Intel Other Hardware Management Engine Interface Update

Firmware and software that runs on all modernistic Intel CPUs at a college level than user-facing operating organization

The Intel Direction Engine (ME), also known as the Intel Manageability Engine,^{[one] [2]} is an democratic subsystem that has been incorporated in virtually all of Intel's processor chipsets since 2008.^{[1] [3] [iv]} It is located in the Platform Controller Hub of modern Intel motherboards.

The Intel Direction Engine always runs as long as the motherboard is receiving power, even when the calculator is turned off. This upshot tin can exist mitigated with deployment of a hardware device, which is able to disconnect mains power.

The Intel ME is an attractive target for hackers, since it has acme level access to all devices and completely bypasses the operating system. The Electronic Frontier Foundation has voiced concern about Intel ME and some security researchers have voiced concern that it is a backdoor.

Intel's chief competitor AMD has incorporated the equivalent AMD Secure Applied science (formally called Platform Security Processor) in almost all of its post-2013 CPUs.^[v]

Difference from Intel AMT [edit]

The Direction Engine is often confused with Intel AMT (Intel Active Management Engineering science). AMT runs on the ME, merely is merely available on processors with vPro. AMT gives device owners remote administration of their computer,^{[half dozen]} such as powering information technology on or off, and reinstalling the operating system.

However, the ME itself is built into all Intel chipsets since 2008, non only those with AMT. While AMT can exist unprovisioned by the owner, at that place is no official, documented way to disable the ME.^{[ commendation needed ]}

Pattern [edit]

The subsystem primarily consists of proprietary firmware running on a separate microprocessor that performs tasks during boot-up, while the figurer is running, and while it is asleep.^[7] As long as the chipset or SoC is continued to current (via battery or power supply), it continues to run even when the system is turned off.^[8] Intel claims the ME is required to provide total performance.^[9] Its exact workings^[10] are largely undocumented^[11] and its code is obfuscated using confidential Huffman tables stored directly in hardware, and then the firmware does not comprise the information necessary to decode its contents.^[12]

Hardware [edit]

Starting with ME xi, information technology is based on the Intel Quark x86-based 32-scrap CPU and runs the MINIX 3 operating system.^[13] The ME firmware is stored in a partition of the SPI BIOS Flash, using the Embedded Flash File System (EFFS).^[14] Previous versions were based on an ARC cadre, with the Management Engine running the ThreadX RTOS. Versions one.ten to 5.x of the ME used the ARCTangent-A4 (32-bit simply instructions) whereas versions six.ten to 8.x used the newer ARCompact (mixed 32- and 16-bit instruction set architecture). Starting with ME vii.1, the ARC processor could also execute signed Java applets.

The ME has its own MAC and IP address for the out-of-band interface, with direct access to the Ethernet controller; ane portion of the Ethernet traffic is diverted to the ME fifty-fifty earlier reaching the host's operating arrangement, for what support exists in diverse Ethernet controllers, exported and made configurable via Management Component Transport Protocol (MCTP).^{[15] [xvi]} The ME too communicates with the host via PCI interface.^[fourteen] Under Linux, communication between the host and the ME is done via /dev/mei or /dev/mei0.^{[17] [xviii]}

Until the release of Nehalem processors, the ME was normally embedded into the motherboard's northbridge, following the Memory Controller Hub (MCH) layout.^[19] With the newer Intel architectures (Intel v Series onwards), ME is integrated into the Platform Controller Hub (PCH).^{[20] [21]}

Firmware [edit]

By Intel'due south current terminology as of 2017, ME is ane of several firmware sets for the Converged Security and Manageability Engine (CSME). Prior to AMT version 11, CSME was called Intel Management Engine BIOS Extension (Intel MEBx).^[one]

• Management Engine (ME) – mainstream chipsets^[22]
• Server Platform Services (SPS) – server chipsets and SoCs^{[23] [22] [24]}
• Trusted Execution Engine (TXE) – tablet/embedded/low ability^{[25] [26]}

The Russian visitor Positive Technologies (Dmitry Sklyarov) found that the ME firmware version 11 runs MINIX 3.^{[13] [27] [28]}

Modules [edit]

• Active Management Applied science (AMT)^[2]
• Intel Boot Guard (IBG)^[29] and Secure Kicking^[26]
• Quiet Organization Technology (QST), formerly known as Advanced Fan Speed Control (AFSC), which provides back up for acoustically-optimized fan speed control, and monitoring of temperature, voltage, current and fan speed sensors that are provided in the chipset, CPU and other devices nowadays on the motherboard. Communication with the QST firmware subsystem is documented and available through the official software development kit (SDK).^[30]
• Protected Sound Video Path^{[31] [12]}
• Intel Anti-Theft Technology (AT), discontinued in 2015.^{[32] [33]}
• Serial over LAN (SOL)^[34]
• Intel Platform Trust Engineering science (PTT), a firmware-based Trusted Platform Module (TPM)^{[29] [35]}
• Near Field Communication, a middleware for NFC readers and vendors to admission NFC cards and provide secure element access, found in later on MEI versions. ^[36]

Security vulnerabilities [edit]

Several weaknesses have been establish in the ME. On May ane, 2017, Intel confirmed a Remote Elevation of Privilege bug (SA-00075) in its Management Applied science.^[37] Every Intel platform with provisioned Intel Standard Manageability, Active Direction Technology, or Modest Business Applied science, from Nehalem in 2008 to Kaby Lake in 2017 has a remotely exploitable security hole in the ME.^{[38] [39]} Several ways to disable the ME without say-so that could let ME'due south functions to be sabotaged have been establish.^{[40] [41] [42]} Boosted major security flaws in the ME affecting a very big number of computers incorporating ME, Trusted Execution Engine (TXE), and Server Platform Services (SPS) firmware, from Skylake in 2015 to Coffee Lake in 2017, were confirmed by Intel on 20 November 2017 (SA-00086).^{[43] [44]} Dissimilar SA-00075, this issues is even present if AMT is absent-minded, not provisioned or if the ME was "disabled" by any of the known unofficial methods.^[45] In July 2018 another set of vulnerabilities was disclosed (SA-00112).^[46] In September 2018, yet some other vulnerability was published (SA-00125).^[47]

Band −3 rootkit [edit]

A band −3 rootkit was demonstrated by Invisible Things Lab for the Q35 chipset; it does not work for the after Q45 chipset every bit Intel implemented additional protections.^[48] The exploit worked by remapping the unremarkably protected memory region (height sixteen MB of RAM) reserved for the ME. The ME rootkit could be installed regardless of whether the AMT is present or enabled on the organization, every bit the chipset ever contains the ARC ME coprocessor. (The "−three" designation was chosen because the ME coprocessor works even when the system is in the S3 country, thus it was considered a layer below the System Management Manner rootkits.^[nineteen]) For the vulnerable Q35 chipset, a keystroke logger ME-based rootkit was demonstrated past Patrick Stewin.^{[49] [fifty]}

Zero-touch provisioning [edit]

Some other security evaluation by Vassilios Ververis showed serious weaknesses in the GM45 chipset implementation. In particular, information technology criticized AMT for transmitting unencrypted passwords in the SMB provisioning style when the IDE redirection and Series over LAN features are used. It likewise found that the "zero touch" provisioning mode (ZTC) is nevertheless enabled even when the AMT appears to be disabled in BIOS. For about threescore euros, Ververis purchased from Get Daddy a certificate that is accustomed past the ME firmware and allows remote "zero touch" provisioning of (possibly unsuspecting) machines, which broadcast their HELLO packets to would-be configuration servers.^[51]

SA-00075 (a.k.a. Silent Bob is Silent) [edit]

In May 2017, Intel confirmed that many computers with AMT take had an unpatched critical privilege escalation vulnerability (CVE-2017-5689).^{[39] [52] [37] [53] [54]} The vulnerability, which was nicknamed "Silent Bob is Silent" by the researchers who had reported it to Intel,^[55] affects numerous laptops, desktops and servers sold by Dell, Fujitsu, Hewlett-Packard (later Hewlett Packard Enterprise and HP Inc.), Intel, Lenovo, and maybe others.^{[55] [56] [57] [58] [59] [lx] [61]} Those researchers claimed that the issues affects systems fabricated in 2010 or later.^[62] Other reports claimed the problems also affects systems fabricated as long ago as 2008.^{[63] [39]} The vulnerability was described as giving remote attackers:

"full control of afflicted machines, including the ability to read and modify everything. It can be used to install persistent malware (possibly in firmware), and read and change any information."

—Tatu Ylönen, ssh.com ^[55]

PLATINUM [edit]

In June 2017, the PLATINUM cybercrime group became notable for exploiting the serial over LAN (SOL) capabilities of AMT to perform information exfiltration of stolen documents.^{[64] [65] [66] [67] [68] [69] [70] [71]} SOL is disabled by default, and must be enabled to exploit this vulnerability.^[72]

SA-00086 [edit]

Some months afterwards the previous bugs, and subsequent warnings from the EFF,^[4] security business firm Positive Technologies claimed to have developed a working exploit.^[73] On 20 November, 2017 Intel confirmed that a number of serious flaws had been establish in the Management Engine (mainstream), Trusted Execution Engine (tablet/mobile), and Server Platform Services (high end server) firmware, and released a "critical firmware update".^{[74] [75]} Essentially every Intel-based estimator for the last several years, including most desktops and servers, were found to be vulnerable to having their security compromised, although all the potential routes of exploitation were not entirely known.^[75] It is not possible to patch the problems from the operating system, and a firmware (UEFI, BIOS) update to the motherboard is required, which was anticipated to take quite some time for the many private manufacturers to accomplish, if it ever would be for many systems.^[43]

Affected systems^[74] [edit]

• Intel Atom – C3000 family
• Intel Cantlet – Apollo Lake E3900 series
• Intel Celeron – N and J series
• Intel Cadre (i3, i5, i7, i9) – 1st, 2nd, 3rd, 4th, 5th, sixth, 7th, and 8th generation
• Intel Pentium – Apollo Lake
• Intel Xeon – E3-1200 v5 and v6 product family
• Intel Xeon – Scalable family
• Intel Xeon – W family

Mitigation [edit]

None of the known unofficial methods to disable the ME prevent exploitation of the vulnerability. A firmware update by the vendor is required. Yet, those who discovered the vulnerability notation that firmware updates are not fully effective either, as an attacker with access to the ME firmware region can simply flash an quondam, vulnerable version and then exploit the issues.^[45]

SA-00112 [edit]

In July 2018 Intel announced that 3 vulnerabilities (CVE-2018-3628, CVE-2018-3629, CVE-2018-3632) had been discovered and that a patch for the CSME firmware would be required. Intel indicated there would be no patch for tertiary generation Core processors or earlier despite chips or their chipsets as far back as Intel Core 2 Duo vPro and Intel Centrino 2 vPro being affected. However Intel AMT must be enabled and provisioned for the vulnerability to be.^{[46] [76]}

Assertions that ME is a backdoor [edit]

Critics like the Electronic Frontier Foundation (EFF), Libreboot developers, and security expert Damien Zammit accused the ME of being a backstairs and a privacy concern.^{[77] [4] [78]} Zammit stresses that the ME has total access to memory (without the possessor-controlled CPU cores having whatsoever knowledge), and has full admission to the TCP/IP stack and tin can ship and receive network packets independently of the operating system, thus bypassing its firewall.^[6]

Intel responded past saying that "Intel does not put back doors in its products nor exercise our products give Intel command or access to computing systems without the explicit permission of the end user."^[6] and "Intel does not and will not design backdoors for access into its products. Recent reports claiming otherwise are misinformed and blatantly false. Intel does not participate in any efforts to subtract security of its applied science."^[79]

In the context of criticism of the Intel ME and AMD Secure Technology it has been pointed out that the National Security Bureau (NSA) budget request for 2013 contained a Sigint Enabling Project with the goal to "Insert vulnerabilities into commercial encryption systems, It systems, …" and information technology has been conjectured that Intel ME and AMD Secure Technology might be part of that program.^{[80] [81]}

Disabling the ME [edit]

Information technology is unremarkably not possible for the user to disable the ME. Some undocumented methods to do so were discovered, only these methods are not supported by Intel.^[43] The ME'southward security architecture is designed to prevent disabling, and thus its possibility is considered past Intel to be a security vulnerability. For example, a virus could abuse it to make the computer lose some of the functionality that the typical stop-user expects, such as the ability to play media with DRM. On the other hand, a malicious player could use the ME to remotely compromise a organization.

Strictly speaking, none of the known methods disable the ME completely, since information technology is required for booting the master CPU. All known methods merely brand the ME go into aberrant states soon after kick, in which it seems not to have any working functionality. The ME is still physically connected to the system and its microprocessor continues to execute lawmaking.^{[ citation needed ]}

Undocumented methods [edit]

Firmware neutralization [edit]

In 2016, the me_cleaner project institute that the ME's integrity verification is broken. The ME is supposed to detect that information technology has been tampered with and, if this is the example, close down the PC forcibly 30 minutes after organisation kickoff.^[82] This prevents a compromised system from running undetected, nevertheless allows the owner to fix the issue by flashing a valid version of the ME firmware during the grace period. As the project found out, by making unauthorized changes to the ME firmware, it was possible to force it into an abnormal error state that prevented triggering the shutdown even if large parts of the firmware had been overwritten and thus made inoperable.

"High Balls Platform" mode [edit]

In August 2017, Positive Technologies (Dmitry Sklyarov) published a method to disable the ME via an undocumented built-in fashion. Every bit Intel has confirmed^[83] the ME contains a switch to enable regime authorities such as the NSA to brand the ME become into High-Balls Platform (HAP) mode after boot. This mode disables most of ME's functions,^{[79] [84]} and was intended to exist available but in machines produced for specific purchasers like the US government; however, most machines sold on the retail market can exist made to activate the switch.^{[84] [85]} Manipulation of the HAP bit was rapidly incorporated into the me_cleaner project.^[86]

Commercial ME disablement [edit]

From late 2017 on, several laptop vendors announced their intentions to ship laptops with the Intel ME disabled or let the end-users disable it manually:

• Purism previously petitioned Intel to sell processors without the ME, or release its source lawmaking, calling it "a threat to users' digital rights".^[87] In March 2017, Purism appear that it had neutralized the ME by erasing the majority of the ME code from the flash memory.^[88] Information technology further announced in October 2017^[89] that new batches of their Librem line of laptops running PureOS volition ship with the ME neutralized, and additionally disable most ME operation via the HAP bit. Updates for existing Librem laptops were too announced.
• In November, System76 announced their plan to disable the ME on their new and recent machines which ship with Pop!_OS via the HAP bit.^[90]
• In December, Dell began showing certain laptops on its website that offered the "Systems Management" option "Intel vPro - ME Inoperable, Custom Order" for an additional fee. Dell has not announced or publicly explained the methods used. In response to printing requests, Dell stated that those systems had been offered for quite a while, but not for the general public, and had plant their style to the website simply inadvertently.^[91] The laptops are available only by custom club and only to military, government and intelligence agencies.^[92] They are specifically designed for covert operations, such as providing a very robust case and a "stealth" operating mode impale switch that disables display, LED lights, speaker, fan and whatever wireless technology.^[93]
• In March 2018, Tuxedo Computers, a German company which specializes in PCs which run operating systems which use the Linux kernel, appear an pick in the BIOS of their organization to disable ME. ^[94]
• In February 2021 Nitrokey, a German language company specialized in producing Security Tokens, announced NitroPC, a device identical to Purism's Librem Mini. ^[95]

Effectiveness against vulnerabilities [edit]

Neither of the two methods to disable the ME discovered so far turned out to be an effective countermeasure against the SA-00086 vulnerability.^[45] This is because the vulnerability is in an early-loaded ME module that is essential to kick the main CPU.^{[ commendation needed ]}

Reactions [edit]

Past Google [edit]

As of 2017,^[update] Google was attempting to eliminate proprietary firmware from its servers and constitute that the ME was a hurdle to that.^[43]

By AMD processor vendors [edit]

Soon afterward SA-00086 was patched, vendors for AMD processor mainboards started shipping BIOS updates that permit disabling the AMD Secure Technology,^[96] a subsystem with similar function as the ME.

See also [edit]

• AMD Platform Security Processor
• Intel AMT versions
• Intel vPro
• Meltdown (security vulnerability)
• Microsoft Pluton
• Adjacent-Generation Secure Computing Base
• Samsung Knox
• Spectre (security vulnerability)
• Trusted Computing
• Trusted Execution Technology
• Trusted Platform Module

References [edit]

1. ^ ^{a b c} Oster, Joseph E. (September 3, 2019). "Getting Started with Intel Agile Management Technology (Intel AMT)". Intel. Retrieved September 22, 2020.
2. ^ ^{a b} "Intel AMT and the Intel ME". Intel. Archived from the original on February 21, 2019. {{cite web}}: CS1 maint: unfit URL (link)
3. ^ "Oft Asked Questions for the Intel Direction Engine Verification Utility". Built into many Intel Chipset–based platforms is a small, low-ability computer subsystem called the Intel Management Engine (Intel ME).
4. ^ ^{a b c} Portnoy, Erica; Eckersley, Peter (May 8, 2017). "Intel's Management Engine is a security hazard, and users demand a manner to disable it". Electronic Frontier Foundation. Retrieved February 21, 2020.
5. ^ "Libreboot – Frequently Asked Questions". Libreboot.org.
6. ^ ^{a b c} Wallen, Jack (July 1, 2016). "Is the Intel Management Engine a backdoor?".
7. ^ "Frequently Asked Questions for the Intel Management Engine Verification Utility". The Intel ME performs various tasks while the system is in sleep, during the kick process, and when your organisation is running.
8. ^ "Black Chapeau Europe 2017". BlackHat.com.
9. ^ "Frequently Asked Questions for the Intel Management Engine Verification Utility". This subsystem must function correctly to get the most performance and capability from your PC.
10. ^ Hoffman, Chris. "Intel Management Engine, Explained: The Tiny Computer Inside Your CPU". How-To Geek.
11. ^ Eckersley, Erica Portnoy and Peter (May eight, 2017). "Intel'south Management Engine is a security hazard, and users demand a fashion to disable it". Electronic Borderland Foundation.
12. ^ ^{a b} "Intel ME huffman dictionaries - Unhuffme v2.4". IO.NetGarage.org.
13. ^ ^{a b} "Positive Technologies Blog: Disabling Intel ME 11 via undocumented style". Retrieved August 30, 2017.
14. ^ ^{a b} Igor Skochinsky (Hex-Rays) Rootkit in your laptop, Ruxcon Breakpoint 2012
15. ^ "Intel Ethernet Controller I210 Datasheet" (PDF). Intel. 2013. pp. 1, 15, 52, 621–776. Retrieved November 9, 2013.
16. ^ "Intel Ethernet Controller X540 Production Brief" (PDF). Intel. 2012. Retrieved Feb 26, 2014.
17. ^ "Archived copy". Archived from the original on November one, 2014. Retrieved February 25, 2014. {{cite web}}: CS1 maint: archived copy as championship (link)
18. ^ "Introduction — The Linux Kernel documentation". Kernel.org.
19. ^ ^{a b} Rutkowska, Joanna. "A Quest to the Core" (PDF). Invisiblethingslab.com . Retrieved May 25, 2016.
20. ^ "Archived copy" (PDF). Archived from the original (PDF) on Feb 11, 2014. Retrieved Feb 26, 2014. {{cite web}}: CS1 maint: archived re-create as championship (link)
21. ^ "Platforms II" (PDF). Users.nik.uni-obuda.hu . Retrieved May 25, 2016.
22. ^ ^{a b} "FatTwin F618R3-FT+ F618R3-FTPT+ User'due south Manual" (PDF). Super Micro. The Manageability Engine, which is an ARC controller embedded in the IOH (I/O Hub), provides Server Platform Services (SPS) to your system. The services provided by SPS are different from those provided by the ME on client platforms.
23. ^ "Intel Xeon Processor E3-1200 v6 Product Family Product Brief". Intel. Intel Server Platform Services (Intel SPS): Designed for managing rack-mount servers, Intel Server Platform Services provides a suite of tools to command and monitor power, thermal, and resources utilization.
24. ^ "Intel Xeon Processor D-1500 Product Family" (PDF). Intel.
25. ^ "Intel Trusted Execution Engine Driver". Dell. This packet provides the drivers for the Intel Trusted Execution Engine and is supported on Dell Venue 11 Pro 5130 Tablet
26. ^ ^{a b} "Intel Trusted Execution Engine Driver for Intel NUC Kit NUC5CPYH, NUC5PPYH, NUC5PGYH". Intel. Installs the Intel Trusted Execution Engine (Intel TXE) commuter and firmware for Windows 10 and Windows 7*/eight.1*, 64-chip. The Intel TXE driver is required for Secure Boot and platform security features.
27. ^ Intel ME: The Manner of the Static Analysis, Troopers 2017
28. ^ Positive Technologies Weblog:The Way of the Static Analysis
29. ^ ^{a b} "Intel Hardware-based Security Technologies for Intelligent Retail Devices" (PDF). Intel.
30. ^ "Intel Serenity System Technology two.0: Programmer's Reference Transmission" (PDF). Intel. Feb 2010. Retrieved August 25, 2014.
31. ^ "The Intel Direction Engine – a Privacy Nightmare". ProPrivacy.com.
32. ^ September 2012, Patrick Kennedy 21 (September 21, 2012). "Intel vPro In 2012, Minor Business Advantage, And Anti-Theft Tech". Tom'south Hardware.
33. ^ "McAfee KB - End of Life for McAfee/Intel Anti-Theft (TS101986)". service.mcafee.com.
34. ^ "Using Intel AMT serial-over-LAN to the fullest". Intel.
35. ^ "How To Enable BitLocker With Intel PTT and No TPM For Better Security". Legit Reviews. May eight, 2019. Retrieved September viii, 2020.
36. ^ "MEI NFC".
37. ^ ^{a b} "Intel Active Management Engineering, Intel Small Business Applied science, and Intel Standard Manageability Escalation of Privilege". Intel.com. March 17, 2020. Retrieved September 22, 2020.
38. ^ Charlie Demerjian (May 1, 2017). "Remote security exploit in all 2008+ Intel platforms". SemiAccurate. Retrieved May 7, 2017.
39. ^ ^{a b c} "Ruby-red alarm! Intel patches remote execution hole that'due south been subconscious in chips since 2010". TheRegister.co.uk . Retrieved May 7, 2017.
40. ^ Alaoui, Youness (October nineteen, 2017). "Deep dive into Intel Management Engine disablement".
41. ^ Alaoui, Youness (March nine, 2017). "Neutralizing the Intel Management Engine on Librem Laptops".
42. ^ "Positive Technologies Web log: Disabling Intel ME 11 via undocumented mode". Retrieved August 30, 2017.
43. ^ ^{a b c d} "Intel Patches Major Flaws in the Intel Direction Engine". Extreme Tech.
44. ^ Claburn, Thomas (November 20, 2017). "Intel finds disquisitional holes in secret Direction Engine subconscious in tons of desktop, server chipsets". The Register.
45. ^ ^{a b c} "Intel Management Engine pwned by buffer overflow". TheRegister.com.
46. ^ ^{a b} "INTEL-SA-00112". Intel.
47. ^ "INTEL-SA-00125". Intel.
48. ^ "Invisible Things Lab to nowadays two new technical presentations disclosing system-level vulnerabilities affecting modern PC hardware at its core" (PDF). Invisiblethingslab.com. Archived from the original (PDF) on April 12, 2016. Retrieved May 25, 2016.
49. ^ "FG Security in telecommunications : Evaluating "Band-3" Rootkits" (PDF). Stewin.org. Archived from the original (PDF) on March four, 2016. Retrieved May 25, 2016.
50. ^ "Persistent, Stealthy Remote-controlled Dedicated Hardware Malware" (PDF). Stewin.org. Archived from the original (PDF) on March 3, 2016. Retrieved May 25, 2016.
51. ^ "Security Evaluation of Intel's Active Direction Technology" (PDF). Spider web.it.kth.se . Retrieved May 25, 2016.
52. ^ "CVE - CVE-2017-5689". Cve.mitre.org. Archived from the original on May 5, 2017. Retrieved May 7, 2017.
53. ^ "Intel Hidden Management Engine - x86 Security Adventure?". Darknet. June 16, 2016. Retrieved May 7, 2017.
54. ^ Garrett, Matthew (May 1, 2017). "Intel'southward remote AMT vulnerablity". mjg59.dreamwidth.org . Retrieved May 7, 2017.
55. ^ ^{a b c} "2017-05-05 Alarm! Intel AMT EXPLOIT OUT! Information technology'S BAD! DISABLE AMT NOW!". Ssh.com\Accessdate=2017-05-07.
56. ^ Dan Goodin (May half dozen, 2017). "The Hijacking Flaw That Lurked in Intel Chips Is Worse than Anyone Idea". Ars Technica. Retrieved May 8, 2017.
57. ^ "General: BIOS updates due to Intel AMT IME vulnerability - General Hardware - Laptop - Dell Community". En.Customs.Dell.com. May two, 2017. Retrieved May vii, 2017.
58. ^ "Advisory note: Intel Firmware vulnerability – Fujitsu Technical Support pages from Fujitsu Fujitsu Continental Europe, Heart Due east, Africa & India". Support.ts.fujitsu.com. May 1, 2017. Retrieved May 8, 2017.
59. ^ "HPE | HPE CS700 ii.0 for VMware". H22208.www2.hpe.com. May 1, 2017. Retrieved May 7, 2017.
60. ^ "Intel Security Advisory regarding escalation o... |Intel Communities". Communities.Intel.com. May 4, 2017. Retrieved May vii, 2017.
61. ^ "Intel Active Management Technology, Intel Small Business Technology, and Intel Standard Manageability Remote Privilege Escalation". Support.lenovo.com . Retrieved May 7, 2017.
62. ^ "MythBusters: CVE-2017-5689". Embedi.com. May ii, 2017. Archived from the original on August 17, 2018.
63. ^ Charlie Demerjian (May one, 2017). "Remote security exploit in all 2008+ Intel platforms". SemiAccurate.com . Retrieved May 7, 2017.
64. ^ "Sneaky hackers use Intel management tools to bypass Windows firewall". June ix, 2017. Retrieved June x, 2017.
65. ^ Tung, Liam. "Windows firewall dodged past 'hot-patching' spies using Intel AMT, says Microsoft - ZDNet". ZDNet . Retrieved June 10, 2017.
66. ^ "PLATINUM continues to evolve, observe ways to maintain invisibility". June 7, 2017. Retrieved June 10, 2017.
67. ^ "Malware Uses Obscure Intel CPU Feature to Steal Data and Avoid Firewalls". Retrieved June x, 2017.
68. ^ "Hackers abuse low-level management characteristic for invisible backstairs". iTnews . Retrieved June ten, 2017.
69. ^ "Vxers exploit Intel's Active Management for malware-over-LAN • The Register". TheRegister.co.uk . Retrieved June 10, 2017.
70. ^ Security, heise. "Intel-Fernwartung AMT bei Angriffen auf PCs genutzt". Security . Retrieved June 10, 2017.
71. ^ "PLATINUM activeness group file-transfer method using Intel AMT SOL". Channel 9 . Retrieved June 10, 2017.
72. ^ "Malware Uses Obscure Intel CPU Feature to Steal Information and Avoid Firewalls". BleepingComputer.
73. ^ "Black Lid Europe 2017". BlackHat.com.
74. ^ ^{a b} "Intel Management Engine Critical Firmware Update (Intel SA-00086)". Intel.
75. ^ ^{a b} Newman, Lily Hay. "Intel Bit Flaws Leave Millions of Devices Exposed". Wired.
76. ^ "Intel Active Direction Technology 9.x/10.x/11.x Security Review..." Intel.
77. ^ Cimpanu, Catalin (June 17, 2016). "Intel x86 CPUs Come with a Secret Backdoor That Nobody Can Bear upon or Disable". softpedia.
78. ^ "Libreboot – Ofttimes Asked Questions". libreboot.org.
79. ^ ^{a b} "Intel ME controller chip has secret kill switch". TheRegister.com.
80. ^ "Documents Reveal N.S.A. Entrada Confronting Encryption". The New York Times.
81. ^ "Leserforum". C't. 2018 (7): 10–11. March 16, 2018.
82. ^ "corna/me_cleaner". September 10, 2020 – via GitHub.
83. ^ "Researchers Find a Way to Disable Much-Hated Intel ME Component Courtesy of the NSA". BleepingComputer.
84. ^ ^{a b} Enquiry, Author Positive. "Disabling Intel ME 11 via undocumented mode". Archived from the original on Dec 1, 2020.
85. ^ "corna/me_cleaner". GitHub. March 19, 2022.
86. ^ "Prepare the HAP bit (ME >= 11) or the AltMeDisable bit (ME < 11) · corna/me_cleaner@ced3b46". GitHub.
87. ^ "Petition for Intel to Release an ME-Less CPU Design". June 16, 2016. Archived from the original on June xvi, 2016.
88. ^ Alaoui, Youness (March nine, 2017). "Neutralizing the Intel Direction Engine on Librem Laptops". puri.sm . Retrieved Dec thirteen, 2017.
89. ^ "Purism Librem Laptops Completely Disable Intel's Management Engine". Oct nineteen, 2017.
90. ^ "System76 ME Firmware Updates Program". System76 Blog.
91. ^ "Dell Sells PCs without Intel'southward Management Engine, but with Tradeoffs". ExtremeTech.com.
92. ^ online, heise. "Dell schaltet Intel Direction Engine in Spezial-Notebooks ab". heise online.
93. ^ "Dell Latitude 14 Rugged — 5414 Series Owner'due south Transmission". Dell.com.
94. ^ "TUXEDO deaktiviert Intels Management Engine - TUXEDO Computers". www.tuxedocomputers.com . Retrieved February seven, 2021.
95. ^ "NitroPC - Powerful and Secure Mini PC". www.nitrokey.com . Retrieved Dec 8, 2021.
96. ^ "AMD Reportedly Allows Disabling PSP Secure Processor With Latest AGESA - Phoronix". Phoronix.com. December 7, 2017. Retrieved April 16, 2019.

External links [edit]

• Intel-SA-00086 security vulnerability detection tool
• Slides by Igor Skochinsky:
  • Secret of Intel Management Engine
  • Rootkit in your laptop: Hidden code in your chipset and how to detect what exactly it does

Share this post