Oops! Security fears about Intel Processors could be realised

Possible Intel flaws

Several research groups have found security vulnerabilities in the Intel Management Engine (ME), which could allow for a targeted computer to be taken over by a potential hacker.

Intel released a security advisory on 20th November confirming that its ME, remote server management tool Server Platform Services (SPS), and hardware authentication tool Trusted Execution Engine (TXE) are vulnerable to multiple security problems.

The announcement came following a full security-audit of their ME, SPS and TXE (hooray, a company that are checking their systems!)

A computer within a computer

The main issue discussed with this security advisory is the focus on their ME. This is because the ME is designed to allow IT administrators to remotely access PCs, workstations and servers within an organisation in order to manage and repair them. The problem comes with the fact that the ME essentially runs separately to the main machine. It means that the computer does not even have to be turned on for the ME to work. It essentially operates as a separate computer, as long as the device is simply connected to a power supply, it may still be possible to gain control of the machine.

The ME has full access to almost all data on the computer, which means that exploiting this flaw could allow for a complete compromise of the platform. As it is almost impossible to disable the ME feature it is hard to protect against these possible vulnerabilities.

Find out if your system is vulnerable

On announcing the flaws in the system, Intel also released a list of affected products they had discovered. In addition, they released a detection tool, which would allow you to check if your system is at risk of being vulnerable. From here it is easier to gain support and ensure your firmware is up to date.

The company have issued patches across several generations of CPUs to address the security vulnerabilities that affected PCs, servers and IoT devices.

We are interested to follow this as investigations continue to develop.

/by