and the fn() returned, then game over. So now the overflow has occurred, they used a return-oriented-programming approach to jump to the last executable offset in any function that returned straight after the last instruction and use that against an address table to run custom code, this can then highlight the payload as executable to the CPU so it won’t triple-fault (Hang in the case of IME-x86-CPU or cut Power-Good to PSU)

    Like the twin-towers, it could be an inside job or genuine actors… at this stage we’re in the dark, but yet Intel haven’t hired people to give the “Official story” with a tin-foil explanation.

    As for the USB, I haven’t seen it released as a document, but maybe the BUP is actually burnt to the chip and boots the config off the separate ROM for board quirks and adjustments (PCIeNum_of_lanes, Me_Config, InRecoveryMode, Intel_NDA_Config_Optz, NSA_HAP_Bit for example).
    The USB, AFAIK, was a way of connecting via J-TAG and would only be for USB3.x systems as there are another 2x lanes for to include all 6 J-TAG wiring of the platform. Maybe, that is how they got how the BUP worked, or, how they took direct control before, between, or after power-on (possibly also when the ME-CPU is reset, the early bring-up can be viewed)

    This bit is just about the USB and NSA involvement bit… I’ve got another tonne of updated information about more of this Intel ME stuff, including pointing out some misconceptions).
    So much to say, not easy to proof read, I may put up sources should people here not have before myself. Hint, google for “Where there’s a JTAG there’s a way PTsecurity” PDF warning though, look at this PDF, if you know just enough C/C++ to get yourself into trouble, then you can see where I’ve got the description as above for the over-flow ;)

    TL;DR, USB is put into JTAG mode,
    NSA may of back-doored the IME after NSA found flaws befor asking for HAP-bit

  8. I used to think that there wasn’t a problem so long as the computer was off, but lately I’ve found my computers are turning themselves on regardless of what I do to stop it. Then this IME thing, plus the Echo and the Google Home all exacerbate the problem, except one thing: There is a single gateway to the internet.

    What I’d like to see is an open source hardware device that sits between my internet connection and my network that allows me to set rules for connections and packets. I’m not sure if this is possible, but it seems like it wouldn’t be that hard to tell if packets are trying to get through when they shouldn’t be, and maybe even a public blacklist/whitelist process similar to what ad blockers use.

    On the other hand that might just add another easily hackable device to the mix.

    thoughts?

    1. There is a not so secret CPU with full access to every instruction that runs on the CPU, and access to all RAM.

      As long as your machines hard disk is encrypted, powered off and disconnected from all computers it is relatively secure. But as soon as you want to access it the data there is the decryption key stored in somewhere in RAM and a decryption algorithm which needs to run instructions on the CPU. There is nothing that you can hide by having a virtual OS, unless it is using a totally different CPU not made by Intel(IME)/AMD(PSP).

      And since you are asking about Microsoft bitlocker, I have no logical way to answer you other than mentioning that Microsoft (like Intel) is a part of the “nsa strategic partnerships” (plug the term into your search engine of choice, it was part of the Snowden documents, and mentioned in some wikileaks)

    1. Yes, there’s the HDA_SDO jumper that disables ME, but it also unlocks all the SPI regions. This pin is described by the “Intel SPI programming guide”, but it’s not very clear when ME is stopped and which parts are really disabled.

  9. As I recall, IBM got busted many years ago, using hidden folders and software that “Phoned Home” activity on the system. An IBM worker bee found the “flaw” reported it upstairs and was fired for his cleverness.

  10. The point that exploitation currently requires physical access, which limits the attack. However you really have to ask if this is fully true. It has been demonstrated that NICs can be infected (yes, primarily physical access), however bugs have been found that could allow remote access. Additionally, what is to stop the NSA from putting IME/PSP/similar in the NICs? They send an “untraceable” packet that when received by the NIC, it performs it’s requisite action, and drops it from any data it sends to the computer’s bus, even if the NIC is in promiscuous mode.

    If it is possible, and governments/businesses have been shown to do it before (and it is a middle link), you have to expect it may currently be in use.

  11. Would be nice to see a snort definition and be able to go over historical logs for events of this subsystem being called. See how it was used in the past and what payloads were delivered and executed. was it used for a few targets of spys, politicians, criminals etc. or was it used en masse to deploy malware to hundreds of millions of devices.

  12. What about if we disable the ONBOARD LAN and dont use the onboard WIFI and add another network interface.. can IME access through another network working in PCI / PCI-ex / USB / USB-WIFI ?

    if ime cant i preffer to add another network interface than loss 30 to 50% of processor

  13. I bought Optiplex 980 (new) w/SSD in it and when i power off there is still a light on the inside of the mini tower (or SFF) and now I am compelled to think that that’s what it is the ME that keeps that portion of the motherboard or inside the case lit?

    1. No, it shows the power supply is alive and supplying power to the stand-by circuits of the motherboard. It is the same as putting a led inside the power supply to show when it is ‘hot”. The meaning is more to signal that the computer is energized.

      If you turn the computer off at the surge protector, the led will be dark also.

    2. PCs have had a +5VSB, standby, supply from the power supply I think since the ATX specification in the mid 1990s. So they’re never truly off, as long as the mains supply is connected. It’s used for a few bits in the PC, including the IME. Things like wake on LAN, and letting keyboard presses wake it up, etc.

      It means if you’re ever upgrading the thing, cut the mains. Keep the plug in the socket if you can, but the socket’s switch turned off. That way the earth connection is still there, earth isn’t switched. The earth connection is useful against ESD, just touch the PC’s case now and then to earth yourself.

      That’s assuming your mains has an earth connection and a switch. In the UK we’re spoiled, best domestic mains socket in the world, no brownouts, and only blackouts once every few years if they dig the cables up.

      1. Well, it’s taken a minute to circulate what i’m reading from the responses to this issue and hanks BTW, for the info & replies. I was just going to kind of ask or suggest then that i could go ahead & turn off the surge protector at night if i want the ‘light’ out(?) without any big deal to the computer, I mean, not that it’s going to use up that big of an energy splat but it’s a small room and so the light alongside the modem especially keeps the room not as dark as preferred and i definitely hide the modem without suffocating it (you know).
        You know one other thing I’d like to quick-get in, is ever since I bought that computer last year, the internal speaker takes full charge, even when applying the external 2.1 speakers, they sort of “co exist” because in order to play the computer speakers or external, the internal has to be on or playing as well or there’s simply no sound. Pretty weird stuff that the Dell tech advised of just pulling the internal speaker and i never did. I guess I wasn’t as anxious to get rid of it even though, I’d definitely like to. I was hesitant and didn’t return to the shop where i purchased it (brand ndw) even though a friend’s the owner, as well, i didn’t want to ask Dell again or piggy back w/the new question and sort of here i end up with it…but i was trying to think in removing the internal speaker altogether would i automatically have sound in the computer or external speakers then?? Do you guys maybe know or have an idea of the way it must be wired on the motherboard etc..? Just thought I would ask. And thanks a lot again for the original subject and question!!

  14. Well-here goes with a question if it’s out of place, i apologize, but on my Dell Optiplex 980 the internal speaker takes over (regardless). I attached the 2.1 computer Creative speakers and the only way they play is if the internal speaker’s playing or enabled to play. Ok, a Dell (forum) Tech advised to go in and just remove the internal speaker from the motherboard w/enclosed diagram instructs. Ok, well i didn’t do that yet and here’s probably a un-educated looking question but if I do-do that, will i lose the capacity of the external speakers then(?) because one has nothing to do w/the other but in this case, yes it does and if the Dell techs seem to indicate that that’s the only method in order to have computer speakers operate by default (Windows 64 Bit 7 is my OS) then i guess that’s the only way to do it and i purchased new set of (pretty nice) Klipsch speakers to attach this weekend. So, if anyone can take a stab at that with the given info. and may be possibility beyond de-tach of internal speaker, i appreciate it and would like to have a normal default port for one set of external speakers on this desktop without having this co-exist process, that doesn’t even make sense!! Thanks for any helpful input & it’s appreciated, if so.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.