Oh Blimey, Security Researchers find a CPU insider another Intel x86 CPU which cant be disabled
How would you react if you find that your Intel x86 PC or Laptop has a secret CPU which you didnt know of. More worrying is that you cant either disable or even touch this hidden CPU according to a security researcher.
Damien Zammit, a hardware security expert, claims that the recent Intel x86 CPUs have a secret and power control mechanism embedded into them that runs on a separate chip that nobody can disable and review the closed proprietary code.
This subsystem called the Intel Management Engine (ME) is a subsystem composed of a special 32-bit ARC microprocessor that is exactly located inside the x86 chipset, where it runs its own closed-source firmware. It is an “extra general purpose computer.” Intel says ME was designed to allow big enterprises to manage their computers remotely, for a fee of course, via the Active Management Technology (AMT).
AMT allows access to the computers in any deployment, as it runs separately from any OS a user might install, says Zammit.
In order for AMT to have all these remote management features, the ME platform will access any portion of the memory without the parent x86 CPU’s knowledge, and also set up a TCP/IP server on the network interface. This server can send and receive traffic irrespective whether the OS is running a firewall or not, says Zammit.
However, Zammit has pointed out some issues in a blogpost. Firstly, no one has ever seen the source code of the ME platform outside the Intel’s headquarters. Secondly, the ME firmware is cryptographically protected with RSA 2048 that cannot be physically forced in a human life. Thirdly, on the newer Intel Core2 CPU series, the ME cannot be disabled, as the CPU refuse to boot, or shut-down shortly after booting, says Zammit. And lastly, there is no way to audit the health of the ME firmware. A security researcher wouldn’t be able to search for any alleged NSA backdoors, nor there is a way for the main CPU to tell if the ME on a system has been compromised, or a way to “heal” a compromised ME.
Except the Intel engineers, nobody has access to this CPU-in-CPU says Zammit.
“A large portion of ME’s security model is “security through obscurity”, a practice that many researchers view as the worst type of security,” Zammit wrote in an exposรฉ for BoingBoing. “If ME’s secrets are compromised (and they will eventually be compromised by either researchers or malicious entities), then the entire ME security model will crumble, exposing every recent Intel system to the worst rootkits imaginable.”
In the past, security researchers have taken up the issue of hidden code in Intel firmware. However, this was in the Intelligent Platform Management Interface (IPMI) protocol, a predecessor of the Active Management Technology (AMT) that is currently included in ME.