2. Is there a problem?
People who are keen on security and try to avoid risks are noticing it immediately: If there is an underlying second operating system – do we have control over it? How secure is this at all? Is there a way to disable Intel ME and Intel AMT?
To Answer those questions we need to check out if there is a sufficient documentation out there which allows to comprehend all mechanisms and we need to watch out for possible security flaws.
There is an Intel AMT Implementation and Reference Guide out there. It describes the Intel AMT features and how to use the SDK. There is a short passage about how to enable or disable the “Intel AMT Network”. At least some OEM vendors allow to disable iAMT in the BIOS settings (source #04).
The Intel ME BIOS Extension can be accessed through CTRL+P during bootup. The default password is “admin”. There is a User Guide for the Intel ME BIOS Extension but there is no option for disabling Intel ME – just changing some parameters and configuring the iAMT.
That means the status of the underlying Intel ME can’t be changed. There is no source code availabe and according Intel will never be. Usually there are two reasons for that: The code is entirely kept secret due to the ownership of intellectual property – or the code doesn’t belong to Intel at all. In fact scientists found out recently, that the Intel ME firmware seems to be based on Andrew S. Tanenbaum’s Minix (source #06), which has been released under BSD license.
So as far as we know the Intel ME can’t be disabled at all. In addition there is no documentation available. We can draw the conclustion that nobody knows how this subsystem operates. As a matter of fact we have no control over it and are not able to influence its behaviour. In cybersecurity terms such a thing is called a blackbox and there is only one way to find out more about it: investigative testing.
2.2 Security vulnerabilities and exploits
Please refer to a list of known vulnerabilities to get a more detailed picture about Intel ME’s security. Just to mention some of them:
- Ring-3 rootkit
- Zero-touch provisioning
- SA-00075/ Silent Bob is Silent
This management engine is definitely running. The lack of an ordinary documentation leads inevitable to security holes which represent a not only potentional but and proven risk to data and computer security.