Sign in / up

back to article Intel ME controller chip has secret kill switch

Security researchers at London-based Positive Technologies have identified an undocumented configuration setting that disables Intel Management Engine 11, a CPU control mechanism that has been described as a security risk. Intel's ME consists of a microcontroller that works with the Platform Controller Hub chip, in conjunction …

COMMENTS

Post your comment
House rules Send corrections
Add to 'My topics' unstar *

Page:

          1. jake Silver badge
            Reply Icon

            Re: architectures that I can trust

            When I use my abacus, I can't turn my back on it for even a minute. If I do, one of the cats invariably uses it as a toy. The Wife says they aren't playing, they are plotting world domination, and I should keep the tools stowed when I'm not using them ...

            2 0 Reply
  2. Destroy All Monsters Silver badge
    Windows

    "High Assurance Platform"

    That means someone is getting the "Low Assurance Platform".

    That's you.

    "You can't turn off the telescreen if not inner party member, prole!"

    24 0 Reply
  3. Denarius
    Unhappy

    repeating it gain

    See Reflections on Trusting Trust Proceedings of ACM. Also explains why the Chinese were correct in their assumptions that western hardware was intrinsically insecure and created their own silicon.

    However it is known that their consumer phones also have interesting additions if run inside the Middle kingdom. Such as full remote control

    Now where was that 486 motherboard ?

    17 0 Reply
    1. kuiash
      Reply Icon

      Re: repeating it gain

      Any irony there would be that "the West" would not trust the Chinese hardware for the same reasons... and they'd be right too...

      Sheesh.

      10 0 Reply
  4. DagD

    To be fixed in the next patch

    "We are quite sure that Intel ME is unable to exit this mode because we have not found code capable of doing so in the RBE, KERNEL, and SYSLIB modules." (quote taken from original Positive Technologies post)

    count on an NSA patch to this oversight in future releases.

    8 0 Reply
  5. Anonymous Coward
    Windows

    No, seriously!

    I expect the next release of Windows 10 will allow HAP to be disabled as one of MSFT's many initiatives to ensure personal privacy

    0 6 Reply
  6. Anonymous Coward
    Anonymous Coward

    Gives new meaning to Back Orifice.

    And I'm not happy either.

    Now you need to rethink firewall strategies etc.

    3 0 Reply
  7. Anonymous South African Coward Bronze badge
    Trollface

    Maybe start using ReactOS or WinNT4?

    3 0 Reply
  8. Anonymous Coward
    Anonymous Coward

    saferer

    it looks more and more like '98/XP systems from 10+ years ago (with a good firewall) are safer than anything today :/ all that money I could have saved.

    2 0 Reply
    1. Anonymous Coward
      Reply Icon
      Anonymous Coward

      Re: saferer

      And if THEY were compromised in secret? Suppose we learn the TLAs were secretly compromising chips as far back as the 80s?

      2 0 Reply
  9. Anonymous Coward
    Anonymous Coward

    Good to hear that Dmitry Sklyarov is still giving the powers that be a headache or two.

    8 0 Reply
    1. Woodnag
      Reply Icon

      Since Adobe sicked USG on him that time for doing lawful engineering in Russia, oh yes, I'm sure he's not feeling overly incentivized to conceal USG secrets.

      10 0 Reply
  10. John Sanders
    Linux

    Let's reimplement

    The Motorola 68k using a fast FPGA, at least the assembler is enjoyable.

    We can run AmigaOS or Linux in it...

    We're toasted...

    2 0 Reply
    1. Anonymous Coward
      Reply Icon
      Black Helicopters

      Re: Let's reimplement

      Aside from any efforts in that direction, I'm also looking at the various other retro-computers out there, e.g. Spectrum Next, for offline encryption/decryption to be connected to my inner network by a data-diode. There's a bunch of us tucked here and there looking at the problem.

      In any case, bringing back mi Amiga would be justification enough ;-).

      1 0 Reply
  11. Hans 1
    Boffin

    Irony ?

    A bunch of nerds discuss the vulnerability of Intel ME, yet, all are very happy running proprietary OS filled with binary blobs even the purveyors of said OS' don't know what they are doing ... especially hardware drivers ...

    Hilarious.

    Listen, if you run Windows or macOS, then your opinion on security simply does not count - it sadly IS as simple as that.

    OpenHardware, heard of it ? We need hardware experts, we need crowd funding ... we want a laptop with, octa-core ARM chips, accepting DDR4 SO-DIMM's say 64 or even 128Gb max and PCI lanes for graphics, ssd etc no proprietary binary blobs anywhere with Linux support ... a system one can trust

    3 1 Reply
    1. jake Silver badge
      Reply Icon

      Re: Irony ?

      All run a proprietary OS? That's a mighty broad brush you paint with, sir.

      4 0 Reply
      1. Hans 1
        Reply Icon

        Re: Irony ?

        All run a proprietary OS? That's a mighty broad brush you paint with, sir.

        Point taken, slightly exaggerated ... ;-)

        As for the others talking OpenBSD, note, BSD fanboy here, you have no clue. You get Debian without the non-free repos, well, you get free drivers. FreeBSD, BTW, is quite the same ... OpenBSD just has better default settings (more restrictive, takes know-how to use) ... what was it, one OpenBSD CVE in 20 years with the default settings ? Something like that, maybe two, I have not looked in a long time ... compare that to several dozens of CVE's every single month for Windows, because IE and a hell of other BS is built-in, even in server editions (Ok, not nano ... but try and install non-MS software on that ... good luck!) ... also, in Windows, hardware drivers are provided by manufacturers, so they do not count towards the Windows CVE list ...

        macOS has decent Unix userspace, yet, proprietary, so as unsafe as Windows, by definition.

        2 0 Reply
        1. Anonymous Coward
          Reply Icon
          Anonymous Coward

          Re: Irony ?

          Truth is, nothing can ever really be safe as long as it's made by man. Think: both Heartbleed and Shellshock were serious exploits in open-source software.

          0 0 Reply
    2. Anonymous Coward
      Reply Icon
      Anonymous Coward

      Re: Irony ?

      @ Hans 1

      maybe running OpenBSD?

      No OS is perfect, but I think that group does more to fix and or replace insecure or buggy code than any other.

      1 0 Reply
      1. Charles 9
        Reply Icon

        Re: Irony ?

        OK, so what graphics manufacturer do you trust. ALL of them IINM release their state of the art as blobs because they're all in competition with each other and don't want to Give Information To The Enemy. Any manufacturer you could find that is willing to divulge probably isn't sought out for its performance, meaning your graphics are going to be seriously underpowered.

        2 1 Reply
    3. BinkyTheMagicPaperclip Silver badge
      Reply Icon

      Re: Irony ?

      Crowd funding has been tried. No-one cares. They want cheap and fast hardware.

      You can run OpenBSD and be guaranteed a blob free operating system.

      However, what it still has is binary firmware uploaded to the hardware - because the hardware is non functional without it.

      Graphics adapters are probably the worst offenders in opaque hardware. They all require firmware blobs, and interfaces are not always entirely open. It has been tried crowd funding a completely open low end GPU design, and the funding failed (funding a high end competitive GPU is a non starter, remember Matrox failed to keep up and reverted to its niche market).

      In an ideal world ARM would be a decent alternative, but it's actually often even worse than x86 for openness.

      2 0 Reply
      1. jake Silver badge
        Reply Icon

        Re: Irony ?

        Graphics? For security? Well, there's your problem.

        Sometimes I go a week or more without turning on a display more complex than a Wyse 50 or IBM 3152.

        0 1 Reply
        1. Charles 9
          Reply Icon

          Re: Irony ?

          Last I checked, though, those systems can't run Crysis or any of its sequels. So what now?

          0 1 Reply
          1. jake Silver badge
            Reply Icon

            Re: Irony ?

            Frankly, who the fuck cares? When I have the time to fritter away on computer games, I bake pie instead.

            0 1 Reply
            1. Charles 9
              Reply Icon

              Re: Irony ?

              Quite a few people, actually, given gaming is one of the few things that keeps the likes of nVidia and AMD busy. You're just in the minority, which us part of the problem. As noted, the unwashed masses will willingly give up security for performance and value. We frankly need a better human being first.

              0 1 Reply
        2. Hans 1
          Reply Icon

          Re: Irony ?

          Graphics? For security? Well, there's your problem.

          Well, I agree, totally open hardware well performing graphics is a problem ... yet, without graphics, how do you use a browser ? I know, lynx, curl ... tedious ... that was part of my point ... we need totally open graphics, hence my call ... we can do it!

          As for the gamers, I thought we were grown-ups, here ... of course, we will need to cater for the youth, later ... I am sure, if you look at GNU/Linux, we should be able to do it!

          0 0 Reply
          1. Charles 9
            Reply Icon

            Re: Irony ?

            "Well, I agree, totally open hardware well performing graphics is a problem ... yet, without graphics, how do you use a browser ? I know, lynx, curl ... tedious ... that was part of my point ... we need totally open graphics, hence my call ... we can do it!"

            As one commenter noted, no we can't. It's been tried already. People just aren't that interested in security when it interferes with productivity. Why do you think "hoop jumping" has such a negative connotivity? Get in the way of people's jobs and people will find a way around you. It's practically part of the human condition.

            0 1 Reply
    4. phuzz Silver badge
      Reply Icon

      Re: Irony ?

      Well, given the readership of elReg, a lot of us here probably rely on a management systems like Intel ME to do our jobs.

      Only we have to pay extra for it and it's called iLO or DRAC.

      0 0 Reply
      1. GreenReaper
        Reply Icon
        Trollface

        Re: Irony ?

        Huawei's iBMC comes included, with love from Shenzhen!

        No nickle-and-diming you over VNC - there's even a shared mode...

        0 0 Reply
  12. thomn8r

    Intel does not and will not design backdoors for access into its products. [...] Intel does not participate in any efforts to decrease security of its technology.

    Technically this is correct: this function has been outsourced to the NSA

    1 1 Reply
  13. Anonymous Coward
    Anonymous Coward

    Sue sue sue

    Class action lawsuit everyone!

    0 0 Reply

Page:

POST COMMENT House rules

Not a member of The Register? Create a new account here.

Forgotten password ?

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like