When you buy a car, you want to lift the hood and inspect the engine to see that all the parts are in working order. With Intelx86s latest processor, you are left to wonder what’s hidden underneath the hood. The lack of transparency has raised ongoing security concerns and questions about the processor and whether or not they will be addressed.
These concerns center around the remote control technology incorporated into the x86 processor. The Intel Active Management Technology (AMT) gives IT personnel remote control access to manage and repair devices. It also runs as a standalone web server able to bypass an installed firewall on your computer. All this on an SPI-Flash chip right on the motherboard.
AMT is included as part of the Intel Management Engine (ME) found in Intel Core processors with vPro technology as well as workstations with Intel Xeon processors.
The ME has the ability to function independently in parallel with the x86 processor even when the system is off. As long as it is connected to a power outlet and network card, it can still function.
Concerns and Disadvantages of ME
Concerns have been raised about the inability to disable ME and the secrecy surrounding the specifics of its functionality and security. Without understanding the functionality and security, additional security layers can’t effectively be put in place to circumvent attacks. There is a dependency to have to trust Intel that they did everything right to secure the technology. This shroud of secrecy just adds to the mistrust and has raised doubts about the security of ME.
A couple of disadvantages of the ME technology is that is so tightly integrated with Intel’s processors it doesn’t seem possible to disable it. If ME is compromised, it would go undetected. Nor is there a way to repair a compromised ME. The ME source code cannot be dumped to be reviewed and analyzed for vulnerabilities or backdoors.
On older versions of ME, even though it is cryptography protected by RSA 2048 researchers have been able to partially exploit the weaknesses of the firmware and take partial control. If this can be done, researchers feel it could be only a matter of time before hackers exploit the rootkit in the newer version.
With Intel taking the “security through obscurity” approach, there is a lack of confidence in the security of their product without the analysis of third-parties.
Some security researchers feel that going the open source approach may be the better option. But open source has had its fair share of issues, most notably the Heartbleed bug and other malware. How to handle the disclosure of ME technology is up for some serious debate and opinion with the lack of best practices in place.
Are There Any Actions Being Taken Today?
None that have been announced publicly. First, what needs to be determined is how much of a security threat is posed by ME. Until this is resolved, concerns will continue to be voiced.
But with the nondisclosure of the technology specifics and no opportunity for a security audit performed by independent parties, there will continue to be a lack of confidence in the security of ME.
Leave a Comment