Home » Featured » Researchers Discover Disabling of Intel ME Backdoor Through NSA Hardware Requirement
Click Here To Hide Tor

Researchers Discover Disabling of Intel ME Backdoor Through NSA Hardware Requirement

Researchers from the cybersecurity company known as Positive Technologies have discovered a way to disable the embedded Management Engine (ME) controller chip of Intel processors. It is also known as a coprocessor. The ME chip allows for remote management of a computer and has long been considered a backdoor. In the past, the Electronic Frontier Foundation (EFF) has called the Management Engine a security hazard, and demanded that users be given the ability to disable it. The embedded ME chip is part of Intel’s Active Management Technology (AMT) and it runs independently of the computer’s main processor and its operating system. ME is embedded onto the Platform Controller Hub (PCH), which gives it access to all data being sent and received by the main processor and all devices. The ME chip has its own firmware and operating system. The code on the ME chip is not publicly available, which has led many to mistrust it and call it a backdoor.

The embedded ME chip can be found on every Intel x86 processor made after 2006. A major vulnerability with Intel’s AMT was discovered in May of this year, which was a remote code execution vulnerability found in millions of Intel chips. Prior attempts to disable the ME chip have failed, or were only partially successful. The me_cleaner project created software that allowed a user to erase most of the ME firmware, but this would only work for about a half of an hour, after which the ME chip would enter a recovery mode which would cause the computer to reboot. Because the firmware is compressed using the Huffman encoding technique, the researchers at Positive Technologies had to develop a piece of software called the Intel ME 11.x Firmware Images Unpacker, or, unME11. The software has been released to the public on github. It consists of two Python scripts which unpack firmware regions for the Intel ME 11 series.

The ability to disable the ME chip is made possible thanks to, of all things, an NSA program. The NSA established the High Assurance Platform (HAP) program to work with the tech industry to develop secure computing platforms. Since ME actually is a security risk, the NSA would want Intel to give them the ability to disable it. The NSA would want to minimize side-channel leaks. Intel confirmed this after the research from Positive Technologies was released.

“In response to requests from customers with specialized requirements we sometimes explore the modification or disabling of certain features. In this case, the modifications were made at the request of equipment manufacturers in support of their customer’s evaluation of the U.S. government’s “High Assurance Platform” program. These modifications underwent a limited validation cycle and are not an officially supported configuration,” a spokesperson for Intel said.

The researchers were able to find a HAP mode thanks to a couple pieces of software that Intel creates for motherboard manufacturers. This software allows a few modifications to be made to ME. The two tools used are the Flash Image Tool (FIT) and the Flash Programming Tool (FPT). With these tools the researchers were able to obtain XML files that described the structure of the ME firmware and find special configuration bits for the PCH. One of these configurations was called “reserve_hap” that included the comment “High Assurance Platform (HAP) enable” which made the researchers curious.

The researchers then enabled the HAP enable configuration, and discovered that the ME chip was disabled. The ME chip would not respond to any commands with HAP mode enabled. Once HAP mode is enabled, a change is made to the Boot Guard policies. Positive Technologies will continue to investigate the Management Engine, and will try to uncover how exactly how HAP mode changes Boot Guard and other changes. They warn their hack is experimental and has not been fully tested and requires a Serial Peripheral Interface (SPI) programmer.

12 comments

  1. This must be the most important discovery in the security field for the last decade.

  2. That’s the American way? Make us more hackable in the name of cyber security. Oy vey!

  3. Intel and every other company who don’t give a fuck about our rights to a secure computer should be obliterated.

  4. The Russians build a secure processor, only its available to government only…

  5. Ditching Intel chips will not solve anything. AMD has its own equivalent that nobody seems to be working on breaking thus far.

  6. The frightening thing is that so far we don’t know the extend of AMD PSP capabilities and if there is any point in preferring AMD Ryzen as “the lesser evil”.

    The world is in dire need of a secure, backdoor free processor, even if it performs at C2D levels.

  7. The Asus C201 can be fully deblobbed with Libreboot and runs Linux beautifully. It even has a physical write protection screw for the firmware.

  8. fat Aussie bastard

    use an old P2 desk-top with an old, “Award” BIOS, so, prblby don’t hafta worry abt this, eh?
    (run two diff. flavours of Linux on it)…
    (have a newer desk-top but don’t use it much)

    i’m more worried abt me ISP ‘eaves-dropping’ on me via 4G than any-thing else…

  9. F#ck Intel. They are NSA workers.

  10. Seems like a Github xploiting this procedure was taken down

    gist.github.com/CHEF-KOCH/af96c3a63a026b808f09497d136996df

Leave a Reply

Your email address will not be published. Required fields are marked *

*

Captcha: *