Articles

Another Vulnerability is found in Intel Management Engine which allows execution of Code with no Digital Fingerprint

Taking advantage of Intel ME technology, within which attackers can execute unsigned code on the target machine. This leads to a full compromise of the platform.

Intel Management Engine is a closed technology, which is a microcontroller embedded into the Platform Controller Hub (PCH) with a set of well-proportioned peripherals. Through PCH, almost all communication between the processor and external devices necessitates place, so Intel ME has access to nearly all data on the computer. Therefore, the ability to execute third-party code allows you to completely compromise the platform.

Intel ME technology has long been of concern to researchers, but lately, even more, a thought has been focused on it. One of the causes for this is the transition of this subsystem to a new hardware (x86) and software (modified MINIX as an operating system) design. The use of the x86 platform allows wielding the full power of the binary code analysis tools.

Unfortunately, such a large-scale processing has not been external without errors. When studying the new subsystem in the Intel ME 11+ version, Positive Technologies researchers found a vulnerability that allows implementing unsigned code inside PCH on any motherboard for processors of the Skylake family and above. In this case, the principal system can remain functional, so the user may not assume that his computer is running spyware, opposing to reinstalling the OS and updating the BIOS. The experience to execute your own code on ME opens up unlimited possibilities for researchers since it allows you to at least examine the system in dynamics.