Intel CPUs Could Contain Huge Security Flaw




/ 3 years ago

intel cpu

A management technology present in Intel x86 CPUs for the past decade might contain a massive vulnerability which, if exploited, could leave systems vulnerable to “nearly unkillable, undetectable rootkit attacks.”

According to a report by BoingBoing, the Intel Management Engine (ME) – which allows administrators to remotely access and control all major PC systems, regardless of whether the computer is on or not – is at severe risk of being compromised, giving hackers full remote access to computers that carry the technology.

“Although the ME firmware is cryptographically protected with RSA 2048, researchers have been able to exploit weaknesses in the ME firmware and take partial control of the ME on early models,” BoingBoing reports. “This makes ME a huge security loophole, and it has been called a very powerful rootkit mechanism. Once a system is compromised by a rootkit, attackers can gain administration access and undetectably attack the computer.”

The most vulnerable component of ME is the Intel Active Management Technology (AMT), which gives network admins access to a PC’s operating system, hard drive, and boot state.

“On systems newer than the Core2 series, the ME cannot be disabled,” the article adds. “Intel systems that are designed to have ME but lack ME firmware (or whose ME firmware is corrupted) will refuse to boot, or will shut-down shortly after booting.”

Since the ME runs on a separate chip that Intel is rather secretive about – no audits or examinations of it have been permitted – the company is unlikely to be particularly forthcoming on the above allegations. For now, let’s hope that its secrecy will help protect the potential vulnerability from being fully exploited.

Topics: , , , , , , ,


Support eTeknix.com

By supporting eTeknix, you help us grow. And continue to bring you the latest news, reviews, and competitions. Follow us on Facebook and Twitter to keep up with the latest technology. Share your favourite articles, chat with the team and more. Also check out eTeknix YouTube, where you'll find our latest video reviews, event coverage and features in 4K!

eTeknix Facebook eTeknix Twitter eTeknix Instagram eTeknix Instagram

Check out our Latest Video

Comments

2 Responses to “Intel CPUs Could Contain Huge Security Flaw”
  1. John Burns Jnr says:

    Quote ” the Intel Management Engine (ME) – which allows administrators to remotely access and control all major PC systems, regardless of whether the computer is on or not .”
    Tell me, how does someone remotely access a computer that’s not turned on?

    • litvik627 says:

      If the computer is unplugged then no, it cannot be turned on. ME is quite powerful
      which if enabled and set up, (and connected to a network and if the power is
      plugged in) it can in fact receive a signal through the network to be powered on and be
      remotely accessed even on a BIOS level. Basically, I can sit at
      another computer that has Intel’s proper remote software tool and
      control the remote computer as if I was physically there. Its pretty
      cool.

Speak Your Mind

Tell us what you're thinking...
and oh, if you want a pic to show with your comment, go get a gravatar!