• Home
  • Laptops
  • Laptops News
  • Intel Management Engine Vulnerability Exposes Millions of PCs to Undetectable Attacks, Claims Security Firm

Intel Management Engine Vulnerability Exposes Millions of PCs to Undetectable Attacks, Claims Security Firm

Share on Facebook Tweet Snapchat Share Reddit Comment
Intel Management Engine Vulnerability Exposes Millions of PCs to Undetectable Attacks, Claims Security Firm
  • Intel's Management Engine is a microcontroller in PC motherboard chipsets
  • Intel recently switched to the embedded Minix operating system
  • It can be bridged to the USB subsystem allowing remote access

Security research firm Positive Technologies has said it will demonstrate an exploit that allows the running of arbitrary unsigned code on any PC with an Intel 6th Gen 'Skylake' Core CPU or later. The security hole exists because of Intel's Management Engine, a tiny microprocessor that exists within the platform controller, or chipset, of every PC motherboard built for Intel processors. The Intel Management Engine (IME) was introduced to allow functions such as remote booting and administration, but it also handles the initialisation of the CPU and its power management. It has long been suspected that the IME allows for undetectable backdoors that governments and other agencies can use to spy on users, but has been difficult to disable because of its deep low-level integration with the system.

Positive Technologies is set to reveal its findings at the annual Black Hat Europe conference for the IT security industry, which will begin on December 4 this year. According to the company, researchers have been able to introduce any code and execute it thanks to a design decision that connects the IME to a PC's USB subsystem to enable a debugging mechanism. It is already referring to the flaw as a "God-mode" hack because of its severity and scope.

Resesarchers have also been able to access the IME firmware, potentially allowing them to detect and exploit extremely low-level vulnerabilities.

The IME is completely transparent to PC users and their operating systems, operating on a much lower level. Users will have no way to detect that the IME has been compromised. Since the Skylake generation, Intel has been using the open-source Minix embedded operating system for IME functions, a decision that is partly responsible for the existence of this security hole.

Earlier this year, it was discovered that remote administration of the IME was possible without a password. This has since been rectified, but affected PCs need to have their motherboard firmware flashed in order to fix it, which most people are unlikely ever to do.


For the latest tech news and reviews, follow Gadgets 360 on Twitter, Facebook, and Google News. For the latest videos on gadgets and tech, subscribe to our YouTube channel.

Jamshed Avari has been working in tech journalism as a writer, editor and reviewer for over 13 years. He has reviewed hundreds of products ranging from smartphones and tablets to PC components and accessories, and has also written guides, feature articles, news and analyses. Going beyond simple ratings and specifications, he digs deep into how emerging products and services affect actual users, and what marks they leave on our cultural landscape. He's happiest when something new comes ...More

Doom Nintendo Switch Review
Gionee M7 Power India Launch Set for November 15, Sports 5000mAh Battery

Related Stories




© Copyright Red Pixels Ventures Limited 2021. All rights reserved.
Listen to the latest songs, only on JioSaavn.com